diff options
| author | Vladimir Glazounov <vg@openoffice.org> | 2009-01-22 17:14:08 +0000 |
|---|---|---|
| committer | Vladimir Glazounov <vg@openoffice.org> | 2009-01-22 17:14:08 +0000 |
| commit | e57e55b1aa43ac626891d3ccfa185bf623b16ddf (patch) | |
| tree | bb41dce98dd9746a2e3359a1fa9f9b88fc3e9a1e /libxmlsec | |
| parent | b12b88e2d9e3bfe8f6085ee583658c7e71018f16 (diff) | |
#i10000# missing changes from jl111
Diffstat (limited to 'libxmlsec')
| -rw-r--r-- | libxmlsec/xmlsec1-1.2.6.patch | 32871 |
1 files changed, 15350 insertions, 17521 deletions
diff --git a/libxmlsec/xmlsec1-1.2.6.patch b/libxmlsec/xmlsec1-1.2.6.patch index 8005fb5b2b5e..eb5153d99a18 100644 --- a/libxmlsec/xmlsec1-1.2.6.patch +++ b/libxmlsec/xmlsec1-1.2.6.patch @@ -1,17534 +1,15363 @@ -*** misc/xmlsec1-1.2.6/apps/Makefile.in Thu Aug 26 08:00:30 2004 ---- misc/build/xmlsec1-1.2.6/apps/Makefile.in Fri May 11 14:47:19 2007 -*************** -*** 370,376 **** - $(CRYPTO_DEPS) \ - $(NULL) - -! all: all-am - - .SUFFIXES: - .SUFFIXES: .c .lo .o .obj ---- 370,376 ---- - $(CRYPTO_DEPS) \ - $(NULL) - -! all: - - .SUFFIXES: - .SUFFIXES: .c .lo .o .obj -*** misc/xmlsec1-1.2.6/configure Thu Aug 26 08:00:34 2004 ---- misc/build/xmlsec1-1.2.6/configure Fri May 11 14:47:19 2007 -*************** -*** 463,469 **** - # include <unistd.h> - #endif" - -! ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS' - ac_subst_files='' - - # Initialize some variables set by options. ---- 463,469 ---- - # include <unistd.h> - #endif" - -! ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION MSCRYPTO_CFLAGS MSCRYPTO_LIBS XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS' - ac_subst_files='' - - # Initialize some variables set by options. -*************** -*** 1072,1077 **** ---- 1072,1078 ---- - --with-nss=PFX nss location - --with-nspr=PFX nspr location (needed for NSS) - --with-mozilla-ver=VER mozilla version (alt to --with-nss, --with-nspr) -+ --with-mscrypto try to use mscrypto - --with-html-dir=PATH path to installed docs - - Some influential environment variables: -*************** -*** 2045,2052 **** - - ac_ext=c - ac_cpp='$CPP $CPPFLAGS' -! ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -! ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' - ac_compiler_gnu=$ac_cv_c_compiler_gnu - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. ---- 2046,2053 ---- - - ac_ext=c - ac_cpp='$CPP $CPPFLAGS' -! ac_compile='$CC -c $ADDCFLAGS $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -! ac_link='$CC -o conftest$ac_exeext $ADDCFLAGS $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' - ac_compiler_gnu=$ac_cv_c_compiler_gnu - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -*************** -*** 2698,2712 **** - CFLAGS=$ac_save_CFLAGS - elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then -! CFLAGS="-g -O2" - else -! CFLAGS="-g" - fi - else - if test "$GCC" = yes; then -! CFLAGS="-O2" - else -! CFLAGS= - fi - fi - echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 ---- 2699,2713 ---- - CFLAGS=$ac_save_CFLAGS - elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then -! CFLAGS="$ADDCFLAGS -g -O2" - else -! CFLAGS="$ADDCFLAGS -g" - fi - else - if test "$GCC" = yes; then -! CFLAGS="$ADDCFLAGS -O2" - else -! CFLAGS="$ADDCFLAGS" - fi - fi - echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 -*************** -*** 6350,6360 **** - lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' - ;; - -! beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - -! mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic='-DDLL_EXPORT' ---- 6351,6361 ---- - lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' - ;; - -! beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - -! pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic='-DDLL_EXPORT' -*************** -*** 6409,6415 **** - fi - ;; - -! mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic='-DDLL_EXPORT' ---- 6410,6416 ---- - fi - ;; - -! pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic='-DDLL_EXPORT' -*************** -*** 6752,6758 **** - export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -! archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then ---- 6753,6759 ---- - export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -! archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then -*************** -*** 7778,7784 **** - ;; - - freebsd*) -! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) ---- 7779,7785 ---- - ;; - - freebsd*) -! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) -*************** -*** 9046,9052 **** - ;; - esac - output_verbose_link_cmd='echo' -! archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring' - module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's - archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ---- 9047,9053 ---- - ;; - esac - output_verbose_link_cmd='echo' -! archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name @executable_path/$soname $verstring' - module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's - archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' -*************** -*** 10088,10094 **** - enable_shared_with_static_runtimes_CXX=yes - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -! archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then ---- 10089,10095 ---- - enable_shared_with_static_runtimes_CXX=yes - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -! archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then -*************** -*** 10816,10825 **** - # like `-m68040'. - lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' - ;; -! beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; -! mingw* | os2* | pw32*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_CXX='-DDLL_EXPORT' ---- 10817,10826 ---- - # like `-m68040'. - lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' - ;; -! beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; -! os2* | pw32*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_CXX='-DDLL_EXPORT' -*************** -*** 11497,11503 **** - ;; - - freebsd*) -! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) ---- 11498,11504 ---- - ;; - - freebsd*) -! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) -*************** -*** 13259,13269 **** - lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' - ;; - -! beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - -! mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_F77='-DDLL_EXPORT' ---- 13260,13270 ---- - lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' - ;; - -! beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - -! pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_F77='-DDLL_EXPORT' -*************** -*** 13661,13667 **** - export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -! archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then ---- 13662,13668 ---- - export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -! archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then -*************** -*** 14667,14673 **** - ;; - - freebsd*) -! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) ---- 14668,14674 ---- - ;; - - freebsd*) -! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) -*************** -*** 15607,15617 **** - lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' - ;; - -! beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - -! mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' ---- 15608,15618 ---- - lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' - ;; - -! beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - -! pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' -*************** -*** 15666,15672 **** - fi - ;; - -! mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' ---- 15667,15673 ---- - fi - ;; - -! pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' -*************** -*** 16009,16015 **** - export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -! archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then ---- 16010,16016 ---- - export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then -! archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then -*************** -*** 17035,17041 **** - ;; - - freebsd*) -! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) ---- 17036,17042 ---- - ;; - - freebsd*) -! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) -*************** -*** 24598,24604 **** - fi - - LIBXML_MIN_VERSION="2.4.2" -! LIBXML_CONFIG="xml2-config" - LIBXML_CFLAGS="" - LIBXML_LIBS="" - LIBXML_FOUND="no" ---- 24599,24605 ---- - fi - - LIBXML_MIN_VERSION="2.4.2" -! LIBXML_CONFIG="./libxml2-config" - LIBXML_CFLAGS="" - LIBXML_LIBS="" - LIBXML_FOUND="no" -*************** -*** 25678,25689 **** - - XMLSEC_NO_NSS="1" - MOZILLA_MIN_VERSION="1.4" - NSS_MIN_VERSION="3.2" - NSPR_MIN_VERSION="4.0" - NSS_CFLAGS="" - NSS_LIBS="" -! NSS_LIBS_LIST="-lnss3 -lsmime3" -! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" - NSS_CRYPTO_LIB="$PACKAGE-nss" - NSS_FOUND="no" - ---- 25679,25704 ---- - - XMLSEC_NO_NSS="1" - MOZILLA_MIN_VERSION="1.4" -+ if test "z$MOZ_FLAVOUR" = "zfirefox" ; then -+ MOZILLA_MIN_VERSION="1.0" -+ fi - NSS_MIN_VERSION="3.2" - NSPR_MIN_VERSION="4.0" - NSS_CFLAGS="" - NSS_LIBS="" -! -! case $host_os in -! cygwin* | mingw* | pw32*) -! NSS_LIBS_LIST="-lnss3 -lsmime3" -! NSPR_LIBS_LIST="-lnspr4" -! ;; -! -! *) -! NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" -! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" -! ;; -! esac -! - NSS_CRYPTO_LIB="$PACKAGE-nss" - NSS_FOUND="no" - -*************** -*** 25766,25788 **** - else - PKG_CONFIG_MIN_VERSION=0.9.0 - if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then -! echo "$as_me:$LINENO: checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" >&5 -! echo $ECHO_N "checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 - -! if $PKG_CONFIG --exists "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" ; then - echo "$as_me:$LINENO: result: yes" >&5 - echo "${ECHO_T}yes" >&6 - succeeded=yes - - echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 - echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 -! NSS_CFLAGS=`$PKG_CONFIG --cflags "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` - echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 - echo "${ECHO_T}$NSS_CFLAGS" >&6 - - echo "$as_me:$LINENO: checking NSS_LIBS" >&5 - echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 -! NSS_LIBS=`$PKG_CONFIG --libs "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` - echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 - echo "${ECHO_T}$NSS_LIBS" >&6 - else ---- 25781,25803 ---- - else - PKG_CONFIG_MIN_VERSION=0.9.0 - if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then -! echo "$as_me:$LINENO: checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" >&5 -! echo $ECHO_N "checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 - -! if $PKG_CONFIG --exists "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" ; then - echo "$as_me:$LINENO: result: yes" >&5 - echo "${ECHO_T}yes" >&6 - succeeded=yes - - echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 - echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 -! NSS_CFLAGS=`$PKG_CONFIG --cflags "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` - echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 - echo "${ECHO_T}$NSS_CFLAGS" >&6 - - echo "$as_me:$LINENO: checking NSS_LIBS" >&5 - echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 -! NSS_LIBS=`$PKG_CONFIG --libs "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` - echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 - echo "${ECHO_T}$NSS_LIBS" >&6 - else -*************** -*** 25790,25796 **** - NSS_LIBS="" - ## If we have a custom action on failure, don't print errors, but - ## do set a variable so people can do so. -! NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` - - fi - ---- 25805,25811 ---- - NSS_LIBS="" - ## If we have a custom action on failure, don't print errors, but - ## do set a variable so people can do so. -! NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` - - fi - -*************** -*** 25808,25813 **** ---- 25822,25929 ---- - NSS_FOUND=no - fi - -+ echo "$as_me:$LINENO: result: $NSS_FOUND" >&5 -+ echo "${ECHO_T}$NSS_FOUND" >&6 -+ if test "z$NSS_FOUND" = "zno" ; then -+ -+ succeeded=no -+ -+ if test -z "$PKG_CONFIG"; then -+ # Extract the first word of "pkg-config", so it can be a program name with args. -+ set dummy pkg-config; ac_word=$2 -+ echo "$as_me:$LINENO: checking for $ac_word" >&5 -+ echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 -+ if test "${ac_cv_path_PKG_CONFIG+set}" = set; then -+ echo $ECHO_N "(cached) $ECHO_C" >&6 -+ else -+ case $PKG_CONFIG in -+ [\\/]* | ?:[\\/]*) -+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. -+ ;; -+ *) -+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+ for as_dir in $PATH -+ do -+ IFS=$as_save_IFS -+ test -z "$as_dir" && as_dir=. -+ for ac_exec_ext in '' $ac_executable_extensions; do -+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -+ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" -+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 -+ break 2 -+ fi -+ done -+ done -+ -+ test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no" -+ ;; -+ esac -+ fi -+ PKG_CONFIG=$ac_cv_path_PKG_CONFIG -+ -+ if test -n "$PKG_CONFIG"; then -+ echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 -+ echo "${ECHO_T}$PKG_CONFIG" >&6 -+ else -+ echo "$as_me:$LINENO: result: no" >&5 -+ echo "${ECHO_T}no" >&6 -+ fi -+ -+ fi -+ -+ if test "$PKG_CONFIG" = "no" ; then -+ echo "*** The pkg-config script could not be found. Make sure it is" -+ echo "*** in your path, or set the PKG_CONFIG environment variable" -+ echo "*** to the full path to pkg-config." -+ echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." -+ else -+ PKG_CONFIG_MIN_VERSION=0.9.0 -+ if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then -+ echo "$as_me:$LINENO: checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" >&5 -+ echo $ECHO_N "checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION... $ECHO_C" >&6 -+ -+ if $PKG_CONFIG --exists "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" ; then -+ echo "$as_me:$LINENO: result: yes" >&5 -+ echo "${ECHO_T}yes" >&6 -+ succeeded=yes -+ -+ echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 -+ echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 -+ NSS_CFLAGS=`$PKG_CONFIG --cflags "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` -+ echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 -+ echo "${ECHO_T}$NSS_CFLAGS" >&6 -+ -+ echo "$as_me:$LINENO: checking NSS_LIBS" >&5 -+ echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 -+ NSS_LIBS=`$PKG_CONFIG --libs "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` -+ echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 -+ echo "${ECHO_T}$NSS_LIBS" >&6 -+ else -+ NSS_CFLAGS="" -+ NSS_LIBS="" -+ ## If we have a custom action on failure, don't print errors, but -+ ## do set a variable so people can do so. -+ NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` -+ -+ fi -+ -+ -+ -+ else -+ echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." -+ echo "*** See http://www.freedesktop.org/software/pkgconfig" -+ fi -+ fi -+ -+ if test $succeeded = yes; then -+ NSS_FOUND=yes -+ else -+ NSS_FOUND=no -+ fi -+ -+ echo "$as_me:$LINENO: result: $NSS_FOUND" >&5 -+ echo "${ECHO_T}$NSS_FOUND" >&6 -+ fi - fi - - if test "z$NSS_FOUND" = "zno" ; then -*************** -*** 25817,25824 **** - ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION - fi - -! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" -! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" - - echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 - echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 ---- 25832,25839 ---- - ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION - fi - -! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" -! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" - - echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 - echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 -*************** -*** 25853,25860 **** - done - - for dir in $ac_nss_lib_dir ; do -! if test -f $dir/libnspr4.so ; then -! if test "z$dir" = "z/usr/lib" ; then - NSPR_LIBS="$NSPR_LIBS_LIST" - else - if test "z$with_gnu_ld" = "zyes" ; then ---- 25868,25878 ---- - done - - for dir in $ac_nss_lib_dir ; do -! case $host_os in -! cygwin* | mingw* | pw32*) -! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then -! dnl do not add -L/usr/lib because compiler does it anyway -! if test "z$dir" = "z/usr/lib" ; then - NSPR_LIBS="$NSPR_LIBS_LIST" - else - if test "z$with_gnu_ld" = "zyes" ; then -*************** -*** 25865,25871 **** - fi - NSPR_LIBS_FOUND="yes" - break -! fi - done - fi - ---- 25883,25908 ---- - fi - NSPR_LIBS_FOUND="yes" - break -! fi -! ;; -! -! *) -! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then -! dnl do not add -L/usr/lib because compiler does it anyway -! if test "z$dir" = "z/usr/lib" ; then -! NSPR_LIBS="$NSPR_LIBS_LIST" -! else -! if test "z$with_gnu_ld" = "zyes" ; then -! NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" -! else -! NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" -! fi -! fi -! NSPR_LIBS_FOUND="yes" -! break -! fi -! ;; -! esac - done - fi - -*************** -*** 25939,25946 **** - done - - for dir in $ac_nss_lib_dir ; do -! if test -f $dir/libnss3.so ; then -! if test "z$dir" = "z/usr/lib" ; then - NSS_LIBS="$NSS_LIBS_LIST" - else - if test "z$with_gnu_ld" = "zyes" ; then ---- 25976,25986 ---- - done - - for dir in $ac_nss_lib_dir ; do -! case $host_os in -! cygwin* | mingw* | pw32*) -! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then -! dnl do not add -L/usr/lib because compiler does it anyway -! if test "z$dir" = "z/usr/lib" ; then - NSS_LIBS="$NSS_LIBS_LIST" - else - if test "z$with_gnu_ld" = "zyes" ; then -*************** -*** 25951,25957 **** - fi - NSS_LIBS_FOUND="yes" - break -! fi - done - fi - ---- 25991,26016 ---- - fi - NSS_LIBS_FOUND="yes" - break -! fi -! ;; -! -! *) -! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then -! dnl do not add -L/usr/lib because compiler does it anyway -! if test "z$dir" = "z/usr/lib" ; then -! NSS_LIBS="$NSS_LIBS_LIST" -! else -! if test "z$with_gnu_ld" = "zyes" ; then -! NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" -! else -! NSS_LIBS="-L$dir $NSS_LIBS_LIST" -! fi -! fi -! NSS_LIBS_FOUND="yes" -! break -! fi -! ;; -! esac - done - fi - -*************** -*** 26004,26009 **** ---- 26063,26074 ---- - fi - fi - -+ case $host_os in -+ darwin*) -+ NSS_LIBS="$NSS_LIBS "`"$PERL" "$SOLARENV/bin/macosx-dylib-link-list.pl" $NSS_LIBS` -+ ;; -+ esac -+ - if test "z$NSS_FOUND" = "zyes" ; then - XMLSEC_NO_NSS="0" - NSS_CFLAGS="$NSS_CFLAGS -DXMLSEC_CRYPTO_NSS=1" -*************** -*** 26037,26042 **** ---- 26102,26210 ---- - - - -+ MSCRYPTO_CFLAGS="" -+ MSCRYPTO_LIBS="" -+ MSCRYPTO_FOUND="no" -+ -+ -+ # Check whether --with-mscrypto or --without-mscrypto was given. -+ if test "${with_mscrypto+set}" = set; then -+ withval="$with_mscrypto" -+ -+ fi; -+ if test "z$with_mscrypto" = "zno" ; then -+ echo "$as_me:$LINENO: checking for MSCRYPTO libraries" >&5 -+ echo $ECHO_N "checking for MSCRYPTO libraries... $ECHO_C" >&6 -+ echo "$as_me:$LINENO: result: no" >&5 -+ echo "${ECHO_T}no" >&6 -+ MSCRYPTO_FOUND="without" -+ else -+ ac_mscrypto_lib_dir="${PSDK_HOME}/lib" -+ ac_mscrypto_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external/mingw/include ${COMPATH}/include ${COMPATH}/include/w32api" -+ echo "$as_me:$LINENO: checking for mscrypto libraries" >&5 -+ echo $ECHO_N "checking for mscrypto libraries... $ECHO_C" >&6 -+ MSCRYPTO_INCLUDES_FOUND="no" -+ MSCRYPTO_LIBS_FOUND="no" -+ WINCRYPT_H="" -+ -+ for dir in $ac_mscrypto_inc_dir ; do -+ if test -f $dir/wincrypt.h ; then -+ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -I$dir" -+ MSCRYPTO_INCLUDES_FOUND="yes" -+ WINCRYPT_H="$dir/wincrypt.h" -+ break -+ fi -+ done -+ -+ for dir in $ac_mscrypto_lib_dir ; do -+ if test -f $dir/crypt32.lib ; then -+ if test "z$with_gnu_ld" = "zyes" ; then -+ MSCRYPTO_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $dir/crypt32.lib" -+ else -+ MSCRYPTO_LIBS="-L$dir $dir/crypt32.lib" -+ fi -+ MSCRYPTO_LIBS_FOUND="yes" -+ break -+ fi -+ done -+ -+ if test "z$MSCRYPTO_INCLUDES_FOUND" = "zyes" -a "z$MSCRYPTO_LIBS_FOUND" = "zyes" ; then -+ OLD_CPPFLAGS=$CPPFLAGS -+ CPPFLAGS="$MSCRYPTO_CFLAGS" -+ cat >conftest.$ac_ext <<_ACEOF -+ /* confdefs.h. */ -+ _ACEOF -+ cat confdefs.h >>conftest.$ac_ext -+ cat >>conftest.$ac_ext <<_ACEOF -+ /* end confdefs.h. */ -+ -+ #include <wincrypt.h> -+ #if defined(_WINCRYPT_H) || defined(__WINCRYPT_H__) -+ yes -+ #endif -+ -+ _ACEOF -+ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ $EGREP "yes" >/dev/null 2>&1; then -+ -+ MSCRYPTO_FOUND=yes -+ -+ else -+ -+ MSCRYPTO_FOUND=no -+ -+ fi -+ rm -f conftest* -+ -+ CPPFLAGS="$OLD_CPPFLAGS" -+ fi -+ -+ if test "z$MSCRYPTO_FOUND" = "zyes" ; then -+ echo "$as_me:$LINENO: result: yes" >&5 -+ echo "${ECHO_T}yes" >&6 -+ else -+ echo "$as_me:$LINENO: result: no" >&5 -+ echo "${ECHO_T}no" >&6 -+ fi -+ -+ fi -+ -+ if test "z$MSCRYPTO_FOUND" = "zyes" ; then -+ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1" -+ -+ if test "z$XMLSEC_CRYPTO" = "z" ; then -+ XMLSEC_CRYPTO="mscrypto" -+ XMLSEC_CRYPTO_LIB="$PACKAGE-mscrypto" -+ XMLSEC_CRYPTO_CFLAGS="$MSCRYPTO_CFLAGS" -+ XMLSEC_CRYPTO_LIBS="$MSCRYPTO_LIBS" -+ fi -+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscrypto" -+ else -+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscrypto" -+ fi -+ -+ -+ - echo "$as_me:$LINENO: checking for crypto library" >&5 - echo $ECHO_N "checking for crypto library... $ECHO_C" >&6 - if test "z$XMLSEC_CRYPTO" = "z" ; then -*************** -*** 26604,26610 **** - done - - -! ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1.spec:xmlsec.spec.in" - cat >confcache <<\_ACEOF - # This file is a shell script that caches the results of configure - # tests run on this system so they can be shared between configure ---- 26772,26778 ---- - done - - -! ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1-mscrypto.pc:xmlsec-mscrypto.pc.in xmlsec1.spec:xmlsec.spec.in" - cat >confcache <<\_ACEOF - # This file is a shell script that caches the results of configure - # tests run on this system so they can be shared between configure -*************** -*** 27521,27526 **** ---- 27689,27696 ---- - s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t - s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t - s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+ s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+ s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t - s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t - s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t - s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -*************** -*** 29231,29236 **** ---- 29401,29408 ---- - s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t - s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t - s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+ s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+ s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t - s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t - s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t - s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -*************** -*** 30941,30946 **** ---- 31113,31120 ---- - s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t - s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t - s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+ s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+ s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t - s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t - s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t - s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -*************** -*** 32653,32658 **** ---- 32827,34550 ---- - s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t - s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t - s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+ s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+ s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t -+ s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t -+ s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t -+ s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -+ s,@XMLSEC_NO_RIPEMD160_TRUE@,$XMLSEC_NO_RIPEMD160_TRUE,;t t -+ s,@XMLSEC_NO_RIPEMD160_FALSE@,$XMLSEC_NO_RIPEMD160_FALSE,;t t -+ s,@XMLSEC_NO_RIPEMD160@,$XMLSEC_NO_RIPEMD160,;t t -+ s,@XMLSEC_NO_HMAC_TRUE@,$XMLSEC_NO_HMAC_TRUE,;t t -+ s,@XMLSEC_NO_HMAC_FALSE@,$XMLSEC_NO_HMAC_FALSE,;t t -+ s,@XMLSEC_NO_HMAC@,$XMLSEC_NO_HMAC,;t t -+ s,@XMLSEC_NO_DSA_TRUE@,$XMLSEC_NO_DSA_TRUE,;t t -+ s,@XMLSEC_NO_DSA_FALSE@,$XMLSEC_NO_DSA_FALSE,;t t -+ s,@XMLSEC_NO_DSA@,$XMLSEC_NO_DSA,;t t -+ s,@XMLSEC_NO_RSA_TRUE@,$XMLSEC_NO_RSA_TRUE,;t t -+ s,@XMLSEC_NO_RSA_FALSE@,$XMLSEC_NO_RSA_FALSE,;t t -+ s,@XMLSEC_NO_RSA@,$XMLSEC_NO_RSA,;t t -+ s,@XMLSEC_NO_X509_TRUE@,$XMLSEC_NO_X509_TRUE,;t t -+ s,@XMLSEC_NO_X509_FALSE@,$XMLSEC_NO_X509_FALSE,;t t -+ s,@XMLSEC_NO_X509@,$XMLSEC_NO_X509,;t t -+ s,@XMLSEC_NO_DES_TRUE@,$XMLSEC_NO_DES_TRUE,;t t -+ s,@XMLSEC_NO_DES_FALSE@,$XMLSEC_NO_DES_FALSE,;t t -+ s,@XMLSEC_NO_DES@,$XMLSEC_NO_DES,;t t -+ s,@XMLSEC_NO_AES_TRUE@,$XMLSEC_NO_AES_TRUE,;t t -+ s,@XMLSEC_NO_AES_FALSE@,$XMLSEC_NO_AES_FALSE,;t t -+ s,@XMLSEC_NO_AES@,$XMLSEC_NO_AES,;t t -+ s,@XMLSEC_NO_XMLDSIG_TRUE@,$XMLSEC_NO_XMLDSIG_TRUE,;t t -+ s,@XMLSEC_NO_XMLDSIG_FALSE@,$XMLSEC_NO_XMLDSIG_FALSE,;t t -+ s,@XMLSEC_NO_XMLDSIG@,$XMLSEC_NO_XMLDSIG,;t t -+ s,@XMLSEC_NO_XMLENC_TRUE@,$XMLSEC_NO_XMLENC_TRUE,;t t -+ s,@XMLSEC_NO_XMLENC_FALSE@,$XMLSEC_NO_XMLENC_FALSE,;t t -+ s,@XMLSEC_NO_XMLENC@,$XMLSEC_NO_XMLENC,;t t -+ s,@XMLSEC_NO_XKMS_TRUE@,$XMLSEC_NO_XKMS_TRUE,;t t -+ s,@XMLSEC_NO_XKMS_FALSE@,$XMLSEC_NO_XKMS_FALSE,;t t -+ s,@XMLSEC_NO_XKMS@,$XMLSEC_NO_XKMS,;t t -+ s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE,;t t -+ s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE,;t t -+ s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING,;t t -+ s,@XMLSEC_DL_INCLUDES@,$XMLSEC_DL_INCLUDES,;t t -+ s,@XMLSEC_DL_LIBS@,$XMLSEC_DL_LIBS,;t t -+ s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE,;t t -+ s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE,;t t -+ s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING,;t t -+ s,@XMLSEC_DOCDIR@,$XMLSEC_DOCDIR,;t t -+ s,@XMLSEC_STATIC_BINARIES@,$XMLSEC_STATIC_BINARIES,;t t -+ s,@XMLSEC_CORE_CFLAGS@,$XMLSEC_CORE_CFLAGS,;t t -+ s,@XMLSEC_CORE_LIBS@,$XMLSEC_CORE_LIBS,;t t -+ s,@XMLSEC_LIBDIR@,$XMLSEC_LIBDIR,;t t -+ s,@XMLSEC_OPENSSL_CFLAGS@,$XMLSEC_OPENSSL_CFLAGS,;t t -+ s,@XMLSEC_OPENSSL_LIBS@,$XMLSEC_OPENSSL_LIBS,;t t -+ s,@XMLSEC_GNUTLS_CFLAGS@,$XMLSEC_GNUTLS_CFLAGS,;t t -+ s,@XMLSEC_GNUTLS_LIBS@,$XMLSEC_GNUTLS_LIBS,;t t -+ s,@XMLSEC_NSS_CFLAGS@,$XMLSEC_NSS_CFLAGS,;t t -+ s,@XMLSEC_NSS_LIBS@,$XMLSEC_NSS_LIBS,;t t -+ s,@XMLSEC_CFLAGS@,$XMLSEC_CFLAGS,;t t -+ s,@XMLSEC_LIBS@,$XMLSEC_LIBS,;t t -+ s,@XMLSEC_DEFINES@,$XMLSEC_DEFINES,;t t -+ s,@XMLSEC_APP_DEFINES@,$XMLSEC_APP_DEFINES,;t t -+ s,@XMLSEC_CRYPTO@,$XMLSEC_CRYPTO,;t t -+ s,@XMLSEC_CRYPTO_LIST@,$XMLSEC_CRYPTO_LIST,;t t -+ s,@XMLSEC_CRYPTO_DISABLED_LIST@,$XMLSEC_CRYPTO_DISABLED_LIST,;t t -+ s,@XMLSEC_CRYPTO_LIB@,$XMLSEC_CRYPTO_LIB,;t t -+ s,@XMLSEC_CRYPTO_CFLAGS@,$XMLSEC_CRYPTO_CFLAGS,;t t -+ s,@XMLSEC_CRYPTO_LIBS@,$XMLSEC_CRYPTO_LIBS,;t t -+ s,@XMLSEC_CRYPTO_PC_FILES_LIST@,$XMLSEC_CRYPTO_PC_FILES_LIST,;t t -+ s,@LIBOBJS@,$LIBOBJS,;t t -+ s,@LTLIBOBJS@,$LTLIBOBJS,;t t -+ CEOF -+ -+ _ACEOF -+ -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ # Split the substitutions into bite-sized pieces for seds with -+ # small command number limits, like on Digital OSF/1 and HP-UX. -+ ac_max_sed_lines=48 -+ ac_sed_frag=1 # Number of current file. -+ ac_beg=1 # First line for current file. -+ ac_end=$ac_max_sed_lines # Line after last line for current file. -+ ac_more_lines=: -+ ac_sed_cmds= -+ while $ac_more_lines; do -+ if test $ac_beg -gt 1; then -+ sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag -+ else -+ sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag -+ fi -+ if test ! -s $tmp/subs.frag; then -+ ac_more_lines=false -+ else -+ # The purpose of the label and of the branching condition is to -+ # speed up the sed processing (if there are no `@' at all, there -+ # is no need to browse any of the substitutions). -+ # These are the two extra sed commands mentioned above. -+ (echo ':t -+ /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed -+ if test -z "$ac_sed_cmds"; then -+ ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" -+ else -+ ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" -+ fi -+ ac_sed_frag=`expr $ac_sed_frag + 1` -+ ac_beg=$ac_end -+ ac_end=`expr $ac_end + $ac_max_sed_lines` -+ fi -+ done -+ if test -z "$ac_sed_cmds"; then -+ ac_sed_cmds=cat -+ fi -+ fi # test -n "$CONFIG_FILES" -+ -+ _ACEOF -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue -+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". -+ case $ac_file in -+ - | *:- | *:-:* ) # input from stdin -+ cat >$tmp/stdin -+ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` -+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; -+ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` -+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; -+ * ) ac_file_in=$ac_file.in ;; -+ esac -+ -+ # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. -+ ac_dir=`(dirname "$ac_file") 2>/dev/null || -+ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$ac_file" : 'X\(//\)[^/]' \| \ -+ X"$ac_file" : 'X\(//\)$' \| \ -+ X"$ac_file" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X"$ac_file" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ { if $as_mkdir_p; then -+ mkdir -p "$ac_dir" -+ else -+ as_dir="$ac_dir" -+ as_dirs= -+ while test ! -d "$as_dir"; do -+ as_dirs="$as_dir $as_dirs" -+ as_dir=`(dirname "$as_dir") 2>/dev/null || -+ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_dir" : 'X\(//\)[^/]' \| \ -+ X"$as_dir" : 'X\(//\)$' \| \ -+ X"$as_dir" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X"$as_dir" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ done -+ test ! -n "$as_dirs" || mkdir $as_dirs -+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 -+ echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} -+ { (exit 1); exit 1; }; }; } -+ -+ ac_builddir=. -+ -+ if test "$ac_dir" != .; then -+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` -+ # A "../" for each directory in $ac_dir_suffix. -+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` -+ else -+ ac_dir_suffix= ac_top_builddir= -+ fi -+ -+ case $srcdir in -+ .) # No --srcdir option. We are building in place. -+ ac_srcdir=. -+ if test -z "$ac_top_builddir"; then -+ ac_top_srcdir=. -+ else -+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` -+ fi ;; -+ [\\/]* | ?:[\\/]* ) # Absolute path. -+ ac_srcdir=$srcdir$ac_dir_suffix; -+ ac_top_srcdir=$srcdir ;; -+ *) # Relative path. -+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix -+ ac_top_srcdir=$ac_top_builddir$srcdir ;; -+ esac -+ -+ # Do not use `cd foo && pwd` to compute absolute paths, because -+ # the directories may not exist. -+ case `pwd` in -+ .) ac_abs_builddir="$ac_dir";; -+ *) -+ case "$ac_dir" in -+ .) ac_abs_builddir=`pwd`;; -+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; -+ *) ac_abs_builddir=`pwd`/"$ac_dir";; -+ esac;; -+ esac -+ case $ac_abs_builddir in -+ .) ac_abs_top_builddir=${ac_top_builddir}.;; -+ *) -+ case ${ac_top_builddir}. in -+ .) ac_abs_top_builddir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; -+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; -+ esac;; -+ esac -+ case $ac_abs_builddir in -+ .) ac_abs_srcdir=$ac_srcdir;; -+ *) -+ case $ac_srcdir in -+ .) ac_abs_srcdir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; -+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; -+ esac;; -+ esac -+ case $ac_abs_builddir in -+ .) ac_abs_top_srcdir=$ac_top_srcdir;; -+ *) -+ case $ac_top_srcdir in -+ .) ac_abs_top_srcdir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; -+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; -+ esac;; -+ esac -+ -+ -+ case $INSTALL in -+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; -+ *) ac_INSTALL=$ac_top_builddir$INSTALL ;; -+ esac -+ -+ if test x"$ac_file" != x-; then -+ { echo "$as_me:$LINENO: creating $ac_file" >&5 -+ echo "$as_me: creating $ac_file" >&6;} -+ rm -f "$ac_file" -+ fi -+ # Let's still pretend it is `configure' which instantiates (i.e., don't -+ # use $as_me), people would be surprised to read: -+ # /* config.h. Generated by config.status. */ -+ if test x"$ac_file" = x-; then -+ configure_input= -+ else -+ configure_input="$ac_file. " -+ fi -+ configure_input=$configure_input"Generated from `echo $ac_file_in | -+ sed 's,.*/,,'` by configure." -+ -+ # First look for the input files in the build tree, otherwise in the -+ # src tree. -+ ac_file_inputs=`IFS=: -+ for f in $ac_file_in; do -+ case $f in -+ -) echo $tmp/stdin ;; -+ [\\/$]*) -+ # Absolute (can't be DOS-style, as IFS=:) -+ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 -+ echo "$as_me: error: cannot find input file: $f" >&2;} -+ { (exit 1); exit 1; }; } -+ echo "$f";; -+ *) # Relative -+ if test -f "$f"; then -+ # Build tree -+ echo "$f" -+ elif test -f "$srcdir/$f"; then -+ # Source tree -+ echo "$srcdir/$f" -+ else -+ # /dev/null tree -+ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 -+ echo "$as_me: error: cannot find input file: $f" >&2;} -+ { (exit 1); exit 1; }; } -+ fi;; -+ esac -+ done` || { (exit 1); exit 1; } -+ _ACEOF -+ cat >>$CONFIG_STATUS <<_ACEOF -+ sed "$ac_vpsub -+ $extrasub -+ _ACEOF -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ :t -+ /@[a-zA-Z_][a-zA-Z_0-9]*@/!b -+ s,@configure_input@,$configure_input,;t t -+ s,@srcdir@,$ac_srcdir,;t t -+ s,@abs_srcdir@,$ac_abs_srcdir,;t t -+ s,@top_srcdir@,$ac_top_srcdir,;t t -+ s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t -+ s,@builddir@,$ac_builddir,;t t -+ s,@abs_builddir@,$ac_abs_builddir,;t t -+ s,@top_builddir@,$ac_top_builddir,;t t -+ s,@abs_top_builddir@,$ac_abs_top_builddir,;t t -+ s,@INSTALL@,$ac_INSTALL,;t t -+ " $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out -+ rm -f $tmp/stdin -+ if test x"$ac_file" != x-; then -+ mv $tmp/out $ac_file -+ else -+ cat $tmp/out -+ rm -f $tmp/out -+ fi -+ -+ done -+ _ACEOF -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ -+ # -+ # CONFIG_HEADER section. -+ # -+ -+ # These sed commands are passed to sed as "A NAME B NAME C VALUE D", where -+ # NAME is the cpp macro being defined and VALUE is the value it is being given. -+ # -+ # ac_d sets the value in "#define NAME VALUE" lines. -+ ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' -+ ac_dB='[ ].*$,\1#\2' -+ ac_dC=' ' -+ ac_dD=',;t' -+ # ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". -+ ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' -+ ac_uB='$,\1#\2define\3' -+ ac_uC=' ' -+ ac_uD=',;t' -+ -+ for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue -+ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". -+ case $ac_file in -+ - | *:- | *:-:* ) # input from stdin -+ cat >$tmp/stdin -+ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` -+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; -+ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` -+ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; -+ * ) ac_file_in=$ac_file.in ;; -+ esac -+ -+ test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 -+ echo "$as_me: creating $ac_file" >&6;} -+ -+ # First look for the input files in the build tree, otherwise in the -+ # src tree. -+ ac_file_inputs=`IFS=: -+ for f in $ac_file_in; do -+ case $f in -+ -) echo $tmp/stdin ;; -+ [\\/$]*) -+ # Absolute (can't be DOS-style, as IFS=:) -+ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 -+ echo "$as_me: error: cannot find input file: $f" >&2;} -+ { (exit 1); exit 1; }; } -+ # Do quote $f, to prevent DOS paths from being IFS'd. -+ echo "$f";; -+ *) # Relative -+ if test -f "$f"; then -+ # Build tree -+ echo "$f" -+ elif test -f "$srcdir/$f"; then -+ # Source tree -+ echo "$srcdir/$f" -+ else -+ # /dev/null tree -+ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 -+ echo "$as_me: error: cannot find input file: $f" >&2;} -+ { (exit 1); exit 1; }; } -+ fi;; -+ esac -+ done` || { (exit 1); exit 1; } -+ # Remove the trailing spaces. -+ sed 's/[ ]*$//' $ac_file_inputs >$tmp/in -+ -+ _ACEOF -+ -+ # Transform confdefs.h into two sed scripts, `conftest.defines' and -+ # `conftest.undefs', that substitutes the proper values into -+ # config.h.in to produce config.h. The first handles `#define' -+ # templates, and the second `#undef' templates. -+ # And first: Protect against being on the right side of a sed subst in -+ # config.status. Protect against being in an unquoted here document -+ # in config.status. -+ rm -f conftest.defines conftest.undefs -+ # Using a here document instead of a string reduces the quoting nightmare. -+ # Putting comments in sed scripts is not portable. -+ # -+ # `end' is used to avoid that the second main sed command (meant for -+ # 0-ary CPP macros) applies to n-ary macro definitions. -+ # See the Autoconf documentation for `clear'. -+ cat >confdef2sed.sed <<\_ACEOF -+ s/[\\&,]/\\&/g -+ s,[\\$`],\\&,g -+ t clear -+ : clear -+ s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp -+ t end -+ s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp -+ : end -+ _ACEOF -+ # If some macros were called several times there might be several times -+ # the same #defines, which is useless. Nevertheless, we may not want to -+ # sort them, since we want the *last* AC-DEFINE to be honored. -+ uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines -+ sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs -+ rm -f confdef2sed.sed -+ -+ # This sed command replaces #undef with comments. This is necessary, for -+ # example, in the case of _POSIX_SOURCE, which is predefined and required -+ # on some systems where configure will not decide to define it. -+ cat >>conftest.undefs <<\_ACEOF -+ s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, -+ _ACEOF -+ -+ # Break up conftest.defines because some shells have a limit on the size -+ # of here documents, and old seds have small limits too (100 cmds). -+ echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS -+ echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS -+ echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS -+ echo ' :' >>$CONFIG_STATUS -+ rm -f conftest.tail -+ while grep . conftest.defines >/dev/null -+ do -+ # Write a limited-size here document to $tmp/defines.sed. -+ echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS -+ # Speed up: don't consider the non `#define' lines. -+ echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS -+ # Work around the forget-to-reset-the-flag bug. -+ echo 't clr' >>$CONFIG_STATUS -+ echo ': clr' >>$CONFIG_STATUS -+ sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS -+ echo 'CEOF -+ sed -f $tmp/defines.sed $tmp/in >$tmp/out -+ rm -f $tmp/in -+ mv $tmp/out $tmp/in -+ ' >>$CONFIG_STATUS -+ sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail -+ rm -f conftest.defines -+ mv conftest.tail conftest.defines -+ done -+ rm -f conftest.defines -+ echo ' fi # grep' >>$CONFIG_STATUS -+ echo >>$CONFIG_STATUS -+ -+ # Break up conftest.undefs because some shells have a limit on the size -+ # of here documents, and old seds have small limits too (100 cmds). -+ echo ' # Handle all the #undef templates' >>$CONFIG_STATUS -+ rm -f conftest.tail -+ while grep . conftest.undefs >/dev/null -+ do -+ # Write a limited-size here document to $tmp/undefs.sed. -+ echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS -+ # Speed up: don't consider the non `#undef' -+ echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS -+ # Work around the forget-to-reset-the-flag bug. -+ echo 't clr' >>$CONFIG_STATUS -+ echo ': clr' >>$CONFIG_STATUS -+ sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS -+ echo 'CEOF -+ sed -f $tmp/undefs.sed $tmp/in >$tmp/out -+ rm -f $tmp/in -+ mv $tmp/out $tmp/in -+ ' >>$CONFIG_STATUS -+ sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail -+ rm -f conftest.undefs -+ mv conftest.tail conftest.undefs -+ done -+ rm -f conftest.undefs -+ -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ # Let's still pretend it is `configure' which instantiates (i.e., don't -+ # use $as_me), people would be surprised to read: -+ # /* config.h. Generated by config.status. */ -+ if test x"$ac_file" = x-; then -+ echo "/* Generated by configure. */" >$tmp/config.h -+ else -+ echo "/* $ac_file. Generated by configure. */" >$tmp/config.h -+ fi -+ cat $tmp/in >>$tmp/config.h -+ rm -f $tmp/in -+ if test x"$ac_file" != x-; then -+ if diff $ac_file $tmp/config.h >/dev/null 2>&1; then -+ { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 -+ echo "$as_me: $ac_file is unchanged" >&6;} +--- misc/xmlsec1-1.2.6/apps/Makefile.in 2004-08-26 08:00:30.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/apps/Makefile.in 2008-06-29 23:44:19.000000000 +0200 +@@ -370,7 +370,7 @@ + $(CRYPTO_DEPS) \ + $(NULL) + +-all: all-am ++all: + + .SUFFIXES: + .SUFFIXES: .c .lo .o .obj +--- misc/xmlsec1-1.2.6/configure 2004-08-26 08:00:34.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/configure 2008-06-29 23:44:19.000000000 +0200 +@@ -463,7 +463,7 @@ + # include <unistd.h> + #endif" + +-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS' ++ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION MSCRYPTO_CFLAGS MSCRYPTO_LIBS XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS' + ac_subst_files='' + + # Initialize some variables set by options. +@@ -1072,6 +1072,7 @@ + --with-nss=PFX nss location + --with-nspr=PFX nspr location (needed for NSS) + --with-mozilla-ver=VER mozilla version (alt to --with-nss, --with-nspr) ++ --with-mscrypto try to use mscrypto + --with-html-dir=PATH path to installed docs + + Some influential environment variables: +@@ -2045,8 +2046,8 @@ + + ac_ext=c + ac_cpp='$CPP $CPPFLAGS' +-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ++ac_compile='$CC -c $ADDCFLAGS $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ++ac_link='$CC -o conftest$ac_exeext $ADDCFLAGS $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' + ac_compiler_gnu=$ac_cv_c_compiler_gnu + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +@@ -2698,15 +2699,15 @@ + CFLAGS=$ac_save_CFLAGS + elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then +- CFLAGS="-g -O2" ++ CFLAGS="$ADDCFLAGS -g -O2" + else +- CFLAGS="-g" ++ CFLAGS="$ADDCFLAGS -g" + fi + else + if test "$GCC" = yes; then +- CFLAGS="-O2" ++ CFLAGS="$ADDCFLAGS -O2" + else +- CFLAGS= ++ CFLAGS="$ADDCFLAGS" + fi + fi + echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 +@@ -6350,11 +6351,11 @@ + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + +- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) ++ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + +- mingw* | pw32* | os2*) ++ pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' +@@ -6409,7 +6410,7 @@ + fi + ;; + +- mingw* | pw32* | os2*) ++ pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' +@@ -6752,7 +6753,7 @@ + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then +- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' ++ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then +@@ -7778,7 +7779,7 @@ + ;; + + freebsd*) +- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` ++ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) +@@ -9046,7 +9047,7 @@ + ;; + esac + output_verbose_link_cmd='echo' +- archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring' ++ archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name @executable_path/$soname $verstring' + module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's + archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' +@@ -10088,7 +10089,7 @@ + enable_shared_with_static_runtimes_CXX=yes + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then +- archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' ++ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then +@@ -10816,10 +10817,10 @@ + # like `-m68040'. + lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' + ;; +- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) ++ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; +- mingw* | os2* | pw32*) ++ os2* | pw32*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_CXX='-DDLL_EXPORT' +@@ -11497,7 +11498,7 @@ + ;; + + freebsd*) +- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` ++ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) +@@ -13259,11 +13260,11 @@ + lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' + ;; + +- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) ++ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + +- mingw* | pw32* | os2*) ++ pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_F77='-DDLL_EXPORT' +@@ -13661,7 +13662,7 @@ + export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then +- archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' ++ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then +@@ -14667,7 +14668,7 @@ + ;; + + freebsd*) +- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` ++ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) +@@ -15607,11 +15608,11 @@ + lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' + ;; + +- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) ++ beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + +- mingw* | pw32* | os2*) ++ pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' +@@ -15666,7 +15667,7 @@ + fi + ;; + +- mingw* | pw32* | os2*) ++ pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' +@@ -16009,7 +16010,7 @@ + export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then +- archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' ++ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then +@@ -17035,7 +17036,7 @@ + ;; + + freebsd*) +- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` ++ objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) +@@ -24598,7 +24599,7 @@ + fi + + LIBXML_MIN_VERSION="2.4.2" +-LIBXML_CONFIG="xml2-config" ++LIBXML_CONFIG="./libxml2-config" + LIBXML_CFLAGS="" + LIBXML_LIBS="" + LIBXML_FOUND="no" +@@ -25678,12 +25679,26 @@ + + XMLSEC_NO_NSS="1" + MOZILLA_MIN_VERSION="1.4" ++if test "z$MOZ_FLAVOUR" = "zfirefox" ; then ++ MOZILLA_MIN_VERSION="1.0" ++fi + NSS_MIN_VERSION="3.2" + NSPR_MIN_VERSION="4.0" + NSS_CFLAGS="" + NSS_LIBS="" +-NSS_LIBS_LIST="-lnss3 -lsmime3" +-NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" ++ ++case $host_os in ++cygwin* | mingw* | pw32*) ++ NSS_LIBS_LIST="-lnss3 -lsmime3" ++ NSPR_LIBS_LIST="-lnspr4" ++ ;; ++ ++*) ++ NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" ++ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" ++ ;; ++esac ++ + NSS_CRYPTO_LIB="$PACKAGE-nss" + NSS_FOUND="no" + +@@ -25766,23 +25781,122 @@ + else + PKG_CONFIG_MIN_VERSION=0.9.0 + if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then +- echo "$as_me:$LINENO: checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" >&5 +-echo $ECHO_N "checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 ++ echo "$as_me:$LINENO: checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" >&5 ++echo $ECHO_N "checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 ++ ++ if $PKG_CONFIG --exists "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" ; then ++ echo "$as_me:$LINENO: result: yes" >&5 ++echo "${ECHO_T}yes" >&6 ++ succeeded=yes ++ ++ echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 ++echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 ++ NSS_CFLAGS=`$PKG_CONFIG --cflags "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` ++ echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 ++echo "${ECHO_T}$NSS_CFLAGS" >&6 ++ ++ echo "$as_me:$LINENO: checking NSS_LIBS" >&5 ++echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 ++ NSS_LIBS=`$PKG_CONFIG --libs "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` ++ echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 ++echo "${ECHO_T}$NSS_LIBS" >&6 ++ else ++ NSS_CFLAGS="" ++ NSS_LIBS="" ++ ## If we have a custom action on failure, don't print errors, but ++ ## do set a variable so people can do so. ++ NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` ++ ++ fi ++ ++ ++ + else -+ ac_dir=`(dirname "$ac_file") 2>/dev/null || -+ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$ac_file" : 'X\(//\)[^/]' \| \ -+ X"$ac_file" : 'X\(//\)$' \| \ -+ X"$ac_file" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X"$ac_file" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ { if $as_mkdir_p; then -+ mkdir -p "$ac_dir" -+ else -+ as_dir="$ac_dir" -+ as_dirs= -+ while test ! -d "$as_dir"; do -+ as_dirs="$as_dir $as_dirs" -+ as_dir=`(dirname "$as_dir") 2>/dev/null || -+ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_dir" : 'X\(//\)[^/]' \| \ -+ X"$as_dir" : 'X\(//\)$' \| \ -+ X"$as_dir" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X"$as_dir" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ done -+ test ! -n "$as_dirs" || mkdir $as_dirs -+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 -+ echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} -+ { (exit 1); exit 1; }; }; } -+ -+ rm -f $ac_file -+ mv $tmp/config.h $ac_file ++ echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." ++ echo "*** See http://www.freedesktop.org/software/pkgconfig" + fi -+ else -+ cat $tmp/config.h -+ rm -f $tmp/config.h -+ fi -+ # Compute $ac_file's index in $config_headers. -+ _am_stamp_count=1 -+ for _am_header in $config_headers :; do -+ case $_am_header in -+ $ac_file | $ac_file:* ) -+ break ;; -+ * ) -+ _am_stamp_count=`expr $_am_stamp_count + 1` ;; -+ esac -+ done -+ echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null || -+ $as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X$ac_file : 'X\(//\)[^/]' \| \ -+ X$ac_file : 'X\(//\)$' \| \ -+ X$ac_file : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X$ac_file | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'`/stamp-h$_am_stamp_count -+ done -+ _ACEOF -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ -+ # -+ # CONFIG_COMMANDS section. -+ # -+ for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue -+ ac_dest=`echo "$ac_file" | sed 's,:.*,,'` -+ ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'` -+ ac_dir=`(dirname "$ac_dest") 2>/dev/null || -+ $as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$ac_dest" : 'X\(//\)[^/]' \| \ -+ X"$ac_dest" : 'X\(//\)$' \| \ -+ X"$ac_dest" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X"$ac_dest" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ { if $as_mkdir_p; then -+ mkdir -p "$ac_dir" -+ else -+ as_dir="$ac_dir" -+ as_dirs= -+ while test ! -d "$as_dir"; do -+ as_dirs="$as_dir $as_dirs" -+ as_dir=`(dirname "$as_dir") 2>/dev/null || -+ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_dir" : 'X\(//\)[^/]' \| \ -+ X"$as_dir" : 'X\(//\)$' \| \ -+ X"$as_dir" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X"$as_dir" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ done -+ test ! -n "$as_dirs" || mkdir $as_dirs -+ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 -+ echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} -+ { (exit 1); exit 1; }; }; } -+ -+ ac_builddir=. -+ -+ if test "$ac_dir" != .; then -+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` -+ # A "../" for each directory in $ac_dir_suffix. -+ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` -+ else -+ ac_dir_suffix= ac_top_builddir= -+ fi -+ -+ case $srcdir in -+ .) # No --srcdir option. We are building in place. -+ ac_srcdir=. -+ if test -z "$ac_top_builddir"; then -+ ac_top_srcdir=. -+ else -+ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` -+ fi ;; -+ [\\/]* | ?:[\\/]* ) # Absolute path. -+ ac_srcdir=$srcdir$ac_dir_suffix; -+ ac_top_srcdir=$srcdir ;; -+ *) # Relative path. -+ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix -+ ac_top_srcdir=$ac_top_builddir$srcdir ;; -+ esac -+ -+ # Do not use `cd foo && pwd` to compute absolute paths, because -+ # the directories may not exist. -+ case `pwd` in -+ .) ac_abs_builddir="$ac_dir";; -+ *) -+ case "$ac_dir" in -+ .) ac_abs_builddir=`pwd`;; -+ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; -+ *) ac_abs_builddir=`pwd`/"$ac_dir";; -+ esac;; -+ esac -+ case $ac_abs_builddir in -+ .) ac_abs_top_builddir=${ac_top_builddir}.;; -+ *) -+ case ${ac_top_builddir}. in -+ .) ac_abs_top_builddir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; -+ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; -+ esac;; -+ esac -+ case $ac_abs_builddir in -+ .) ac_abs_srcdir=$ac_srcdir;; -+ *) -+ case $ac_srcdir in -+ .) ac_abs_srcdir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; -+ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; -+ esac;; -+ esac -+ case $ac_abs_builddir in -+ .) ac_abs_top_srcdir=$ac_top_srcdir;; -+ *) -+ case $ac_top_srcdir in -+ .) ac_abs_top_srcdir=$ac_abs_builddir;; -+ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; -+ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; -+ esac;; -+ esac -+ -+ -+ { echo "$as_me:$LINENO: executing $ac_dest commands" >&5 -+ echo "$as_me: executing $ac_dest commands" >&6;} -+ case $ac_dest in -+ depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do -+ # Strip MF so we end up with the name of the file. -+ mf=`echo "$mf" | sed -e 's/:.*$//'` -+ # Check whether this is an Automake generated Makefile or not. -+ # We used to match only the files named `Makefile.in', but -+ # some people rename them; so instead we look at the file content. -+ # Grep'ing the first line is not enough: some people post-process -+ # each Makefile.in and add a new line on top of each file to say so. -+ # So let's grep whole file. -+ if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then -+ dirpart=`(dirname "$mf") 2>/dev/null || -+ $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$mf" : 'X\(//\)[^/]' \| \ -+ X"$mf" : 'X\(//\)$' \| \ -+ X"$mf" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X"$mf" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ else -+ continue -+ fi -+ grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue -+ # Extract the definition of DEP_FILES from the Makefile without -+ # running `make'. -+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` -+ test -z "$DEPDIR" && continue -+ # When using ansi2knr, U may be empty or an underscore; expand it -+ U=`sed -n 's/^U = //p' < "$mf"` -+ test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR" -+ # We invoke sed twice because it is the simplest approach to -+ # changing $(DEPDIR) to its actual value in the expansion. -+ for file in `sed -n ' -+ /^DEP_FILES = .*\\\\$/ { -+ s/^DEP_FILES = // -+ :loop -+ s/\\\\$// -+ p -+ n -+ /\\\\$/ b loop -+ p -+ } -+ /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \ -+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do -+ # Make sure the directory exists. -+ test -f "$dirpart/$file" && continue -+ fdir=`(dirname "$file") 2>/dev/null || -+ $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$file" : 'X\(//\)[^/]' \| \ -+ X"$file" : 'X\(//\)$' \| \ -+ X"$file" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X"$file" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ { if $as_mkdir_p; then -+ mkdir -p $dirpart/$fdir -+ else -+ as_dir=$dirpart/$fdir -+ as_dirs= -+ while test ! -d "$as_dir"; do -+ as_dirs="$as_dir $as_dirs" -+ as_dir=`(dirname "$as_dir") 2>/dev/null || -+ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ -+ X"$as_dir" : 'X\(//\)[^/]' \| \ -+ X"$as_dir" : 'X\(//\)$' \| \ -+ X"$as_dir" : 'X\(/\)' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X"$as_dir" | -+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } -+ /^X\(\/\/\)[^/].*/{ s//\1/; q; } -+ /^X\(\/\/\)$/{ s//\1/; q; } -+ /^X\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ done -+ test ! -n "$as_dirs" || mkdir $as_dirs -+ fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5 -+ echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;} -+ { (exit 1); exit 1; }; }; } -+ -+ # echo "creating $dirpart/$file" -+ echo '# dummy' > "$dirpart/$file" -+ done -+ done ++ fi ++ ++ if test $succeeded = yes; then ++ NSS_FOUND=yes ++ else ++ NSS_FOUND=no ++ fi ++ ++ echo "$as_me:$LINENO: result: $NSS_FOUND" >&5 ++echo "${ECHO_T}$NSS_FOUND" >&6 ++ if test "z$NSS_FOUND" = "zno" ; then ++ ++ succeeded=no ++ ++ if test -z "$PKG_CONFIG"; then ++ # Extract the first word of "pkg-config", so it can be a program name with args. ++set dummy pkg-config; ac_word=$2 ++echo "$as_me:$LINENO: checking for $ac_word" >&5 ++echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 ++if test "${ac_cv_path_PKG_CONFIG+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++else ++ case $PKG_CONFIG in ++ [\\/]* | ?:[\\/]*) ++ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; -+ esac -+ done -+ _ACEOF -+ -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ -+ { (exit 0); exit 0; } -+ _ACEOF -+ chmod +x $CONFIG_STATUS -+ ac_clean_files=$ac_clean_files_save -+ -+ -+ # configure is writing to config.log, and then calls config.status. -+ # config.status does its own redirection, appending to config.log. -+ # Unfortunately, on DOS this fails, as config.log is still kept open -+ # by configure, so config.status won't be able to write to it; its -+ # output is simply discarded. So we exec the FD to /dev/null, -+ # effectively closing config.log, so it can be properly (re)opened and -+ # appended to by config.status. When coming back to configure, we -+ # need to make the FD available again. -+ if test "$no_create" != yes; then -+ ac_cs_success=: -+ ac_config_status_args= -+ test "$silent" = yes && -+ ac_config_status_args="$ac_config_status_args --quiet" -+ exec 5>/dev/null -+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false -+ exec 5>>config.log -+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which -+ # would make configure fail if this is the last instruction. -+ $ac_cs_success || { (exit 1); exit 1; } -+ fi -+ -+ fi -+ -+ if test "z$MSCRYPTO_FOUND" = "zyes" ; then -+ ac_config_files="$ac_config_files include/xmlsec/mscrypto/Makefile src/mscrypto/Makefile" -+ cat >confcache <<\_ACEOF -+ # This file is a shell script that caches the results of configure -+ # tests run on this system so they can be shared between configure -+ # scripts and configure runs, see configure's option --config-cache. -+ # It is not useful on other systems. If it contains results you don't -+ # want to keep, you may remove or edit it. -+ # -+ # config.status only pays attention to the cache file if you give it -+ # the --recheck option to rerun configure. -+ # -+ # `ac_cv_env_foo' variables (set or unset) will be overridden when -+ # loading this file, other *unset* `ac_cv_foo' will be assigned the -+ # following values. -+ -+ _ACEOF -+ -+ # The following way of writing the cache mishandles newlines in values, -+ # but we know of no workaround that is simple, portable, and efficient. -+ # So, don't put newlines in cache variables' values. -+ # Ultrix sh set writes to stderr and can't be redirected directly, -+ # and sets the high bit in the cache file unless we assign to the vars. -+ { -+ (set) 2>&1 | -+ case `(ac_space=' '; set | grep ac_space) 2>&1` in -+ *ac_space=\ *) -+ # `set' does not quote correctly, so add quotes (double-quote -+ # substitution turns \\\\ into \\, and sed turns \\ into \). -+ sed -n \ -+ "s/'/'\\\\''/g; -+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" -+ ;; -+ *) -+ # `set' quotes correctly as required by POSIX, so do not add quotes. -+ sed -n \ -+ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" -+ ;; -+ esac; -+ } | -+ sed ' -+ t clear -+ : clear -+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ -+ t end -+ /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ -+ : end' >>confcache -+ if diff $cache_file confcache >/dev/null 2>&1; then :; else -+ if test -w $cache_file; then -+ test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" -+ cat confcache >$cache_file -+ else -+ echo "not updating unwritable cache $cache_file" -+ fi -+ fi -+ rm -f confcache -+ -+ test "x$prefix" = xNONE && prefix=$ac_default_prefix -+ # Let make expand exec_prefix. -+ test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' -+ -+ # VPATH may cause trouble with some makes, so we remove $(srcdir), -+ # ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and -+ # trailing colons and then remove the whole line if VPATH becomes empty -+ # (actually we leave an empty line to preserve line numbers). -+ if test "x$srcdir" = x.; then -+ ac_vpsub='/^[ ]*VPATH[ ]*=/{ -+ s/:*\$(srcdir):*/:/; -+ s/:*\${srcdir}:*/:/; -+ s/:*@srcdir@:*/:/; -+ s/^\([^=]*=[ ]*\):*/\1/; -+ s/:*$//; -+ s/^[^=]*=[ ]*$//; -+ }' -+ fi -+ -+ DEFS=-DHAVE_CONFIG_H -+ -+ ac_libobjs= -+ ac_ltlibobjs= -+ for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue -+ # 1. Remove the extension, and $U if already installed. -+ ac_i=`echo "$ac_i" | -+ sed 's/\$U\././;s/\.o$//;s/\.obj$//'` -+ # 2. Add them. -+ ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" -+ ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' -+ done -+ LIBOBJS=$ac_libobjs -+ -+ LTLIBOBJS=$ac_ltlibobjs -+ -+ -+ if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"AMDEP\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${INSTALL_LTDL_TRUE}" && test -z "${INSTALL_LTDL_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"INSTALL_LTDL\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"INSTALL_LTDL\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${CONVENIENCE_LTDL_TRUE}" && test -z "${CONVENIENCE_LTDL_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"CONVENIENCE_LTDL\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"CONVENIENCE_LTDL\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_OPENSSL_TRUE}" && test -z "${XMLSEC_NO_OPENSSL_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_GNUTLS_TRUE}" && test -z "${XMLSEC_NO_GNUTLS_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_NSS_TRUE}" && test -z "${XMLSEC_NO_NSS_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_NSS\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_NSS\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_SHA1_TRUE}" && test -z "${XMLSEC_NO_SHA1_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_SHA1\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_SHA1\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_RIPEMD160_TRUE}" && test -z "${XMLSEC_NO_RIPEMD160_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_HMAC_TRUE}" && test -z "${XMLSEC_NO_HMAC_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_HMAC\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_HMAC\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_DSA_TRUE}" && test -z "${XMLSEC_NO_DSA_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DSA\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_DSA\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_RSA_TRUE}" && test -z "${XMLSEC_NO_RSA_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RSA\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_RSA\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_X509_TRUE}" && test -z "${XMLSEC_NO_X509_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_X509\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_X509\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_DES_TRUE}" && test -z "${XMLSEC_NO_DES_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DES\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_DES\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_AES_TRUE}" && test -z "${XMLSEC_NO_AES_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_AES\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_AES\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_XMLDSIG_TRUE}" && test -z "${XMLSEC_NO_XMLDSIG_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_XMLENC_TRUE}" && test -z "${XMLSEC_NO_XMLENC_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLENC\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_XMLENC\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_XKMS_TRUE}" && test -z "${XMLSEC_NO_XKMS_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XKMS\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_XKMS\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ if test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE}"; then -+ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&5 -+ echo "$as_me: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined. -+ Usually this means the macro was only invoked conditionally." >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ -+ : ${CONFIG_STATUS=./config.status} -+ ac_clean_files_save=$ac_clean_files -+ ac_clean_files="$ac_clean_files $CONFIG_STATUS" -+ { echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 -+ echo "$as_me: creating $CONFIG_STATUS" >&6;} -+ cat >$CONFIG_STATUS <<_ACEOF -+ #! $SHELL -+ # Generated by $as_me. -+ # Run this file to recreate the current configuration. -+ # Compiler output produced by configure, useful for debugging -+ # configure, is in config.log if it exists. -+ -+ debug=false -+ ac_cs_recheck=false -+ ac_cs_silent=false -+ SHELL=\${CONFIG_SHELL-$SHELL} -+ _ACEOF -+ -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ ## --------------------- ## -+ ## M4sh Initialization. ## -+ ## --------------------- ## -+ -+ # Be Bourne compatible -+ if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then -+ emulate sh -+ NULLCMD=: -+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which -+ # is contrary to our usage. Disable this feature. -+ alias -g '${1+"$@"}'='"$@"' -+ elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then -+ set -o posix -+ fi -+ DUALCASE=1; export DUALCASE # for MKS sh -+ -+ # Support unset when possible. -+ if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then -+ as_unset=unset -+ else -+ as_unset=false -+ fi -+ -+ -+ # Work around bugs in pre-3.0 UWIN ksh. -+ $as_unset ENV MAIL MAILPATH -+ PS1='$ ' -+ PS2='> ' -+ PS4='+ ' -+ -+ # NLS nuisances. -+ for as_var in \ -+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ -+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ -+ LC_TELEPHONE LC_TIME -+ do -+ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then -+ eval $as_var=C; export $as_var -+ else -+ $as_unset $as_var -+ fi -+ done -+ -+ # Required to use basename. -+ if expr a : '\(a\)' >/dev/null 2>&1; then -+ as_expr=expr -+ else -+ as_expr=false -+ fi -+ -+ if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then -+ as_basename=basename -+ else -+ as_basename=false -+ fi -+ -+ -+ # Name of the executable. -+ as_me=`$as_basename "$0" || -+ $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ -+ X"$0" : 'X\(//\)$' \| \ -+ X"$0" : 'X\(/\)$' \| \ -+ . : '\(.\)' 2>/dev/null || -+ echo X/"$0" | -+ sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } -+ /^X\/\(\/\/\)$/{ s//\1/; q; } -+ /^X\/\(\/\).*/{ s//\1/; q; } -+ s/.*/./; q'` -+ -+ -+ # PATH needs CR, and LINENO needs CR and PATH. -+ # Avoid depending upon Character Ranges. -+ as_cr_letters='abcdefghijklmnopqrstuvwxyz' -+ as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -+ as_cr_Letters=$as_cr_letters$as_cr_LETTERS -+ as_cr_digits='0123456789' -+ as_cr_alnum=$as_cr_Letters$as_cr_digits -+ -+ # The user is always right. -+ if test "${PATH_SEPARATOR+set}" != set; then -+ echo "#! /bin/sh" >conf$$.sh -+ echo "exit 0" >>conf$$.sh -+ chmod +x conf$$.sh -+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then -+ PATH_SEPARATOR=';' -+ else -+ PATH_SEPARATOR=: -+ fi -+ rm -f conf$$.sh -+ fi -+ -+ -+ as_lineno_1=$LINENO -+ as_lineno_2=$LINENO -+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` -+ test "x$as_lineno_1" != "x$as_lineno_2" && -+ test "x$as_lineno_3" = "x$as_lineno_2" || { -+ # Find who we are. Look in the path if we contain no path at all -+ # relative or not. -+ case $0 in -+ *[\\/]* ) as_myself=$0 ;; -+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+ for as_dir in $PATH -+ do -+ IFS=$as_save_IFS -+ test -z "$as_dir" && as_dir=. -+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -+ done -+ -+ ;; -+ esac -+ # We did not find ourselves, most probably we were run as `sh COMMAND' -+ # in which case we are not to be found in the path. -+ if test "x$as_myself" = x; then -+ as_myself=$0 -+ fi -+ if test ! -f "$as_myself"; then -+ { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 -+ echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} -+ { (exit 1); exit 1; }; } -+ fi -+ case $CONFIG_SHELL in -+ '') -+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+ for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH -+ do -+ IFS=$as_save_IFS -+ test -z "$as_dir" && as_dir=. -+ for as_base in sh bash ksh sh5; do -+ case $as_dir in -+ /*) -+ if ("$as_dir/$as_base" -c ' -+ as_lineno_1=$LINENO -+ as_lineno_2=$LINENO -+ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` -+ test "x$as_lineno_1" != "x$as_lineno_2" && -+ test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then -+ $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } -+ $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } -+ CONFIG_SHELL=$as_dir/$as_base -+ export CONFIG_SHELL -+ exec "$CONFIG_SHELL" "$0" ${1+"$@"} -+ fi;; -+ esac ++ *) ++ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR ++for as_dir in $PATH ++do ++ IFS=$as_save_IFS ++ test -z "$as_dir" && as_dir=. ++ for ac_exec_ext in '' $ac_executable_extensions; do ++ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" ++ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ break 2 ++ fi ++done ++done ++ ++ test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no" ++ ;; ++esac ++fi ++PKG_CONFIG=$ac_cv_path_PKG_CONFIG ++ ++if test -n "$PKG_CONFIG"; then ++ echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 ++echo "${ECHO_T}$PKG_CONFIG" >&6 ++else ++ echo "$as_me:$LINENO: result: no" >&5 ++echo "${ECHO_T}no" >&6 ++fi ++ ++ fi ++ ++ if test "$PKG_CONFIG" = "no" ; then ++ echo "*** The pkg-config script could not be found. Make sure it is" ++ echo "*** in your path, or set the PKG_CONFIG environment variable" ++ echo "*** to the full path to pkg-config." ++ echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." ++ else ++ PKG_CONFIG_MIN_VERSION=0.9.0 ++ if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then ++ echo "$as_me:$LINENO: checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" >&5 ++echo $ECHO_N "checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION... $ECHO_C" >&6 + +- if $PKG_CONFIG --exists "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" ; then ++ if $PKG_CONFIG --exists "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" ; then + echo "$as_me:$LINENO: result: yes" >&5 + echo "${ECHO_T}yes" >&6 + succeeded=yes + + echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 + echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 +- NSS_CFLAGS=`$PKG_CONFIG --cflags "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` ++ NSS_CFLAGS=`$PKG_CONFIG --cflags "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` + echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 + echo "${ECHO_T}$NSS_CFLAGS" >&6 + + echo "$as_me:$LINENO: checking NSS_LIBS" >&5 + echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 +- NSS_LIBS=`$PKG_CONFIG --libs "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` ++ NSS_LIBS=`$PKG_CONFIG --libs "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` + echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 + echo "${ECHO_T}$NSS_LIBS" >&6 + else +@@ -25790,7 +25904,7 @@ + NSS_LIBS="" + ## If we have a custom action on failure, don't print errors, but + ## do set a variable so people can do so. +- NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` ++ NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` + + fi + +@@ -25808,6 +25922,9 @@ + NSS_FOUND=no + fi + ++ echo "$as_me:$LINENO: result: $NSS_FOUND" >&5 ++echo "${ECHO_T}$NSS_FOUND" >&6 ++ fi + fi + + if test "z$NSS_FOUND" = "zno" ; then +@@ -25817,8 +25934,8 @@ + ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION + fi + +- ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" +- ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" ++ ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" ++ ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" + + echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 + echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 +@@ -25853,8 +25970,11 @@ + done + + for dir in $ac_nss_lib_dir ; do +- if test -f $dir/libnspr4.so ; then +- if test "z$dir" = "z/usr/lib" ; then ++ case $host_os in ++ cygwin* | mingw* | pw32*) ++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then ++ # do not add -L/usr/lib because compiler does it anyway ++ if test "z$dir" = "z/usr/lib" ; then + NSPR_LIBS="$NSPR_LIBS_LIST" + else + if test "z$with_gnu_ld" = "zyes" ; then +@@ -25865,7 +25985,26 @@ + fi + NSPR_LIBS_FOUND="yes" + break +- fi ++ fi ++ ;; ++ ++ *) ++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then ++ # do not add -L/usr/lib because compiler does it anyway ++ if test "z$dir" = "z/usr/lib" ; then ++ NSPR_LIBS="$NSPR_LIBS_LIST" ++ else ++ if test "z$with_gnu_ld" = "zyes" ; then ++ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" ++ else ++ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" ++ fi ++ fi ++ NSPR_LIBS_FOUND="yes" ++ break ++ fi ++ ;; ++ esac + done + fi + +@@ -25939,8 +26078,11 @@ + done + + for dir in $ac_nss_lib_dir ; do +- if test -f $dir/libnss3.so ; then +- if test "z$dir" = "z/usr/lib" ; then ++ case $host_os in ++ cygwin* | mingw* | pw32*) ++ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then ++ # do not add -L/usr/lib because compiler does it anyway ++ if test "z$dir" = "z/usr/lib" ; then + NSS_LIBS="$NSS_LIBS_LIST" + else + if test "z$with_gnu_ld" = "zyes" ; then +@@ -25951,7 +26093,26 @@ + fi + NSS_LIBS_FOUND="yes" + break +- fi ++ fi ++ ;; ++ ++ *) ++ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then ++ # do not add -L/usr/lib because compiler does it anyway ++ if test "z$dir" = "z/usr/lib" ; then ++ NSS_LIBS="$NSS_LIBS_LIST" ++ else ++ if test "z$with_gnu_ld" = "zyes" ; then ++ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" ++ else ++ NSS_LIBS="-L$dir $NSS_LIBS_LIST" ++ fi ++ fi ++ NSS_LIBS_FOUND="yes" ++ break ++ fi ++ ;; ++ esac + done + fi + +@@ -26004,6 +26165,12 @@ + fi + fi + ++case $host_os in ++darwin*) ++ NSS_LIBS="$NSS_LIBS "`"$PERL" "$SOLARENV/bin/macosx-dylib-link-list.pl" $NSS_LIBS` ++ ;; ++esac ++ + if test "z$NSS_FOUND" = "zyes" ; then + XMLSEC_NO_NSS="0" + NSS_CFLAGS="$NSS_CFLAGS -DXMLSEC_CRYPTO_NSS=1" +@@ -26037,6 +26204,109 @@ + + + ++MSCRYPTO_CFLAGS="" ++MSCRYPTO_LIBS="" ++MSCRYPTO_FOUND="no" ++ ++ ++# Check whether --with-mscrypto or --without-mscrypto was given. ++if test "${with_mscrypto+set}" = set; then ++ withval="$with_mscrypto" ++ ++fi; ++if test "z$with_mscrypto" = "zno" ; then ++ echo "$as_me:$LINENO: checking for MSCRYPTO libraries" >&5 ++echo $ECHO_N "checking for MSCRYPTO libraries... $ECHO_C" >&6 ++ echo "$as_me:$LINENO: result: no" >&5 ++echo "${ECHO_T}no" >&6 ++ MSCRYPTO_FOUND="without" ++else ++ ac_mscrypto_lib_dir="${PSDK_HOME}/lib" ++ ac_mscrypto_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external/mingw/include ${COMPATH}/include ${COMPATH}/include/w32api" ++ echo "$as_me:$LINENO: checking for mscrypto libraries" >&5 ++echo $ECHO_N "checking for mscrypto libraries... $ECHO_C" >&6 ++ MSCRYPTO_INCLUDES_FOUND="no" ++ MSCRYPTO_LIBS_FOUND="no" ++ WINCRYPT_H="" ++ ++ for dir in $ac_mscrypto_inc_dir ; do ++ if test -f $dir/wincrypt.h ; then ++ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -I$dir" ++ MSCRYPTO_INCLUDES_FOUND="yes" ++ WINCRYPT_H="$dir/wincrypt.h" ++ break ++ fi + done -+ done ++ ++ for dir in $ac_mscrypto_lib_dir ; do ++ if test -f $dir/crypt32.lib ; then ++ if test "z$with_gnu_ld" = "zyes" ; then ++ MSCRYPTO_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $dir/crypt32.lib" ++ else ++ MSCRYPTO_LIBS="-L$dir $dir/crypt32.lib" ++ fi ++ MSCRYPTO_LIBS_FOUND="yes" ++ break ++ fi ++ done ++ ++ if test "z$MSCRYPTO_INCLUDES_FOUND" = "zyes" -a "z$MSCRYPTO_LIBS_FOUND" = "zyes" ; then ++ OLD_CPPFLAGS=$CPPFLAGS ++ CPPFLAGS="$MSCRYPTO_CFLAGS" ++ cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++ ++ #include <wincrypt.h> ++ #if defined(_WINCRYPT_H) || defined(__WINCRYPT_H__) ++ yes ++ #endif ++ ++_ACEOF ++if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | ++ $EGREP "yes" >/dev/null 2>&1; then ++ ++ MSCRYPTO_FOUND=yes ++ ++else ++ ++ MSCRYPTO_FOUND=no ++ ++fi ++rm -f conftest* ++ ++ CPPFLAGS="$OLD_CPPFLAGS" ++ fi ++ ++ if test "z$MSCRYPTO_FOUND" = "zyes" ; then ++ echo "$as_me:$LINENO: result: yes" >&5 ++echo "${ECHO_T}yes" >&6 ++ else ++ echo "$as_me:$LINENO: result: no" >&5 ++echo "${ECHO_T}no" >&6 ++ fi ++ ++fi ++ ++if test "z$MSCRYPTO_FOUND" = "zyes" ; then ++ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1" ++ ++ if test "z$XMLSEC_CRYPTO" = "z" ; then ++ XMLSEC_CRYPTO="mscrypto" ++ XMLSEC_CRYPTO_LIB="$PACKAGE-mscrypto" ++ XMLSEC_CRYPTO_CFLAGS="$MSCRYPTO_CFLAGS" ++ XMLSEC_CRYPTO_LIBS="$MSCRYPTO_LIBS" ++ fi ++ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscrypto" ++else ++ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscrypto" ++fi ++ ++ ++ + echo "$as_me:$LINENO: checking for crypto library" >&5 + echo $ECHO_N "checking for crypto library... $ECHO_C" >&6 + if test "z$XMLSEC_CRYPTO" = "z" ; then +@@ -26604,7 +26874,7 @@ + done + + +- ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1.spec:xmlsec.spec.in" ++ ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1-mscrypto.pc:xmlsec-mscrypto.pc.in xmlsec1.spec:xmlsec.spec.in" + cat >confcache <<\_ACEOF + # This file is a shell script that caches the results of configure + # tests run on this system so they can be shared between configure +@@ -27521,6 +27791,8 @@ + s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t + s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t + s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t ++s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t ++s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t + s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t + s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t + s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t +@@ -29231,6 +29503,8 @@ + s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t + s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t + s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t ++s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t ++s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t + s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t + s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t + s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t +@@ -30941,6 +31215,8 @@ + s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t + s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t + s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t ++s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t ++s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t + s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t + s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t + s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t +@@ -32653,6 +32929,1724 @@ + s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t + s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t + s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t ++s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t ++s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t ++s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t ++s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t ++s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t ++s,@XMLSEC_NO_RIPEMD160_TRUE@,$XMLSEC_NO_RIPEMD160_TRUE,;t t ++s,@XMLSEC_NO_RIPEMD160_FALSE@,$XMLSEC_NO_RIPEMD160_FALSE,;t t ++s,@XMLSEC_NO_RIPEMD160@,$XMLSEC_NO_RIPEMD160,;t t ++s,@XMLSEC_NO_HMAC_TRUE@,$XMLSEC_NO_HMAC_TRUE,;t t ++s,@XMLSEC_NO_HMAC_FALSE@,$XMLSEC_NO_HMAC_FALSE,;t t ++s,@XMLSEC_NO_HMAC@,$XMLSEC_NO_HMAC,;t t ++s,@XMLSEC_NO_DSA_TRUE@,$XMLSEC_NO_DSA_TRUE,;t t ++s,@XMLSEC_NO_DSA_FALSE@,$XMLSEC_NO_DSA_FALSE,;t t ++s,@XMLSEC_NO_DSA@,$XMLSEC_NO_DSA,;t t ++s,@XMLSEC_NO_RSA_TRUE@,$XMLSEC_NO_RSA_TRUE,;t t ++s,@XMLSEC_NO_RSA_FALSE@,$XMLSEC_NO_RSA_FALSE,;t t ++s,@XMLSEC_NO_RSA@,$XMLSEC_NO_RSA,;t t ++s,@XMLSEC_NO_X509_TRUE@,$XMLSEC_NO_X509_TRUE,;t t ++s,@XMLSEC_NO_X509_FALSE@,$XMLSEC_NO_X509_FALSE,;t t ++s,@XMLSEC_NO_X509@,$XMLSEC_NO_X509,;t t ++s,@XMLSEC_NO_DES_TRUE@,$XMLSEC_NO_DES_TRUE,;t t ++s,@XMLSEC_NO_DES_FALSE@,$XMLSEC_NO_DES_FALSE,;t t ++s,@XMLSEC_NO_DES@,$XMLSEC_NO_DES,;t t ++s,@XMLSEC_NO_AES_TRUE@,$XMLSEC_NO_AES_TRUE,;t t ++s,@XMLSEC_NO_AES_FALSE@,$XMLSEC_NO_AES_FALSE,;t t ++s,@XMLSEC_NO_AES@,$XMLSEC_NO_AES,;t t ++s,@XMLSEC_NO_XMLDSIG_TRUE@,$XMLSEC_NO_XMLDSIG_TRUE,;t t ++s,@XMLSEC_NO_XMLDSIG_FALSE@,$XMLSEC_NO_XMLDSIG_FALSE,;t t ++s,@XMLSEC_NO_XMLDSIG@,$XMLSEC_NO_XMLDSIG,;t t ++s,@XMLSEC_NO_XMLENC_TRUE@,$XMLSEC_NO_XMLENC_TRUE,;t t ++s,@XMLSEC_NO_XMLENC_FALSE@,$XMLSEC_NO_XMLENC_FALSE,;t t ++s,@XMLSEC_NO_XMLENC@,$XMLSEC_NO_XMLENC,;t t ++s,@XMLSEC_NO_XKMS_TRUE@,$XMLSEC_NO_XKMS_TRUE,;t t ++s,@XMLSEC_NO_XKMS_FALSE@,$XMLSEC_NO_XKMS_FALSE,;t t ++s,@XMLSEC_NO_XKMS@,$XMLSEC_NO_XKMS,;t t ++s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE,;t t ++s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE,;t t ++s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING,;t t ++s,@XMLSEC_DL_INCLUDES@,$XMLSEC_DL_INCLUDES,;t t ++s,@XMLSEC_DL_LIBS@,$XMLSEC_DL_LIBS,;t t ++s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE,;t t ++s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE,;t t ++s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING,;t t ++s,@XMLSEC_DOCDIR@,$XMLSEC_DOCDIR,;t t ++s,@XMLSEC_STATIC_BINARIES@,$XMLSEC_STATIC_BINARIES,;t t ++s,@XMLSEC_CORE_CFLAGS@,$XMLSEC_CORE_CFLAGS,;t t ++s,@XMLSEC_CORE_LIBS@,$XMLSEC_CORE_LIBS,;t t ++s,@XMLSEC_LIBDIR@,$XMLSEC_LIBDIR,;t t ++s,@XMLSEC_OPENSSL_CFLAGS@,$XMLSEC_OPENSSL_CFLAGS,;t t ++s,@XMLSEC_OPENSSL_LIBS@,$XMLSEC_OPENSSL_LIBS,;t t ++s,@XMLSEC_GNUTLS_CFLAGS@,$XMLSEC_GNUTLS_CFLAGS,;t t ++s,@XMLSEC_GNUTLS_LIBS@,$XMLSEC_GNUTLS_LIBS,;t t ++s,@XMLSEC_NSS_CFLAGS@,$XMLSEC_NSS_CFLAGS,;t t ++s,@XMLSEC_NSS_LIBS@,$XMLSEC_NSS_LIBS,;t t ++s,@XMLSEC_CFLAGS@,$XMLSEC_CFLAGS,;t t ++s,@XMLSEC_LIBS@,$XMLSEC_LIBS,;t t ++s,@XMLSEC_DEFINES@,$XMLSEC_DEFINES,;t t ++s,@XMLSEC_APP_DEFINES@,$XMLSEC_APP_DEFINES,;t t ++s,@XMLSEC_CRYPTO@,$XMLSEC_CRYPTO,;t t ++s,@XMLSEC_CRYPTO_LIST@,$XMLSEC_CRYPTO_LIST,;t t ++s,@XMLSEC_CRYPTO_DISABLED_LIST@,$XMLSEC_CRYPTO_DISABLED_LIST,;t t ++s,@XMLSEC_CRYPTO_LIB@,$XMLSEC_CRYPTO_LIB,;t t ++s,@XMLSEC_CRYPTO_CFLAGS@,$XMLSEC_CRYPTO_CFLAGS,;t t ++s,@XMLSEC_CRYPTO_LIBS@,$XMLSEC_CRYPTO_LIBS,;t t ++s,@XMLSEC_CRYPTO_PC_FILES_LIST@,$XMLSEC_CRYPTO_PC_FILES_LIST,;t t ++s,@LIBOBJS@,$LIBOBJS,;t t ++s,@LTLIBOBJS@,$LTLIBOBJS,;t t ++CEOF ++ ++_ACEOF ++ ++ cat >>$CONFIG_STATUS <<\_ACEOF ++ # Split the substitutions into bite-sized pieces for seds with ++ # small command number limits, like on Digital OSF/1 and HP-UX. ++ ac_max_sed_lines=48 ++ ac_sed_frag=1 # Number of current file. ++ ac_beg=1 # First line for current file. ++ ac_end=$ac_max_sed_lines # Line after last line for current file. ++ ac_more_lines=: ++ ac_sed_cmds= ++ while $ac_more_lines; do ++ if test $ac_beg -gt 1; then ++ sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag ++ else ++ sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag ++ fi ++ if test ! -s $tmp/subs.frag; then ++ ac_more_lines=false ++ else ++ # The purpose of the label and of the branching condition is to ++ # speed up the sed processing (if there are no `@' at all, there ++ # is no need to browse any of the substitutions). ++ # These are the two extra sed commands mentioned above. ++ (echo ':t ++ /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed ++ if test -z "$ac_sed_cmds"; then ++ ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" ++ else ++ ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" ++ fi ++ ac_sed_frag=`expr $ac_sed_frag + 1` ++ ac_beg=$ac_end ++ ac_end=`expr $ac_end + $ac_max_sed_lines` ++ fi ++ done ++ if test -z "$ac_sed_cmds"; then ++ ac_sed_cmds=cat ++ fi ++fi # test -n "$CONFIG_FILES" ++ ++_ACEOF ++cat >>$CONFIG_STATUS <<\_ACEOF ++for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue ++ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". ++ case $ac_file in ++ - | *:- | *:-:* ) # input from stdin ++ cat >$tmp/stdin ++ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` ++ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; ++ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` ++ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; ++ * ) ac_file_in=$ac_file.in ;; ++ esac ++ ++ # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. ++ ac_dir=`(dirname "$ac_file") 2>/dev/null || ++$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X"$ac_file" : 'X\(//\)[^/]' \| \ ++ X"$ac_file" : 'X\(//\)$' \| \ ++ X"$ac_file" : 'X\(/\)' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X"$ac_file" | ++ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } ++ /^X\(\/\/\)[^/].*/{ s//\1/; q; } ++ /^X\(\/\/\)$/{ s//\1/; q; } ++ /^X\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'` ++ { if $as_mkdir_p; then ++ mkdir -p "$ac_dir" ++ else ++ as_dir="$ac_dir" ++ as_dirs= ++ while test ! -d "$as_dir"; do ++ as_dirs="$as_dir $as_dirs" ++ as_dir=`(dirname "$as_dir") 2>/dev/null || ++$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X"$as_dir" : 'X\(//\)[^/]' \| \ ++ X"$as_dir" : 'X\(//\)$' \| \ ++ X"$as_dir" : 'X\(/\)' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X"$as_dir" | ++ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } ++ /^X\(\/\/\)[^/].*/{ s//\1/; q; } ++ /^X\(\/\/\)$/{ s//\1/; q; } ++ /^X\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'` ++ done ++ test ! -n "$as_dirs" || mkdir $as_dirs ++ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 ++echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} ++ { (exit 1); exit 1; }; }; } ++ ++ ac_builddir=. ++ ++if test "$ac_dir" != .; then ++ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` ++ # A "../" for each directory in $ac_dir_suffix. ++ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` ++else ++ ac_dir_suffix= ac_top_builddir= ++fi ++ ++case $srcdir in ++ .) # No --srcdir option. We are building in place. ++ ac_srcdir=. ++ if test -z "$ac_top_builddir"; then ++ ac_top_srcdir=. ++ else ++ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` ++ fi ;; ++ [\\/]* | ?:[\\/]* ) # Absolute path. ++ ac_srcdir=$srcdir$ac_dir_suffix; ++ ac_top_srcdir=$srcdir ;; ++ *) # Relative path. ++ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix ++ ac_top_srcdir=$ac_top_builddir$srcdir ;; ++esac ++ ++# Do not use `cd foo && pwd` to compute absolute paths, because ++# the directories may not exist. ++case `pwd` in ++.) ac_abs_builddir="$ac_dir";; ++*) ++ case "$ac_dir" in ++ .) ac_abs_builddir=`pwd`;; ++ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; ++ *) ac_abs_builddir=`pwd`/"$ac_dir";; ++ esac;; ++esac ++case $ac_abs_builddir in ++.) ac_abs_top_builddir=${ac_top_builddir}.;; ++*) ++ case ${ac_top_builddir}. in ++ .) ac_abs_top_builddir=$ac_abs_builddir;; ++ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; ++ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; ++ esac;; ++esac ++case $ac_abs_builddir in ++.) ac_abs_srcdir=$ac_srcdir;; ++*) ++ case $ac_srcdir in ++ .) ac_abs_srcdir=$ac_abs_builddir;; ++ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; ++ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; ++ esac;; ++esac ++case $ac_abs_builddir in ++.) ac_abs_top_srcdir=$ac_top_srcdir;; ++*) ++ case $ac_top_srcdir in ++ .) ac_abs_top_srcdir=$ac_abs_builddir;; ++ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; ++ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; ++ esac;; ++esac ++ ++ ++ case $INSTALL in ++ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; ++ *) ac_INSTALL=$ac_top_builddir$INSTALL ;; ++ esac ++ ++ if test x"$ac_file" != x-; then ++ { echo "$as_me:$LINENO: creating $ac_file" >&5 ++echo "$as_me: creating $ac_file" >&6;} ++ rm -f "$ac_file" ++ fi ++ # Let's still pretend it is `configure' which instantiates (i.e., don't ++ # use $as_me), people would be surprised to read: ++ # /* config.h. Generated by config.status. */ ++ if test x"$ac_file" = x-; then ++ configure_input= ++ else ++ configure_input="$ac_file. " ++ fi ++ configure_input=$configure_input"Generated from `echo $ac_file_in | ++ sed 's,.*/,,'` by configure." ++ ++ # First look for the input files in the build tree, otherwise in the ++ # src tree. ++ ac_file_inputs=`IFS=: ++ for f in $ac_file_in; do ++ case $f in ++ -) echo $tmp/stdin ;; ++ [\\/$]*) ++ # Absolute (can't be DOS-style, as IFS=:) ++ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 ++echo "$as_me: error: cannot find input file: $f" >&2;} ++ { (exit 1); exit 1; }; } ++ echo "$f";; ++ *) # Relative ++ if test -f "$f"; then ++ # Build tree ++ echo "$f" ++ elif test -f "$srcdir/$f"; then ++ # Source tree ++ echo "$srcdir/$f" ++ else ++ # /dev/null tree ++ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 ++echo "$as_me: error: cannot find input file: $f" >&2;} ++ { (exit 1); exit 1; }; } ++ fi;; ++ esac ++ done` || { (exit 1); exit 1; } ++_ACEOF ++cat >>$CONFIG_STATUS <<_ACEOF ++ sed "$ac_vpsub ++$extrasub ++_ACEOF ++cat >>$CONFIG_STATUS <<\_ACEOF ++:t ++/@[a-zA-Z_][a-zA-Z_0-9]*@/!b ++s,@configure_input@,$configure_input,;t t ++s,@srcdir@,$ac_srcdir,;t t ++s,@abs_srcdir@,$ac_abs_srcdir,;t t ++s,@top_srcdir@,$ac_top_srcdir,;t t ++s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t ++s,@builddir@,$ac_builddir,;t t ++s,@abs_builddir@,$ac_abs_builddir,;t t ++s,@top_builddir@,$ac_top_builddir,;t t ++s,@abs_top_builddir@,$ac_abs_top_builddir,;t t ++s,@INSTALL@,$ac_INSTALL,;t t ++" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out ++ rm -f $tmp/stdin ++ if test x"$ac_file" != x-; then ++ mv $tmp/out $ac_file ++ else ++ cat $tmp/out ++ rm -f $tmp/out ++ fi ++ ++done ++_ACEOF ++cat >>$CONFIG_STATUS <<\_ACEOF ++ ++# ++# CONFIG_HEADER section. ++# ++ ++# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where ++# NAME is the cpp macro being defined and VALUE is the value it is being given. ++# ++# ac_d sets the value in "#define NAME VALUE" lines. ++ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' ++ac_dB='[ ].*$,\1#\2' ++ac_dC=' ' ++ac_dD=',;t' ++# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". ++ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' ++ac_uB='$,\1#\2define\3' ++ac_uC=' ' ++ac_uD=',;t' ++ ++for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue ++ # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". ++ case $ac_file in ++ - | *:- | *:-:* ) # input from stdin ++ cat >$tmp/stdin ++ ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` ++ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; ++ *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` ++ ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; ++ * ) ac_file_in=$ac_file.in ;; ++ esac ++ ++ test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 ++echo "$as_me: creating $ac_file" >&6;} ++ ++ # First look for the input files in the build tree, otherwise in the ++ # src tree. ++ ac_file_inputs=`IFS=: ++ for f in $ac_file_in; do ++ case $f in ++ -) echo $tmp/stdin ;; ++ [\\/$]*) ++ # Absolute (can't be DOS-style, as IFS=:) ++ test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 ++echo "$as_me: error: cannot find input file: $f" >&2;} ++ { (exit 1); exit 1; }; } ++ # Do quote $f, to prevent DOS paths from being IFS'd. ++ echo "$f";; ++ *) # Relative ++ if test -f "$f"; then ++ # Build tree ++ echo "$f" ++ elif test -f "$srcdir/$f"; then ++ # Source tree ++ echo "$srcdir/$f" ++ else ++ # /dev/null tree ++ { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 ++echo "$as_me: error: cannot find input file: $f" >&2;} ++ { (exit 1); exit 1; }; } ++ fi;; ++ esac ++ done` || { (exit 1); exit 1; } ++ # Remove the trailing spaces. ++ sed 's/[ ]*$//' $ac_file_inputs >$tmp/in ++ ++_ACEOF ++ ++# Transform confdefs.h into two sed scripts, `conftest.defines' and ++# `conftest.undefs', that substitutes the proper values into ++# config.h.in to produce config.h. The first handles `#define' ++# templates, and the second `#undef' templates. ++# And first: Protect against being on the right side of a sed subst in ++# config.status. Protect against being in an unquoted here document ++# in config.status. ++rm -f conftest.defines conftest.undefs ++# Using a here document instead of a string reduces the quoting nightmare. ++# Putting comments in sed scripts is not portable. ++# ++# `end' is used to avoid that the second main sed command (meant for ++# 0-ary CPP macros) applies to n-ary macro definitions. ++# See the Autoconf documentation for `clear'. ++cat >confdef2sed.sed <<\_ACEOF ++s/[\\&,]/\\&/g ++s,[\\$`],\\&,g ++t clear ++: clear ++s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp ++t end ++s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp ++: end ++_ACEOF ++# If some macros were called several times there might be several times ++# the same #defines, which is useless. Nevertheless, we may not want to ++# sort them, since we want the *last* AC-DEFINE to be honored. ++uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines ++sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs ++rm -f confdef2sed.sed ++ ++# This sed command replaces #undef with comments. This is necessary, for ++# example, in the case of _POSIX_SOURCE, which is predefined and required ++# on some systems where configure will not decide to define it. ++cat >>conftest.undefs <<\_ACEOF ++s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, ++_ACEOF ++ ++# Break up conftest.defines because some shells have a limit on the size ++# of here documents, and old seds have small limits too (100 cmds). ++echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS ++echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS ++echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS ++echo ' :' >>$CONFIG_STATUS ++rm -f conftest.tail ++while grep . conftest.defines >/dev/null ++do ++ # Write a limited-size here document to $tmp/defines.sed. ++ echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS ++ # Speed up: don't consider the non `#define' lines. ++ echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS ++ # Work around the forget-to-reset-the-flag bug. ++ echo 't clr' >>$CONFIG_STATUS ++ echo ': clr' >>$CONFIG_STATUS ++ sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS ++ echo 'CEOF ++ sed -f $tmp/defines.sed $tmp/in >$tmp/out ++ rm -f $tmp/in ++ mv $tmp/out $tmp/in ++' >>$CONFIG_STATUS ++ sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail ++ rm -f conftest.defines ++ mv conftest.tail conftest.defines ++done ++rm -f conftest.defines ++echo ' fi # grep' >>$CONFIG_STATUS ++echo >>$CONFIG_STATUS ++ ++# Break up conftest.undefs because some shells have a limit on the size ++# of here documents, and old seds have small limits too (100 cmds). ++echo ' # Handle all the #undef templates' >>$CONFIG_STATUS ++rm -f conftest.tail ++while grep . conftest.undefs >/dev/null ++do ++ # Write a limited-size here document to $tmp/undefs.sed. ++ echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS ++ # Speed up: don't consider the non `#undef' ++ echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS ++ # Work around the forget-to-reset-the-flag bug. ++ echo 't clr' >>$CONFIG_STATUS ++ echo ': clr' >>$CONFIG_STATUS ++ sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS ++ echo 'CEOF ++ sed -f $tmp/undefs.sed $tmp/in >$tmp/out ++ rm -f $tmp/in ++ mv $tmp/out $tmp/in ++' >>$CONFIG_STATUS ++ sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail ++ rm -f conftest.undefs ++ mv conftest.tail conftest.undefs ++done ++rm -f conftest.undefs ++ ++cat >>$CONFIG_STATUS <<\_ACEOF ++ # Let's still pretend it is `configure' which instantiates (i.e., don't ++ # use $as_me), people would be surprised to read: ++ # /* config.h. Generated by config.status. */ ++ if test x"$ac_file" = x-; then ++ echo "/* Generated by configure. */" >$tmp/config.h ++ else ++ echo "/* $ac_file. Generated by configure. */" >$tmp/config.h ++ fi ++ cat $tmp/in >>$tmp/config.h ++ rm -f $tmp/in ++ if test x"$ac_file" != x-; then ++ if diff $ac_file $tmp/config.h >/dev/null 2>&1; then ++ { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 ++echo "$as_me: $ac_file is unchanged" >&6;} ++ else ++ ac_dir=`(dirname "$ac_file") 2>/dev/null || ++$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X"$ac_file" : 'X\(//\)[^/]' \| \ ++ X"$ac_file" : 'X\(//\)$' \| \ ++ X"$ac_file" : 'X\(/\)' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X"$ac_file" | ++ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } ++ /^X\(\/\/\)[^/].*/{ s//\1/; q; } ++ /^X\(\/\/\)$/{ s//\1/; q; } ++ /^X\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'` ++ { if $as_mkdir_p; then ++ mkdir -p "$ac_dir" ++ else ++ as_dir="$ac_dir" ++ as_dirs= ++ while test ! -d "$as_dir"; do ++ as_dirs="$as_dir $as_dirs" ++ as_dir=`(dirname "$as_dir") 2>/dev/null || ++$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X"$as_dir" : 'X\(//\)[^/]' \| \ ++ X"$as_dir" : 'X\(//\)$' \| \ ++ X"$as_dir" : 'X\(/\)' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X"$as_dir" | ++ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } ++ /^X\(\/\/\)[^/].*/{ s//\1/; q; } ++ /^X\(\/\/\)$/{ s//\1/; q; } ++ /^X\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'` ++ done ++ test ! -n "$as_dirs" || mkdir $as_dirs ++ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 ++echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} ++ { (exit 1); exit 1; }; }; } ++ ++ rm -f $ac_file ++ mv $tmp/config.h $ac_file ++ fi ++ else ++ cat $tmp/config.h ++ rm -f $tmp/config.h ++ fi ++# Compute $ac_file's index in $config_headers. ++_am_stamp_count=1 ++for _am_header in $config_headers :; do ++ case $_am_header in ++ $ac_file | $ac_file:* ) ++ break ;; ++ * ) ++ _am_stamp_count=`expr $_am_stamp_count + 1` ;; ++ esac ++done ++echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null || ++$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X$ac_file : 'X\(//\)[^/]' \| \ ++ X$ac_file : 'X\(//\)$' \| \ ++ X$ac_file : 'X\(/\)' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X$ac_file | ++ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } ++ /^X\(\/\/\)[^/].*/{ s//\1/; q; } ++ /^X\(\/\/\)$/{ s//\1/; q; } ++ /^X\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'`/stamp-h$_am_stamp_count ++done ++_ACEOF ++cat >>$CONFIG_STATUS <<\_ACEOF ++ ++# ++# CONFIG_COMMANDS section. ++# ++for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue ++ ac_dest=`echo "$ac_file" | sed 's,:.*,,'` ++ ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'` ++ ac_dir=`(dirname "$ac_dest") 2>/dev/null || ++$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X"$ac_dest" : 'X\(//\)[^/]' \| \ ++ X"$ac_dest" : 'X\(//\)$' \| \ ++ X"$ac_dest" : 'X\(/\)' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X"$ac_dest" | ++ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } ++ /^X\(\/\/\)[^/].*/{ s//\1/; q; } ++ /^X\(\/\/\)$/{ s//\1/; q; } ++ /^X\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'` ++ { if $as_mkdir_p; then ++ mkdir -p "$ac_dir" ++ else ++ as_dir="$ac_dir" ++ as_dirs= ++ while test ! -d "$as_dir"; do ++ as_dirs="$as_dir $as_dirs" ++ as_dir=`(dirname "$as_dir") 2>/dev/null || ++$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X"$as_dir" : 'X\(//\)[^/]' \| \ ++ X"$as_dir" : 'X\(//\)$' \| \ ++ X"$as_dir" : 'X\(/\)' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X"$as_dir" | ++ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } ++ /^X\(\/\/\)[^/].*/{ s//\1/; q; } ++ /^X\(\/\/\)$/{ s//\1/; q; } ++ /^X\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'` ++ done ++ test ! -n "$as_dirs" || mkdir $as_dirs ++ fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 ++echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} ++ { (exit 1); exit 1; }; }; } ++ ++ ac_builddir=. ++ ++if test "$ac_dir" != .; then ++ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` ++ # A "../" for each directory in $ac_dir_suffix. ++ ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` ++else ++ ac_dir_suffix= ac_top_builddir= ++fi ++ ++case $srcdir in ++ .) # No --srcdir option. We are building in place. ++ ac_srcdir=. ++ if test -z "$ac_top_builddir"; then ++ ac_top_srcdir=. ++ else ++ ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` ++ fi ;; ++ [\\/]* | ?:[\\/]* ) # Absolute path. ++ ac_srcdir=$srcdir$ac_dir_suffix; ++ ac_top_srcdir=$srcdir ;; ++ *) # Relative path. ++ ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix ++ ac_top_srcdir=$ac_top_builddir$srcdir ;; ++esac ++ ++# Do not use `cd foo && pwd` to compute absolute paths, because ++# the directories may not exist. ++case `pwd` in ++.) ac_abs_builddir="$ac_dir";; ++*) ++ case "$ac_dir" in ++ .) ac_abs_builddir=`pwd`;; ++ [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; ++ *) ac_abs_builddir=`pwd`/"$ac_dir";; ++ esac;; ++esac ++case $ac_abs_builddir in ++.) ac_abs_top_builddir=${ac_top_builddir}.;; ++*) ++ case ${ac_top_builddir}. in ++ .) ac_abs_top_builddir=$ac_abs_builddir;; ++ [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; ++ *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; ++ esac;; ++esac ++case $ac_abs_builddir in ++.) ac_abs_srcdir=$ac_srcdir;; ++*) ++ case $ac_srcdir in ++ .) ac_abs_srcdir=$ac_abs_builddir;; ++ [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; ++ *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; ++ esac;; ++esac ++case $ac_abs_builddir in ++.) ac_abs_top_srcdir=$ac_top_srcdir;; ++*) ++ case $ac_top_srcdir in ++ .) ac_abs_top_srcdir=$ac_abs_builddir;; ++ [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; ++ *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; ++ esac;; ++esac ++ ++ ++ { echo "$as_me:$LINENO: executing $ac_dest commands" >&5 ++echo "$as_me: executing $ac_dest commands" >&6;} ++ case $ac_dest in ++ depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do ++ # Strip MF so we end up with the name of the file. ++ mf=`echo "$mf" | sed -e 's/:.*$//'` ++ # Check whether this is an Automake generated Makefile or not. ++ # We used to match only the files named `Makefile.in', but ++ # some people rename them; so instead we look at the file content. ++ # Grep'ing the first line is not enough: some people post-process ++ # each Makefile.in and add a new line on top of each file to say so. ++ # So let's grep whole file. ++ if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then ++ dirpart=`(dirname "$mf") 2>/dev/null || ++$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X"$mf" : 'X\(//\)[^/]' \| \ ++ X"$mf" : 'X\(//\)$' \| \ ++ X"$mf" : 'X\(/\)' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X"$mf" | ++ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } ++ /^X\(\/\/\)[^/].*/{ s//\1/; q; } ++ /^X\(\/\/\)$/{ s//\1/; q; } ++ /^X\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'` ++ else ++ continue ++ fi ++ grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue ++ # Extract the definition of DEP_FILES from the Makefile without ++ # running `make'. ++ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` ++ test -z "$DEPDIR" && continue ++ # When using ansi2knr, U may be empty or an underscore; expand it ++ U=`sed -n 's/^U = //p' < "$mf"` ++ test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR" ++ # We invoke sed twice because it is the simplest approach to ++ # changing $(DEPDIR) to its actual value in the expansion. ++ for file in `sed -n ' ++ /^DEP_FILES = .*\\\\$/ { ++ s/^DEP_FILES = // ++ :loop ++ s/\\\\$// ++ p ++ n ++ /\\\\$/ b loop ++ p ++ } ++ /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \ ++ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do ++ # Make sure the directory exists. ++ test -f "$dirpart/$file" && continue ++ fdir=`(dirname "$file") 2>/dev/null || ++$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X"$file" : 'X\(//\)[^/]' \| \ ++ X"$file" : 'X\(//\)$' \| \ ++ X"$file" : 'X\(/\)' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X"$file" | ++ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } ++ /^X\(\/\/\)[^/].*/{ s//\1/; q; } ++ /^X\(\/\/\)$/{ s//\1/; q; } ++ /^X\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'` ++ { if $as_mkdir_p; then ++ mkdir -p $dirpart/$fdir ++ else ++ as_dir=$dirpart/$fdir ++ as_dirs= ++ while test ! -d "$as_dir"; do ++ as_dirs="$as_dir $as_dirs" ++ as_dir=`(dirname "$as_dir") 2>/dev/null || ++$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ ++ X"$as_dir" : 'X\(//\)[^/]' \| \ ++ X"$as_dir" : 'X\(//\)$' \| \ ++ X"$as_dir" : 'X\(/\)' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X"$as_dir" | ++ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } ++ /^X\(\/\/\)[^/].*/{ s//\1/; q; } ++ /^X\(\/\/\)$/{ s//\1/; q; } ++ /^X\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'` ++ done ++ test ! -n "$as_dirs" || mkdir $as_dirs ++ fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5 ++echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;} ++ { (exit 1); exit 1; }; }; } ++ ++ # echo "creating $dirpart/$file" ++ echo '# dummy' > "$dirpart/$file" ++ done ++done + ;; -+ esac -+ -+ # Create $as_me.lineno as a copy of $as_myself, but with $LINENO -+ # uniformly replaced by the line number. The first 'sed' inserts a -+ # line-number line before each line; the second 'sed' does the real -+ # work. The second script uses 'N' to pair each line-number line -+ # with the numbered line, and appends trailing '-' during -+ # substitution so that $LINENO is not a special case at line end. -+ # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the -+ # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) -+ sed '=' <$as_myself | -+ sed ' -+ N -+ s,$,-, -+ : loop -+ s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, -+ t loop -+ s,-$,, -+ s,^['$as_cr_digits']*\n,, -+ ' >$as_me.lineno && -+ chmod +x $as_me.lineno || -+ { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 -+ echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} -+ { (exit 1); exit 1; }; } -+ -+ # Don't try to exec as it changes $[0], causing all sort of problems -+ # (the dirname of $[0] is not the place where we might find the -+ # original and so on. Autoconf is especially sensible to this). -+ . ./$as_me.lineno -+ # Exit status is that of the last command. -+ exit -+ } -+ -+ -+ case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in -+ *c*,-n*) ECHO_N= ECHO_C=' -+ ' ECHO_T=' ' ;; -+ *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; -+ *) ECHO_N= ECHO_C='\c' ECHO_T= ;; -+ esac -+ -+ if expr a : '\(a\)' >/dev/null 2>&1; then -+ as_expr=expr -+ else -+ as_expr=false -+ fi -+ -+ rm -f conf$$ conf$$.exe conf$$.file -+ echo >conf$$.file -+ if ln -s conf$$.file conf$$ 2>/dev/null; then -+ # We could just check for DJGPP; but this test a) works b) is more generic -+ # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). -+ if test -f conf$$.exe; then -+ # Don't use ln at all; we don't have any links -+ as_ln_s='cp -p' -+ else -+ as_ln_s='ln -s' -+ fi -+ elif ln conf$$.file conf$$ 2>/dev/null; then -+ as_ln_s=ln -+ else -+ as_ln_s='cp -p' -+ fi -+ rm -f conf$$ conf$$.exe conf$$.file -+ -+ if mkdir -p . 2>/dev/null; then -+ as_mkdir_p=: -+ else -+ test -d ./-p && rmdir ./-p -+ as_mkdir_p=false -+ fi -+ -+ as_executable_p="test -f" -+ -+ # Sed expression to map a string onto a valid CPP name. -+ as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" -+ -+ # Sed expression to map a string onto a valid variable name. -+ as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" -+ -+ -+ # IFS -+ # We need space, tab and new line, in precisely that order. -+ as_nl=' -+ ' -+ IFS=" $as_nl" -+ -+ # CDPATH. -+ $as_unset CDPATH -+ -+ exec 6>&1 -+ -+ # Open the log real soon, to keep \$[0] and so on meaningful, and to -+ # report actual input values of CONFIG_FILES etc. instead of their -+ # values after options handling. Logging --version etc. is OK. -+ exec 5>>config.log -+ { -+ echo -+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX -+ ## Running $as_me. ## -+ _ASBOX -+ } >&5 -+ cat >&5 <<_CSEOF -+ -+ This file was extended by $as_me, which was -+ generated by GNU Autoconf 2.59. Invocation command line was -+ -+ CONFIG_FILES = $CONFIG_FILES -+ CONFIG_HEADERS = $CONFIG_HEADERS -+ CONFIG_LINKS = $CONFIG_LINKS -+ CONFIG_COMMANDS = $CONFIG_COMMANDS -+ $ $0 $@ -+ -+ _CSEOF -+ echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 -+ echo >&5 -+ _ACEOF -+ -+ # Files that config.status was made for. -+ if test -n "$ac_config_files"; then -+ echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS -+ fi -+ -+ if test -n "$ac_config_headers"; then -+ echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS -+ fi -+ -+ if test -n "$ac_config_links"; then -+ echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS -+ fi -+ -+ if test -n "$ac_config_commands"; then -+ echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS -+ fi -+ -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ -+ ac_cs_usage="\ -+ \`$as_me' instantiates files from templates according to the -+ current configuration. -+ -+ Usage: $0 [OPTIONS] [FILE]... -+ -+ -h, --help print this help, then exit -+ -V, --version print version number, then exit -+ -q, --quiet do not print progress messages -+ -d, --debug don't remove temporary files -+ --recheck update $as_me by reconfiguring in the same conditions -+ --file=FILE[:TEMPLATE] -+ instantiate the configuration file FILE -+ --header=FILE[:TEMPLATE] -+ instantiate the configuration header FILE -+ -+ Configuration files: -+ $config_files -+ -+ Configuration headers: -+ $config_headers -+ -+ Configuration commands: -+ $config_commands -+ -+ Report bugs to <bug-autoconf@gnu.org>." -+ _ACEOF -+ -+ cat >>$CONFIG_STATUS <<_ACEOF -+ ac_cs_version="\\ -+ config.status -+ configured by $0, generated by GNU Autoconf 2.59, -+ with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" -+ -+ Copyright (C) 2003 Free Software Foundation, Inc. -+ This config.status script is free software; the Free Software Foundation -+ gives unlimited permission to copy, distribute and modify it." -+ srcdir=$srcdir -+ INSTALL="$INSTALL" -+ _ACEOF -+ -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ # If no file are specified by the user, then we need to provide default -+ # value. By we need to know if files were specified by the user. -+ ac_need_defaults=: -+ while test $# != 0 -+ do -+ case $1 in -+ --*=*) -+ ac_option=`expr "x$1" : 'x\([^=]*\)='` -+ ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` -+ ac_shift=: -+ ;; -+ -*) ++ esac ++done ++_ACEOF ++ ++cat >>$CONFIG_STATUS <<\_ACEOF ++ ++{ (exit 0); exit 0; } ++_ACEOF ++chmod +x $CONFIG_STATUS ++ac_clean_files=$ac_clean_files_save ++ ++ ++# configure is writing to config.log, and then calls config.status. ++# config.status does its own redirection, appending to config.log. ++# Unfortunately, on DOS this fails, as config.log is still kept open ++# by configure, so config.status won't be able to write to it; its ++# output is simply discarded. So we exec the FD to /dev/null, ++# effectively closing config.log, so it can be properly (re)opened and ++# appended to by config.status. When coming back to configure, we ++# need to make the FD available again. ++if test "$no_create" != yes; then ++ ac_cs_success=: ++ ac_config_status_args= ++ test "$silent" = yes && ++ ac_config_status_args="$ac_config_status_args --quiet" ++ exec 5>/dev/null ++ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false ++ exec 5>>config.log ++ # Use ||, not &&, to avoid exiting from the if with $? = 1, which ++ # would make configure fail if this is the last instruction. ++ $ac_cs_success || { (exit 1); exit 1; } ++fi ++ ++fi ++ ++if test "z$MSCRYPTO_FOUND" = "zyes" ; then ++ ac_config_files="$ac_config_files include/xmlsec/mscrypto/Makefile src/mscrypto/Makefile" ++cat >confcache <<\_ACEOF ++# This file is a shell script that caches the results of configure ++# tests run on this system so they can be shared between configure ++# scripts and configure runs, see configure's option --config-cache. ++# It is not useful on other systems. If it contains results you don't ++# want to keep, you may remove or edit it. ++# ++# config.status only pays attention to the cache file if you give it ++# the --recheck option to rerun configure. ++# ++# `ac_cv_env_foo' variables (set or unset) will be overridden when ++# loading this file, other *unset* `ac_cv_foo' will be assigned the ++# following values. ++ ++_ACEOF ++ ++# The following way of writing the cache mishandles newlines in values, ++# but we know of no workaround that is simple, portable, and efficient. ++# So, don't put newlines in cache variables' values. ++# Ultrix sh set writes to stderr and can't be redirected directly, ++# and sets the high bit in the cache file unless we assign to the vars. ++{ ++ (set) 2>&1 | ++ case `(ac_space=' '; set | grep ac_space) 2>&1` in ++ *ac_space=\ *) ++ # `set' does not quote correctly, so add quotes (double-quote ++ # substitution turns \\\\ into \\, and sed turns \\ into \). ++ sed -n \ ++ "s/'/'\\\\''/g; ++ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ++ ;; ++ *) ++ # `set' quotes correctly as required by POSIX, so do not add quotes. ++ sed -n \ ++ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" ++ ;; ++ esac; ++} | ++ sed ' ++ t clear ++ : clear ++ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ ++ t end ++ /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ ++ : end' >>confcache ++if diff $cache_file confcache >/dev/null 2>&1; then :; else ++ if test -w $cache_file; then ++ test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" ++ cat confcache >$cache_file ++ else ++ echo "not updating unwritable cache $cache_file" ++ fi ++fi ++rm -f confcache ++ ++test "x$prefix" = xNONE && prefix=$ac_default_prefix ++# Let make expand exec_prefix. ++test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' ++ ++# VPATH may cause trouble with some makes, so we remove $(srcdir), ++# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and ++# trailing colons and then remove the whole line if VPATH becomes empty ++# (actually we leave an empty line to preserve line numbers). ++if test "x$srcdir" = x.; then ++ ac_vpsub='/^[ ]*VPATH[ ]*=/{ ++s/:*\$(srcdir):*/:/; ++s/:*\${srcdir}:*/:/; ++s/:*@srcdir@:*/:/; ++s/^\([^=]*=[ ]*\):*/\1/; ++s/:*$//; ++s/^[^=]*=[ ]*$//; ++}' ++fi ++ ++DEFS=-DHAVE_CONFIG_H ++ ++ac_libobjs= ++ac_ltlibobjs= ++for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue ++ # 1. Remove the extension, and $U if already installed. ++ ac_i=`echo "$ac_i" | ++ sed 's/\$U\././;s/\.o$//;s/\.obj$//'` ++ # 2. Add them. ++ ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" ++ ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' ++done ++LIBOBJS=$ac_libobjs ++ ++LTLIBOBJS=$ac_ltlibobjs ++ ++ ++if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"AMDEP\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${INSTALL_LTDL_TRUE}" && test -z "${INSTALL_LTDL_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"INSTALL_LTDL\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"INSTALL_LTDL\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${CONVENIENCE_LTDL_TRUE}" && test -z "${CONVENIENCE_LTDL_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"CONVENIENCE_LTDL\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"CONVENIENCE_LTDL\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_OPENSSL_TRUE}" && test -z "${XMLSEC_NO_OPENSSL_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_GNUTLS_TRUE}" && test -z "${XMLSEC_NO_GNUTLS_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_NSS_TRUE}" && test -z "${XMLSEC_NO_NSS_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_NSS\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_NSS\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_SHA1_TRUE}" && test -z "${XMLSEC_NO_SHA1_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_SHA1\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_SHA1\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_RIPEMD160_TRUE}" && test -z "${XMLSEC_NO_RIPEMD160_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_HMAC_TRUE}" && test -z "${XMLSEC_NO_HMAC_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_HMAC\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_HMAC\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_DSA_TRUE}" && test -z "${XMLSEC_NO_DSA_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DSA\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_DSA\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_RSA_TRUE}" && test -z "${XMLSEC_NO_RSA_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RSA\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_RSA\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_X509_TRUE}" && test -z "${XMLSEC_NO_X509_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_X509\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_X509\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_DES_TRUE}" && test -z "${XMLSEC_NO_DES_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DES\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_DES\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_AES_TRUE}" && test -z "${XMLSEC_NO_AES_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_AES\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_AES\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_XMLDSIG_TRUE}" && test -z "${XMLSEC_NO_XMLDSIG_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_XMLENC_TRUE}" && test -z "${XMLSEC_NO_XMLENC_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLENC\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_XMLENC\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_XKMS_TRUE}" && test -z "${XMLSEC_NO_XKMS_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XKMS\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_XKMS\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++if test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE}"; then ++ { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined. ++Usually this means the macro was only invoked conditionally." >&5 ++echo "$as_me: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined. ++Usually this means the macro was only invoked conditionally." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++ ++: ${CONFIG_STATUS=./config.status} ++ac_clean_files_save=$ac_clean_files ++ac_clean_files="$ac_clean_files $CONFIG_STATUS" ++{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 ++echo "$as_me: creating $CONFIG_STATUS" >&6;} ++cat >$CONFIG_STATUS <<_ACEOF ++#! $SHELL ++# Generated by $as_me. ++# Run this file to recreate the current configuration. ++# Compiler output produced by configure, useful for debugging ++# configure, is in config.log if it exists. ++ ++debug=false ++ac_cs_recheck=false ++ac_cs_silent=false ++SHELL=\${CONFIG_SHELL-$SHELL} ++_ACEOF ++ ++cat >>$CONFIG_STATUS <<\_ACEOF ++## --------------------- ## ++## M4sh Initialization. ## ++## --------------------- ## ++ ++# Be Bourne compatible ++if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then ++ emulate sh ++ NULLCMD=: ++ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which ++ # is contrary to our usage. Disable this feature. ++ alias -g '${1+"$@"}'='"$@"' ++elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then ++ set -o posix ++fi ++DUALCASE=1; export DUALCASE # for MKS sh ++ ++# Support unset when possible. ++if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then ++ as_unset=unset ++else ++ as_unset=false ++fi ++ ++ ++# Work around bugs in pre-3.0 UWIN ksh. ++$as_unset ENV MAIL MAILPATH ++PS1='$ ' ++PS2='> ' ++PS4='+ ' ++ ++# NLS nuisances. ++for as_var in \ ++ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ ++ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ ++ LC_TELEPHONE LC_TIME ++do ++ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then ++ eval $as_var=C; export $as_var ++ else ++ $as_unset $as_var ++ fi ++done ++ ++# Required to use basename. ++if expr a : '\(a\)' >/dev/null 2>&1; then ++ as_expr=expr ++else ++ as_expr=false ++fi ++ ++if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then ++ as_basename=basename ++else ++ as_basename=false ++fi ++ ++ ++# Name of the executable. ++as_me=`$as_basename "$0" || ++$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ ++ X"$0" : 'X\(//\)$' \| \ ++ X"$0" : 'X\(/\)$' \| \ ++ . : '\(.\)' 2>/dev/null || ++echo X/"$0" | ++ sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } ++ /^X\/\(\/\/\)$/{ s//\1/; q; } ++ /^X\/\(\/\).*/{ s//\1/; q; } ++ s/.*/./; q'` ++ ++ ++# PATH needs CR, and LINENO needs CR and PATH. ++# Avoid depending upon Character Ranges. ++as_cr_letters='abcdefghijklmnopqrstuvwxyz' ++as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' ++as_cr_Letters=$as_cr_letters$as_cr_LETTERS ++as_cr_digits='0123456789' ++as_cr_alnum=$as_cr_Letters$as_cr_digits ++ ++# The user is always right. ++if test "${PATH_SEPARATOR+set}" != set; then ++ echo "#! /bin/sh" >conf$$.sh ++ echo "exit 0" >>conf$$.sh ++ chmod +x conf$$.sh ++ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then ++ PATH_SEPARATOR=';' ++ else ++ PATH_SEPARATOR=: ++ fi ++ rm -f conf$$.sh ++fi ++ ++ ++ as_lineno_1=$LINENO ++ as_lineno_2=$LINENO ++ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` ++ test "x$as_lineno_1" != "x$as_lineno_2" && ++ test "x$as_lineno_3" = "x$as_lineno_2" || { ++ # Find who we are. Look in the path if we contain no path at all ++ # relative or not. ++ case $0 in ++ *[\\/]* ) as_myself=$0 ;; ++ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR ++for as_dir in $PATH ++do ++ IFS=$as_save_IFS ++ test -z "$as_dir" && as_dir=. ++ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break ++done ++ ++ ;; ++ esac ++ # We did not find ourselves, most probably we were run as `sh COMMAND' ++ # in which case we are not to be found in the path. ++ if test "x$as_myself" = x; then ++ as_myself=$0 ++ fi ++ if test ! -f "$as_myself"; then ++ { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 ++echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} ++ { (exit 1); exit 1; }; } ++ fi ++ case $CONFIG_SHELL in ++ '') ++ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR ++for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH ++do ++ IFS=$as_save_IFS ++ test -z "$as_dir" && as_dir=. ++ for as_base in sh bash ksh sh5; do ++ case $as_dir in ++ /*) ++ if ("$as_dir/$as_base" -c ' ++ as_lineno_1=$LINENO ++ as_lineno_2=$LINENO ++ as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` ++ test "x$as_lineno_1" != "x$as_lineno_2" && ++ test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then ++ $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } ++ $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } ++ CONFIG_SHELL=$as_dir/$as_base ++ export CONFIG_SHELL ++ exec "$CONFIG_SHELL" "$0" ${1+"$@"} ++ fi;; ++ esac ++ done ++done ++;; ++ esac ++ ++ # Create $as_me.lineno as a copy of $as_myself, but with $LINENO ++ # uniformly replaced by the line number. The first 'sed' inserts a ++ # line-number line before each line; the second 'sed' does the real ++ # work. The second script uses 'N' to pair each line-number line ++ # with the numbered line, and appends trailing '-' during ++ # substitution so that $LINENO is not a special case at line end. ++ # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the ++ # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) ++ sed '=' <$as_myself | ++ sed ' ++ N ++ s,$,-, ++ : loop ++ s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, ++ t loop ++ s,-$,, ++ s,^['$as_cr_digits']*\n,, ++ ' >$as_me.lineno && ++ chmod +x $as_me.lineno || ++ { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 ++echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} ++ { (exit 1); exit 1; }; } ++ ++ # Don't try to exec as it changes $[0], causing all sort of problems ++ # (the dirname of $[0] is not the place where we might find the ++ # original and so on. Autoconf is especially sensible to this). ++ . ./$as_me.lineno ++ # Exit status is that of the last command. ++ exit ++} ++ ++ ++case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in ++ *c*,-n*) ECHO_N= ECHO_C=' ++' ECHO_T=' ' ;; ++ *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; ++ *) ECHO_N= ECHO_C='\c' ECHO_T= ;; ++esac ++ ++if expr a : '\(a\)' >/dev/null 2>&1; then ++ as_expr=expr ++else ++ as_expr=false ++fi ++ ++rm -f conf$$ conf$$.exe conf$$.file ++echo >conf$$.file ++if ln -s conf$$.file conf$$ 2>/dev/null; then ++ # We could just check for DJGPP; but this test a) works b) is more generic ++ # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). ++ if test -f conf$$.exe; then ++ # Don't use ln at all; we don't have any links ++ as_ln_s='cp -p' ++ else ++ as_ln_s='ln -s' ++ fi ++elif ln conf$$.file conf$$ 2>/dev/null; then ++ as_ln_s=ln ++else ++ as_ln_s='cp -p' ++fi ++rm -f conf$$ conf$$.exe conf$$.file ++ ++if mkdir -p . 2>/dev/null; then ++ as_mkdir_p=: ++else ++ test -d ./-p && rmdir ./-p ++ as_mkdir_p=false ++fi ++ ++as_executable_p="test -f" ++ ++# Sed expression to map a string onto a valid CPP name. ++as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" ++ ++# Sed expression to map a string onto a valid variable name. ++as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" ++ ++ ++# IFS ++# We need space, tab and new line, in precisely that order. ++as_nl=' ++' ++IFS=" $as_nl" ++ ++# CDPATH. ++$as_unset CDPATH ++ ++exec 6>&1 ++ ++# Open the log real soon, to keep \$[0] and so on meaningful, and to ++# report actual input values of CONFIG_FILES etc. instead of their ++# values after options handling. Logging --version etc. is OK. ++exec 5>>config.log ++{ ++ echo ++ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ++## Running $as_me. ## ++_ASBOX ++} >&5 ++cat >&5 <<_CSEOF ++ ++This file was extended by $as_me, which was ++generated by GNU Autoconf 2.59. Invocation command line was ++ ++ CONFIG_FILES = $CONFIG_FILES ++ CONFIG_HEADERS = $CONFIG_HEADERS ++ CONFIG_LINKS = $CONFIG_LINKS ++ CONFIG_COMMANDS = $CONFIG_COMMANDS ++ $ $0 $@ ++ ++_CSEOF ++echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 ++echo >&5 ++_ACEOF ++ ++# Files that config.status was made for. ++if test -n "$ac_config_files"; then ++ echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS ++fi ++ ++if test -n "$ac_config_headers"; then ++ echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS ++fi ++ ++if test -n "$ac_config_links"; then ++ echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS ++fi ++ ++if test -n "$ac_config_commands"; then ++ echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS ++fi ++ ++cat >>$CONFIG_STATUS <<\_ACEOF ++ ++ac_cs_usage="\ ++\`$as_me' instantiates files from templates according to the ++current configuration. ++ ++Usage: $0 [OPTIONS] [FILE]... ++ ++ -h, --help print this help, then exit ++ -V, --version print version number, then exit ++ -q, --quiet do not print progress messages ++ -d, --debug don't remove temporary files ++ --recheck update $as_me by reconfiguring in the same conditions ++ --file=FILE[:TEMPLATE] ++ instantiate the configuration file FILE ++ --header=FILE[:TEMPLATE] ++ instantiate the configuration header FILE ++ ++Configuration files: ++$config_files ++ ++Configuration headers: ++$config_headers ++ ++Configuration commands: ++$config_commands ++ ++Report bugs to <bug-autoconf@gnu.org>." ++_ACEOF ++ ++cat >>$CONFIG_STATUS <<_ACEOF ++ac_cs_version="\\ ++config.status ++configured by $0, generated by GNU Autoconf 2.59, ++ with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" ++ ++Copyright (C) 2003 Free Software Foundation, Inc. ++This config.status script is free software; the Free Software Foundation ++gives unlimited permission to copy, distribute and modify it." ++srcdir=$srcdir ++INSTALL="$INSTALL" ++_ACEOF ++ ++cat >>$CONFIG_STATUS <<\_ACEOF ++# If no file are specified by the user, then we need to provide default ++# value. By we need to know if files were specified by the user. ++ac_need_defaults=: ++while test $# != 0 ++do ++ case $1 in ++ --*=*) ++ ac_option=`expr "x$1" : 'x\([^=]*\)='` ++ ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` ++ ac_shift=: ++ ;; ++ -*) ++ ac_option=$1 ++ ac_optarg=$2 ++ ac_shift=shift ++ ;; ++ *) # This is not an option, so the user has probably given explicit ++ # arguments. + ac_option=$1 -+ ac_optarg=$2 -+ ac_shift=shift -+ ;; -+ *) # This is not an option, so the user has probably given explicit -+ # arguments. -+ ac_option=$1 -+ ac_need_defaults=false;; -+ esac -+ -+ case $ac_option in -+ # Handling of the options. -+ _ACEOF -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) -+ ac_cs_recheck=: ;; -+ --version | --vers* | -V ) -+ echo "$ac_cs_version"; exit 0 ;; -+ --he | --h) -+ # Conflict between --help and --header -+ { { echo "$as_me:$LINENO: error: ambiguous option: $1 -+ Try \`$0 --help' for more information." >&5 -+ echo "$as_me: error: ambiguous option: $1 -+ Try \`$0 --help' for more information." >&2;} -+ { (exit 1); exit 1; }; };; -+ --help | --hel | -h ) -+ echo "$ac_cs_usage"; exit 0 ;; -+ --debug | --d* | -d ) -+ debug=: ;; -+ --file | --fil | --fi | --f ) -+ $ac_shift -+ CONFIG_FILES="$CONFIG_FILES $ac_optarg" -+ ac_need_defaults=false;; -+ --header | --heade | --head | --hea ) -+ $ac_shift -+ CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" + ac_need_defaults=false;; -+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \ -+ | -silent | --silent | --silen | --sile | --sil | --si | --s) -+ ac_cs_silent=: ;; -+ -+ # This is an error. -+ -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 -+ Try \`$0 --help' for more information." >&5 -+ echo "$as_me: error: unrecognized option: $1 -+ Try \`$0 --help' for more information." >&2;} -+ { (exit 1); exit 1; }; } ;; -+ -+ *) ac_config_targets="$ac_config_targets $1" ;; -+ -+ esac -+ shift -+ done -+ -+ ac_configure_extra_args= -+ -+ if $ac_cs_silent; then -+ exec 6>/dev/null -+ ac_configure_extra_args="$ac_configure_extra_args --silent" -+ fi -+ -+ _ACEOF -+ cat >>$CONFIG_STATUS <<_ACEOF -+ if \$ac_cs_recheck; then -+ echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 -+ exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion -+ fi -+ -+ _ACEOF -+ -+ cat >>$CONFIG_STATUS <<_ACEOF -+ # -+ # INIT-COMMANDS section. -+ # -+ -+ AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" -+ -+ _ACEOF -+ -+ -+ -+ cat >>$CONFIG_STATUS <<\_ACEOF -+ for ac_config_target in $ac_config_targets -+ do -+ case "$ac_config_target" in -+ # Handling of arguments. -+ "include/xmlsec/version.h" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/version.h" ;; -+ "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; -+ "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; -+ "include/xmlsec/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/Makefile" ;; -+ "include/xmlsec/private/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/private/Makefile" ;; -+ "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; -+ "apps/Makefile" ) CONFIG_FILES="$CONFIG_FILES apps/Makefile" ;; -+ "docs/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;; -+ "docs/api/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/api/Makefile" ;; -+ "man/Makefile" ) CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; -+ "xmlsec1Conf.sh" ) CONFIG_FILES="$CONFIG_FILES xmlsec1Conf.sh:xmlsecConf.sh.in" ;; -+ "xmlsec1-config" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-config:xmlsec-config.in" ;; -+ "xmlsec1-openssl.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-openssl.pc:xmlsec-openssl.pc.in" ;; -+ "xmlsec1-gnutls.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in" ;; -+ "xmlsec1-nss.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-nss.pc:xmlsec-nss.pc.in" ;; -+ "xmlsec1.spec" ) CONFIG_FILES="$CONFIG_FILES xmlsec1.spec:xmlsec.spec.in" ;; -+ "include/xmlsec/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/openssl/Makefile" ;; -+ "src/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/openssl/Makefile" ;; -+ "include/xmlsec/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/gnutls/Makefile" ;; -+ "src/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/gnutls/Makefile" ;; -+ "include/xmlsec/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/nss/Makefile" ;; -+ "src/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/nss/Makefile" ;; -+ "include/xmlsec/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/mscrypto/Makefile" ;; -+ "src/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/mscrypto/Makefile" ;; -+ "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; -+ "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; -+ *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 -+ echo "$as_me: error: invalid argument: $ac_config_target" >&2;} -+ { (exit 1); exit 1; }; };; -+ esac -+ done -+ -+ # If the user did not use the arguments to specify the items to instantiate, -+ # then the envvar interface is used. Set only those that are not. -+ # We use the long form for the default assignment because of an extremely -+ # bizarre bug on SunOS 4.1.3. -+ if $ac_need_defaults; then -+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files -+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers -+ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands -+ fi -+ -+ # Have a temporary directory for convenience. Make it in the build tree -+ # simply because there is no reason to put it here, and in addition, -+ # creating and moving files from /tmp can sometimes cause problems. -+ # Create a temporary directory, and hook for its removal unless debugging. -+ $debug || -+ { -+ trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 -+ trap '{ (exit 1); exit 1; }' 1 2 13 15 -+ } -+ -+ # Create a (secure) tmp directory for tmp files. -+ -+ { -+ tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && -+ test -n "$tmp" && test -d "$tmp" -+ } || -+ { -+ tmp=./confstat$$-$RANDOM -+ (umask 077 && mkdir $tmp) -+ } || -+ { -+ echo "$me: cannot create a temporary directory in ." >&2 -+ { (exit 1); exit 1; } -+ } -+ -+ _ACEOF -+ -+ cat >>$CONFIG_STATUS <<_ACEOF -+ -+ # -+ # CONFIG_FILES section. -+ # -+ -+ # No need to generate the scripts if there are no CONFIG_FILES. -+ # This happens for instance when ./config.status config.h -+ if test -n "\$CONFIG_FILES"; then -+ # Protect against being on the right side of a sed subst in config.status. -+ sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; -+ s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF -+ s,@SHELL@,$SHELL,;t t -+ s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t -+ s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t -+ s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t -+ s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t -+ s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t -+ s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t -+ s,@exec_prefix@,$exec_prefix,;t t -+ s,@prefix@,$prefix,;t t -+ s,@program_transform_name@,$program_transform_name,;t t -+ s,@bindir@,$bindir,;t t -+ s,@sbindir@,$sbindir,;t t -+ s,@libexecdir@,$libexecdir,;t t -+ s,@datadir@,$datadir,;t t -+ s,@sysconfdir@,$sysconfdir,;t t -+ s,@sharedstatedir@,$sharedstatedir,;t t -+ s,@localstatedir@,$localstatedir,;t t -+ s,@libdir@,$libdir,;t t -+ s,@includedir@,$includedir,;t t -+ s,@oldincludedir@,$oldincludedir,;t t -+ s,@infodir@,$infodir,;t t -+ s,@mandir@,$mandir,;t t -+ s,@build_alias@,$build_alias,;t t -+ s,@host_alias@,$host_alias,;t t -+ s,@target_alias@,$target_alias,;t t -+ s,@DEFS@,$DEFS,;t t -+ s,@ECHO_C@,$ECHO_C,;t t -+ s,@ECHO_N@,$ECHO_N,;t t -+ s,@ECHO_T@,$ECHO_T,;t t -+ s,@LIBS@,$LIBS,;t t -+ s,@build@,$build,;t t -+ s,@build_cpu@,$build_cpu,;t t -+ s,@build_vendor@,$build_vendor,;t t -+ s,@build_os@,$build_os,;t t -+ s,@host@,$host,;t t -+ s,@host_cpu@,$host_cpu,;t t -+ s,@host_vendor@,$host_vendor,;t t -+ s,@host_os@,$host_os,;t t -+ s,@XMLSEC_VERSION@,$XMLSEC_VERSION,;t t -+ s,@XMLSEC_PACKAGE@,$XMLSEC_PACKAGE,;t t -+ s,@XMLSEC_VERSION_SAFE@,$XMLSEC_VERSION_SAFE,;t t -+ s,@XMLSEC_VERSION_MAJOR@,$XMLSEC_VERSION_MAJOR,;t t -+ s,@XMLSEC_VERSION_MINOR@,$XMLSEC_VERSION_MINOR,;t t -+ s,@XMLSEC_VERSION_SUBMINOR@,$XMLSEC_VERSION_SUBMINOR,;t t -+ s,@XMLSEC_VERSION_INFO@,$XMLSEC_VERSION_INFO,;t t -+ s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t -+ s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t -+ s,@INSTALL_DATA@,$INSTALL_DATA,;t t -+ s,@CYGPATH_W@,$CYGPATH_W,;t t -+ s,@PACKAGE@,$PACKAGE,;t t -+ s,@VERSION@,$VERSION,;t t -+ s,@ACLOCAL@,$ACLOCAL,;t t -+ s,@AUTOCONF@,$AUTOCONF,;t t -+ s,@AUTOMAKE@,$AUTOMAKE,;t t -+ s,@AUTOHEADER@,$AUTOHEADER,;t t -+ s,@MAKEINFO@,$MAKEINFO,;t t -+ s,@AMTAR@,$AMTAR,;t t -+ s,@install_sh@,$install_sh,;t t -+ s,@STRIP@,$STRIP,;t t -+ s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t -+ s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t -+ s,@mkdir_p@,$mkdir_p,;t t -+ s,@AWK@,$AWK,;t t -+ s,@SET_MAKE@,$SET_MAKE,;t t -+ s,@am__leading_dot@,$am__leading_dot,;t t -+ s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t -+ s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t -+ s,@MAINT@,$MAINT,;t t -+ s,@CC@,$CC,;t t -+ s,@CFLAGS@,$CFLAGS,;t t -+ s,@LDFLAGS@,$LDFLAGS,;t t -+ s,@CPPFLAGS@,$CPPFLAGS,;t t -+ s,@ac_ct_CC@,$ac_ct_CC,;t t -+ s,@EXEEXT@,$EXEEXT,;t t -+ s,@OBJEXT@,$OBJEXT,;t t -+ s,@DEPDIR@,$DEPDIR,;t t -+ s,@am__include@,$am__include,;t t -+ s,@am__quote@,$am__quote,;t t -+ s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t -+ s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t -+ s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t -+ s,@CCDEPMODE@,$CCDEPMODE,;t t -+ s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t -+ s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t -+ s,@EGREP@,$EGREP,;t t -+ s,@LN_S@,$LN_S,;t t -+ s,@ECHO@,$ECHO,;t t -+ s,@AR@,$AR,;t t -+ s,@ac_ct_AR@,$ac_ct_AR,;t t -+ s,@RANLIB@,$RANLIB,;t t -+ s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t -+ s,@CPP@,$CPP,;t t -+ s,@CXX@,$CXX,;t t -+ s,@CXXFLAGS@,$CXXFLAGS,;t t -+ s,@ac_ct_CXX@,$ac_ct_CXX,;t t -+ s,@CXXDEPMODE@,$CXXDEPMODE,;t t -+ s,@am__fastdepCXX_TRUE@,$am__fastdepCXX_TRUE,;t t -+ s,@am__fastdepCXX_FALSE@,$am__fastdepCXX_FALSE,;t t -+ s,@CXXCPP@,$CXXCPP,;t t -+ s,@F77@,$F77,;t t -+ s,@FFLAGS@,$FFLAGS,;t t -+ s,@ac_ct_F77@,$ac_ct_F77,;t t -+ s,@LIBTOOL@,$LIBTOOL,;t t -+ s,@RM@,$RM,;t t -+ s,@CP@,$CP,;t t -+ s,@MV@,$MV,;t t -+ s,@TAR@,$TAR,;t t -+ s,@HELP2MAN@,$HELP2MAN,;t t -+ s,@MAN2HTML@,$MAN2HTML,;t t -+ s,@U@,$U,;t t -+ s,@ANSI2KNR@,$ANSI2KNR,;t t -+ s,@INSTALL_LTDL_TRUE@,$INSTALL_LTDL_TRUE,;t t -+ s,@INSTALL_LTDL_FALSE@,$INSTALL_LTDL_FALSE,;t t -+ s,@CONVENIENCE_LTDL_TRUE@,$CONVENIENCE_LTDL_TRUE,;t t -+ s,@CONVENIENCE_LTDL_FALSE@,$CONVENIENCE_LTDL_FALSE,;t t -+ s,@LIBADD_DL@,$LIBADD_DL,;t t -+ s,@PKG_CONFIG_ENABLED@,$PKG_CONFIG_ENABLED,;t t -+ s,@PKG_CONFIG@,$PKG_CONFIG,;t t -+ s,@LIBXML_CFLAGS@,$LIBXML_CFLAGS,;t t -+ s,@LIBXML_LIBS@,$LIBXML_LIBS,;t t -+ s,@LIBXML262_CFLAGS@,$LIBXML262_CFLAGS,;t t -+ s,@LIBXML262_LIBS@,$LIBXML262_LIBS,;t t -+ s,@LIBXML_CONFIG@,$LIBXML_CONFIG,;t t -+ s,@LIBXML_MIN_VERSION@,$LIBXML_MIN_VERSION,;t t -+ s,@LIBXSLT_CFLAGS@,$LIBXSLT_CFLAGS,;t t -+ s,@LIBXSLT_LIBS@,$LIBXSLT_LIBS,;t t -+ s,@XMLSEC_NO_LIBXSLT@,$XMLSEC_NO_LIBXSLT,;t t -+ s,@LIBXSLT_CONFIG@,$LIBXSLT_CONFIG,;t t -+ s,@LIBXSLT_MIN_VERSION@,$LIBXSLT_MIN_VERSION,;t t -+ s,@OPENSSL_CFLAGS@,$OPENSSL_CFLAGS,;t t -+ s,@OPENSSL_LIBS@,$OPENSSL_LIBS,;t t -+ s,@OPENSSL097_CFLAGS@,$OPENSSL097_CFLAGS,;t t -+ s,@OPENSSL097_LIBS@,$OPENSSL097_LIBS,;t t -+ s,@XMLSEC_NO_OPENSSL_TRUE@,$XMLSEC_NO_OPENSSL_TRUE,;t t -+ s,@XMLSEC_NO_OPENSSL_FALSE@,$XMLSEC_NO_OPENSSL_FALSE,;t t -+ s,@XMLSEC_NO_OPENSSL@,$XMLSEC_NO_OPENSSL,;t t -+ s,@OPENSSL_CRYPTO_LIB@,$OPENSSL_CRYPTO_LIB,;t t -+ s,@OPENSSL_MIN_VERSION@,$OPENSSL_MIN_VERSION,;t t -+ s,@GNUTLS_CFLAGS@,$GNUTLS_CFLAGS,;t t -+ s,@GNUTLS_LIBS@,$GNUTLS_LIBS,;t t -+ s,@XMLSEC_NO_GNUTLS_TRUE@,$XMLSEC_NO_GNUTLS_TRUE,;t t -+ s,@XMLSEC_NO_GNUTLS_FALSE@,$XMLSEC_NO_GNUTLS_FALSE,;t t -+ s,@XMLSEC_NO_GNUTLS@,$XMLSEC_NO_GNUTLS,;t t -+ s,@GNUTLS_CRYPTO_LIB@,$GNUTLS_CRYPTO_LIB,;t t -+ s,@GNUTLS_MIN_VERSION@,$GNUTLS_MIN_VERSION,;t t -+ s,@NSS_CFLAGS@,$NSS_CFLAGS,;t t -+ s,@NSS_LIBS@,$NSS_LIBS,;t t -+ s,@XMLSEC_NO_NSS_TRUE@,$XMLSEC_NO_NSS_TRUE,;t t -+ s,@XMLSEC_NO_NSS_FALSE@,$XMLSEC_NO_NSS_FALSE,;t t -+ s,@XMLSEC_NO_NSS@,$XMLSEC_NO_NSS,;t t -+ s,@NSS_CRYPTO_LIB@,$NSS_CRYPTO_LIB,;t t -+ s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t -+ s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t -+ s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+ s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+ s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t - s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t - s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t - s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -*************** -*** 34368,34373 **** ---- 36260,36267 ---- - s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t - s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t - s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t -+ s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t -+ s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t - s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t - s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t - s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t -*** misc/xmlsec1-1.2.6/configure.in Thu Aug 26 04:49:24 2004 ---- misc/build/xmlsec1-1.2.6/configure.in Fri May 11 14:47:19 2007 -*************** -*** 143,149 **** - dnl find libxml - dnl ========================================================================== - LIBXML_MIN_VERSION="2.4.2" -! LIBXML_CONFIG="xml2-config" - LIBXML_CFLAGS="" - LIBXML_LIBS="" - LIBXML_FOUND="no" ---- 143,149 ---- - dnl find libxml - dnl ========================================================================== - LIBXML_MIN_VERSION="2.4.2" -! LIBXML_CONFIG="./libxml2-config" - LIBXML_CFLAGS="" - LIBXML_LIBS="" - LIBXML_FOUND="no" -*************** -*** 503,514 **** - - XMLSEC_NO_NSS="1" - MOZILLA_MIN_VERSION="1.4" - NSS_MIN_VERSION="3.2" - NSPR_MIN_VERSION="4.0" - NSS_CFLAGS="" - NSS_LIBS="" -! NSS_LIBS_LIST="-lnss3 -lsmime3" -! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" - NSS_CRYPTO_LIB="$PACKAGE-nss" - NSS_FOUND="no" - ---- 503,528 ---- - - XMLSEC_NO_NSS="1" - MOZILLA_MIN_VERSION="1.4" -+ if test "z$MOZ_FLAVOUR" = "zfirefox" ; then -+ MOZILLA_MIN_VERSION="1.0" -+ fi - NSS_MIN_VERSION="3.2" - NSPR_MIN_VERSION="4.0" - NSS_CFLAGS="" - NSS_LIBS="" -! -! case $host_os in -! cygwin* | mingw* | pw32*) -! NSS_LIBS_LIST="-lnss3 -lsmime3" -! NSPR_LIBS_LIST="-lnspr4" -! ;; -! -! *) -! NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" -! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" -! ;; -! esac -! - NSS_CRYPTO_LIB="$PACKAGE-nss" - NSS_FOUND="no" - -*************** -*** 521,529 **** - AC_MSG_RESULT(no) - NSS_FOUND="without" - elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then -! PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION, - [NSS_FOUND=yes], - [NSS_FOUND=no]) - fi - - if test "z$NSS_FOUND" = "zno" ; then ---- 535,550 ---- - AC_MSG_RESULT(no) - NSS_FOUND="without" - elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then -! PKG_CHECK_MODULES(NSS, $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION, - [NSS_FOUND=yes], - [NSS_FOUND=no]) -+ AC_MSG_RESULT($NSS_FOUND) -+ if test "z$NSS_FOUND" = "zno" ; then -+ PKG_CHECK_MODULES(NSS, nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION, -+ [NSS_FOUND=yes], -+ [NSS_FOUND=no]) -+ AC_MSG_RESULT($NSS_FOUND) -+ fi - fi - - if test "z$NSS_FOUND" = "zno" ; then -*************** -*** 534,541 **** - ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION - fi - -! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" -! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" - - AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) - NSPR_INCLUDES_FOUND="no" ---- 555,562 ---- - ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION - fi - -! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" -! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" - - AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) - NSPR_INCLUDES_FOUND="no" -*************** -*** 570,576 **** - done - - for dir in $ac_nss_lib_dir ; do -! if test -f $dir/libnspr4.so ; then - dnl do not add -L/usr/lib because compiler does it anyway - if test "z$dir" = "z/usr/lib" ; then - NSPR_LIBS="$NSPR_LIBS_LIST" ---- 591,599 ---- - done - - for dir in $ac_nss_lib_dir ; do -! case $host_os in -! cygwin* | mingw* | pw32*) -! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then - dnl do not add -L/usr/lib because compiler does it anyway - if test "z$dir" = "z/usr/lib" ; then - NSPR_LIBS="$NSPR_LIBS_LIST" -*************** -*** 583,589 **** - fi - NSPR_LIBS_FOUND="yes" - break -! fi - done - fi - ---- 606,631 ---- - fi - NSPR_LIBS_FOUND="yes" - break -! fi -! ;; -! -! *) -! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then -! dnl do not add -L/usr/lib because compiler does it anyway -! if test "z$dir" = "z/usr/lib" ; then -! NSPR_LIBS="$NSPR_LIBS_LIST" -! else -! if test "z$with_gnu_ld" = "zyes" ; then -! NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" -! else -! NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" -! fi -! fi -! NSPR_LIBS_FOUND="yes" -! break -! fi -! ;; -! esac - done - fi - -*************** -*** 641,647 **** - done - - for dir in $ac_nss_lib_dir ; do -! if test -f $dir/libnss3.so ; then - dnl do not add -L/usr/lib because compiler does it anyway - if test "z$dir" = "z/usr/lib" ; then - NSS_LIBS="$NSS_LIBS_LIST" ---- 683,691 ---- - done - - for dir in $ac_nss_lib_dir ; do -! case $host_os in -! cygwin* | mingw* | pw32*) -! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then - dnl do not add -L/usr/lib because compiler does it anyway - if test "z$dir" = "z/usr/lib" ; then - NSS_LIBS="$NSS_LIBS_LIST" -*************** -*** 654,660 **** - fi - NSS_LIBS_FOUND="yes" - break -! fi - done - fi - ---- 698,723 ---- - fi - NSS_LIBS_FOUND="yes" - break -! fi -! ;; -! -! *) -! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then -! dnl do not add -L/usr/lib because compiler does it anyway -! if test "z$dir" = "z/usr/lib" ; then -! NSS_LIBS="$NSS_LIBS_LIST" -! else -! if test "z$with_gnu_ld" = "zyes" ; then -! NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" -! else -! NSS_LIBS="-L$dir $NSS_LIBS_LIST" -! fi -! fi -! NSS_LIBS_FOUND="yes" -! break -! fi -! ;; -! esac - done - fi - -*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in Fri May 11 14:47:48 2007 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in Fri May 11 14:47:19 2007 -*************** -*** 1 **** -! dummy ---- 1,58 ---- -! # Makefile.in generated by automake 1.8.3 from Makefile.am. -! # @configure_input@ -! -! # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -! # 2003, 2004 Free Software Foundation, Inc. -! # This Makefile.in is free software; the Free Software Foundation -! # gives unlimited permission to copy and/or distribute it, -! # with or without modifications, as long as this notice is preserved. -! -! # This program is distributed in the hope that it will be useful, -! # but WITHOUT ANY WARRANTY, to the extent permitted by law; without -! # even the implied warranty of MERCHANTABILITY or FITNESS FOR A -! # PARTICULAR PURPOSE. -! -! @SET_MAKE@ -! -! HEADERS = $(xmlsecmscryptoinc_HEADERS) -! NULL = -! xmlsecmscryptoinc_HEADERS = \ -! akmngr.h \ -! app.h \ -! crypto.h \ -! symbols.h \ -! certkeys.h \ -! keysstore.h \ -! x509.h \ -! $(NULL) -! -! all: all-am -! -! mostlyclean-libtool: -! -rm -f *.lo -! -! clean-libtool: -! -rm -rf .libs _libs -! -! all-am: Makefile $(HEADERS) -! -! mostlyclean-generic: -! -! clean-generic: -! -! clean: clean-am -! -! clean-am: clean-generic clean-libtool mostlyclean-am -! -! mostlyclean: mostlyclean-am -! -! mostlyclean-am: mostlyclean-generic mostlyclean-libtool -! -! .PHONY: all all-am clean clean-generic \ -! clean-libtool \ -! mostlyclean mostlyclean-generic mostlyclean-libtool -! -! -! # Tell versions [3.59,3.63) of GNU make to not export all variables. -! # Otherwise a system limit (for SysV at least) may be exceeded. -! .NOEXPORT: -*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h Fri May 11 14:47:43 2007 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h Fri May 11 14:47:19 2007 -*************** -*** 1 **** -! dummy ---- 1,71 ---- -! /** -! * XMLSec library -! * -! * This is free software; see Copyright file in the source -! * distribution for preciese wording. -! * -! * Copyright .......................... -! */ -! #ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ -! #define __XMLSEC_MSCRYPTO_AKMNGR_H__ -! -! #include <windows.h> -! #include <wincrypt.h> -! -! #include <xmlsec/xmlsec.h> -! #include <xmlsec/keys.h> -! #include <xmlsec/transforms.h> -! -! #ifdef __cplusplus -! extern "C" { -! #endif /* __cplusplus */ -! -! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr -! xmlSecMSCryptoAppliedKeysMngrCreate( -! HCERTSTORE keyStore , -! HCERTSTORE certStore -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( -! xmlSecKeysMngrPtr mngr , -! HCRYPTKEY symKey -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( -! xmlSecKeysMngrPtr mngr , -! HCRYPTKEY pubKey -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( -! xmlSecKeysMngrPtr mngr , -! HCRYPTKEY priKey -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( -! xmlSecKeysMngrPtr mngr , -! HCERTSTORE keyStore -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( -! xmlSecKeysMngrPtr mngr , -! HCERTSTORE trustedStore -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( -! xmlSecKeysMngrPtr mngr , -! HCERTSTORE untrustedStore -! ) ; -! -! #ifdef __cplusplus -! } -! #endif /* __cplusplus */ -! -! #endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ -! -! -*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h Fri Sep 26 08:12:46 2003 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h Fri May 11 14:47:19 2007 -*************** -*** 77,82 **** ---- 77,97 ---- - PCCERT_CONTEXT cert, - xmlSecKeyDataType type); - -+ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE keyStore -+ ) ; -+ -+ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE trustedStore -+ ) ; -+ -+ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE untrustedStore -+ ) ; -+ - - #endif /* XMLSEC_NO_X509 */ - -*** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am Wed Jul 30 04:46:35 2003 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am Fri May 11 14:47:19 2007 -*************** -*** 3,8 **** ---- 3,9 ---- - xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss - - xmlsecnssinc_HEADERS = \ -+ akmngr.h \ - app.h \ - crypto.h \ - symbols.h \ -*************** -*** 10,15 **** ---- 11,18 ---- - keysstore.h \ - pkikeys.h \ - x509.h \ -+ tokens.h \ -+ ciphers.h \ - $(NULL) - - install-exec-hook: -*** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in Thu Aug 26 08:00:31 2004 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in Fri May 11 14:47:19 2007 -*************** -*** 273,278 **** ---- 273,279 ---- - NULL = - xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss - xmlsecnssinc_HEADERS = \ -+ akmngr.h \ - app.h \ - crypto.h \ - symbols.h \ -*************** -*** 280,285 **** ---- 281,288 ---- - keysstore.h \ - pkikeys.h \ - x509.h \ -+ tokens.h \ -+ ciphers.h \ - $(NULL) - - all: all-am -*** misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h Fri May 11 14:47:41 2007 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h Fri May 11 14:47:19 2007 -*************** -*** 1 **** -! dummy ---- 1,56 ---- -! /** -! * XMLSec library -! * -! * This is free software; see Copyright file in the source -! * distribution for preciese wording. -! * -! * Copyright .......................... -! */ -! #ifndef __XMLSEC_NSS_AKMNGR_H__ -! #define __XMLSEC_NSS_AKMNGR_H__ -! -! #include <nss.h> -! #include <nspr.h> -! #include <pk11func.h> -! #include <cert.h> -! -! #include <xmlsec/xmlsec.h> -! #include <xmlsec/keys.h> -! #include <xmlsec/transforms.h> -! -! #ifdef __cplusplus -! extern "C" { -! #endif /* __cplusplus */ -! -! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr -! xmlSecNssAppliedKeysMngrCreate( -! PK11SlotInfo** slots, -! int cSlots, -! CERTCertDBHandle* handler -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssAppliedKeysMngrSymKeyLoad( -! xmlSecKeysMngrPtr mngr , -! PK11SymKey* symKey -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssAppliedKeysMngrPubKeyLoad( -! xmlSecKeysMngrPtr mngr , -! SECKEYPublicKey* pubKey -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssAppliedKeysMngrPriKeyLoad( -! xmlSecKeysMngrPtr mngr , -! SECKEYPrivateKey* priKey -! ) ; -! -! #ifdef __cplusplus -! } -! #endif /* __cplusplus */ -! -! #endif /* __XMLSEC_NSS_AKMNGR_H__ */ -! -! -*** misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h Mon Jan 12 22:06:14 2004 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h Fri May 11 14:47:19 2007 -*************** -*** 22,27 **** ---- 22,30 ---- - #include <xmlsec/keysmngr.h> - #include <xmlsec/transforms.h> - -+ #include <xmlsec/nss/tokens.h> -+ #include <xmlsec/nss/akmngr.h> -+ - /** - * Init/shutdown - */ -*************** -*** 34,39 **** ---- 37,44 ---- - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr); - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, - xmlSecKeyPtr key); -+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, -+ xmlSecNssKeySlotPtr keySlot); - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, - const char* uri); - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, -*** misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h Fri May 11 14:47:41 2007 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h Fri May 11 14:47:19 2007 -*************** -*** 1 **** -! dummy ---- 1,35 ---- -! /** -! * XMLSec library -! * -! * This is free software; see Copyright file in the source -! * distribution for preciese wording. -! * -! * Copyright .......................... -! */ -! #ifndef __XMLSEC_NSS_CIPHERS_H__ -! #define __XMLSEC_NSS_CIPHERS_H__ -! -! #ifdef __cplusplus -! extern "C" { -! #endif /* __cplusplus */ -! -! #include <xmlsec/xmlsec.h> -! #include <xmlsec/keys.h> -! #include <xmlsec/transforms.h> -! -! -! XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, -! PK11SymKey* symkey ) ; -! -! XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; -! -! XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); -! -! -! #ifdef __cplusplus -! } -! #endif /* __cplusplus */ -! -! #endif /* __XMLSEC_NSS_CIPHERS_H__ */ -! -! -*** misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h Mon Jan 12 22:06:14 2004 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h Fri May 11 14:47:19 2007 -*************** -*** 264,269 **** ---- 264,278 ---- - xmlSecNssTransformRsaPkcs1GetKlass() - XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void); - -+ /** -+ * xmlSecNssTransformRsaOaepId: -+ * -+ * The RSA OAEP key transport transform klass. -+ */ -+ #define xmlSecNssTransformRsaOaepId \ -+ xmlSecNssTransformRsaOaepGetKlass() -+ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void); -+ - #endif /* XMLSEC_NO_RSA */ - - -*** misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h Wed Jul 30 04:46:35 2003 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h Fri May 11 14:47:19 2007 -*************** -*** 16,21 **** ---- 16,23 ---- - #endif /* __cplusplus */ - - #include <xmlsec/xmlsec.h> -+ #include <xmlsec/keysmngr.h> -+ #include <xmlsec/nss/tokens.h> - - /**************************************************************************** - * -*************** -*** 31,36 **** ---- 33,40 ---- - XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); - XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, - xmlSecKeyPtr key); -+ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, -+ xmlSecNssKeySlotPtr keySlot); - XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, - const char *uri, - xmlSecKeysMngrPtr keysMngr); -*** misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h Fri May 11 14:47:42 2007 ---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h Fri May 11 14:47:19 2007 -*************** -*** 1 **** -! dummy ---- 1,182 ---- -! /** -! * XMLSec library -! * -! * This is free software; see Copyright file in the source -! * distribution for preciese wording. -! * -! * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. -! * -! * Contributor(s): _____________________________ -! * -! */ -! #ifndef __XMLSEC_NSS_TOKENS_H__ -! #define __XMLSEC_NSS_TOKENS_H__ -! -! #include <string.h> -! -! #include <nss.h> -! #include <pk11func.h> -! -! #include <xmlsec/xmlsec.h> -! #include <xmlsec/list.h> -! -! #ifdef __cplusplus -! extern "C" { -! #endif /* __cplusplus */ -! -! /** -! * xmlSecNssKeySlotListId -! * -! * The crypto mechanism list klass -! */ -! #define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() -! XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; -! -! /******************************************* -! * KeySlot interfaces -! *******************************************/ -! /** -! * Internal NSS key slot data -! * @mechanismList: the mechanisms that the slot bound with. -! * @slot: the pkcs slot -! * -! * This context is located after xmlSecPtrList -! */ -! typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; -! typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; -! -! struct _xmlSecNssKeySlot { -! CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ -! PK11SlotInfo* slot ; -! } ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssKeySlotSetMechList( -! xmlSecNssKeySlotPtr keySlot , -! CK_MECHANISM_TYPE_PTR mechanismList -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssKeySlotEnableMech( -! xmlSecNssKeySlotPtr keySlot , -! CK_MECHANISM_TYPE mechanism -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssKeySlotDisableMech( -! xmlSecNssKeySlotPtr keySlot , -! CK_MECHANISM_TYPE mechanism -! ) ; -! -! XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR -! xmlSecNssKeySlotGetMechList( -! xmlSecNssKeySlotPtr keySlot -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssKeySlotSetSlot( -! xmlSecNssKeySlotPtr keySlot , -! PK11SlotInfo* slot -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssKeySlotInitialize( -! xmlSecNssKeySlotPtr keySlot , -! PK11SlotInfo* slot -! ) ; -! -! XMLSEC_CRYPTO_EXPORT void -! xmlSecNssKeySlotFinalize( -! xmlSecNssKeySlotPtr keySlot -! ) ; -! -! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* -! xmlSecNssKeySlotGetSlot( -! xmlSecNssKeySlotPtr keySlot -! ) ; -! -! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr -! xmlSecNssKeySlotCreate() ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssKeySlotCopy( -! xmlSecNssKeySlotPtr newKeySlot , -! xmlSecNssKeySlotPtr keySlot -! ) ; -! -! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr -! xmlSecNssKeySlotDuplicate( -! xmlSecNssKeySlotPtr keySlot -! ) ; -! -! XMLSEC_CRYPTO_EXPORT void -! xmlSecNssKeySlotDestroy( -! xmlSecNssKeySlotPtr keySlot -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssKeySlotBindMech( -! xmlSecNssKeySlotPtr keySlot , -! CK_MECHANISM_TYPE type -! ) ; -! -! XMLSEC_CRYPTO_EXPORT int -! xmlSecNssKeySlotSupportMech( -! xmlSecNssKeySlotPtr keySlot , -! CK_MECHANISM_TYPE type -! ) ; -! -! -! /************************************************************************ -! * PKCS#11 crypto token interfaces -! * -! * A PKCS#11 slot repository will be defined internally. From the -! * repository, a user can specify a particular slot for a certain crypto -! * mechanism. -! * -! * In some situation, some cryptographic operation should act in a user -! * designated devices. The interfaces defined here provide the way. If -! * the user do not initialize the repository distinctly, the interfaces -! * use the default functions provided by NSS itself. -! * -! ************************************************************************/ -! /** -! * Initialize NSS pkcs#11 slot repository -! * -! * Returns 0 if success or -1 if an error occurs. -! */ -! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; -! -! /** -! * Shutdown and destroy NSS pkcs#11 slot repository -! */ -! XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; -! -! /** -! * Get PKCS#11 slot handler -! * @type the mechanism that the slot must support. -! * -! * Returns a pointer to PKCS#11 slot or NULL if an error occurs. -! * -! * Notes: The returned handler must be destroied distinctly. -! */ -! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; -! -! /** -! * Adopt a pkcs#11 slot with a mechanism into the repository -! * @slot: the pkcs#11 slot. -! * @mech: the mechanism. -! * -! * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with -! * this mechanism only can perform on the @slot. -! * -! * Returns 0 if success or -1 if an error occurs. -! */ -! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; -! -! #ifdef __cplusplus -! } -! #endif /* __cplusplus */ -! -! #endif /* __XMLSEC_NSS_TOKENS_H__ */ -! -*** misc/xmlsec1-1.2.6/libxml2-config Fri May 11 14:47:49 2007 ---- misc/build/xmlsec1-1.2.6/libxml2-config Fri May 11 14:47:19 2007 -*************** -*** 1 **** -! dummy ---- 1,48 ---- -! #! /bin/sh -! -! if test "$SYSTEM_LIBXML" = "YES" -! then xml2-config "$@"; exit 0 -! fi -! -! prefix=${SOLARVERSION}/${INPATH} -! includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external -! libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT} -! -! while test $# -gt 0; do -! case "$1" in -! -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; -! *) optarg= ;; -! esac -! -! case "$1" in -! --prefix=*) -! prefix=$optarg -! includedir=$prefix/include -! libdir=$prefix/lib -! ;; -! -! --prefix) -! echo $prefix -! ;; -! -! --version) -! echo 2.5.4 -! exit 0 -! ;; -! -! --cflags) -! echo -I${includedir} -! ;; -! -! --libs) -! echo -L${libdir} ${LIBXML2LIB} ${ZLIB3RDLIB} -lm -! ;; -! -! *) -! exit 1 -! ;; -! esac -! shift -! done -! -! exit 0 -*** misc/xmlsec1-1.2.6/ltmain.sh Thu Aug 26 08:00:15 2004 ---- misc/build/xmlsec1-1.2.6/ltmain.sh Fri May 11 14:47:19 2007 -*************** -*** 1661,1666 **** ---- 1661,1671 ---- - fi - ;; - -+ *.lib) -+ deplibs="$deplibs $arg" -+ continue -+ ;; -+ - *.$libext) - # An archive. - deplibs="$deplibs $arg" -*************** -*** 1974,1979 **** ---- 1979,1988 ---- - continue - ;; - *.la) lib="$deplib" ;; -+ *.lib) -+ deplibs="$deplib $deplibs" -+ continue -+ ;; - *.$libext) - if test "$pass" = conv; then - deplibs="$deplib $deplibs" -*************** -*** 2994,3006 **** - ;; - - freebsd-aout) -! major=".$current" -! versuffix=".$current.$revision"; - ;; - - freebsd-elf) -! major=".$current" -! versuffix=".$current"; - ;; - - irix | nonstopux) ---- 3003,3015 ---- - ;; - - freebsd-aout) -! major=.`expr $current - $age` -! versuffix="$major.$age.$revision" - ;; - - freebsd-elf) -! major=.`expr $current - $age` -! versuffix="$major.$age.$revision" - ;; - - irix | nonstopux) -*************** -*** 3564,3570 **** - fi - else - eval flag=\"$hardcode_libdir_flag_spec\" -! dep_rpath="$dep_rpath $flag" - fi - elif test -n "$runpath_var"; then - case "$perm_rpath " in ---- 3573,3580 ---- - fi - else - eval flag=\"$hardcode_libdir_flag_spec\" -! # what the ... -! # dep_rpath="$dep_rpath $flag" - fi - elif test -n "$runpath_var"; then - case "$perm_rpath " in -*** misc/xmlsec1-1.2.6/src/bn.c Mon Jun 21 20:33:27 2004 ---- misc/build/xmlsec1-1.2.6/src/bn.c Fri May 11 14:47:19 2007 -*************** -*** 170,177 **** - */ - int - xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { -! xmlSecSize i, len; - xmlSecByte ch; - int nn; - int ret; - ---- 170,179 ---- - */ - int - xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { -! xmlSecSize i, len, size; - xmlSecByte ch; -+ xmlSecByte* data; -+ int positive; - int nn; - int ret; - -*************** -*** 183,189 **** - /* trivial case */ - len = xmlStrlen(str); - if(len == 0) { -! return(0); - } - - /* The result size could not exceed the input string length ---- 185,191 ---- - /* trivial case */ - len = xmlStrlen(str); - if(len == 0) { -! return(0); - } - - /* The result size could not exceed the input string length -*************** -*** 191,244 **** - * In truth, it would be likely less than 1/2 input string length - * because each byte is represented by 2 chars. If needed, - * buffer size would be increased by Mul/Add functions. - */ -! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1); - if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnRevLookupTable", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=%d", len / 2 + 1); -! return (-1); - } - -! for(i = 0; i < len; i++) { -! ch = str[i]; -! if(isspace(ch)) { -! continue; -! } -! -! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); -! nn = xmlSecBnLookupTable[ch]; -! if((nn < 0) || ((xmlSecSize)nn > base)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "char=%c;base=%d", -! ch, base); -! return (-1); -! } -! -! ret = xmlSecBnMul(bn, base); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnMul", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "base=%d", base); -! return (-1); -! } -! -! ret = xmlSecBnAdd(bn, nn); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnAdd", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "base=%d", base); -! return (-1); -! } - } - - return(0); ---- 193,323 ---- - * In truth, it would be likely less than 1/2 input string length - * because each byte is represented by 2 chars. If needed, - * buffer size would be increased by Mul/Add functions. -+ * Finally, we can add one byte for 00 or 10 prefix. - */ -! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1); - if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnRevLookupTable", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=%d", len / 2 + 1); -! return (-1); -! } -! -! /* figure out if it is positive or negative number */ -! positive = 1; -! i = 0; -! while(i < len) { -! ch = str[i++]; -! -! /* skip spaces */ -! if(isspace(ch)) { -! continue; -! } -! -! /* check if it is + or - */ -! if(ch == '+') { -! positive = 1; -! break; -! } else if(ch == '-') { -! positive = 0; -! break; -! } -! -! /* otherwise, it must be start of the number */ -! nn = xmlSecBnLookupTable[ch]; -! if((nn >= 0) && ((xmlSecSize)nn < base)) { -! xmlSecAssert2(i > 0, -1); -! -! /* no sign, positive by default */ -! positive = 1; -! --i; /* make sure that we will look at this character in next loop */ -! break; -! } else { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "char=%c;base=%d", -! ch, base); -! return (-1); -! } -! } -! -! /* now parse the number itself */ -! while(i < len) { -! ch = str[i++]; -! if(isspace(ch)) { -! continue; -! } -! -! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); -! nn = xmlSecBnLookupTable[ch]; -! if((nn < 0) || ((xmlSecSize)nn > base)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "char=%c;base=%d", -! ch, base); -! return (-1); -! } -! -! ret = xmlSecBnMul(bn, base); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnMul", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "base=%d", base); -! return (-1); -! } -! -! ret = xmlSecBnAdd(bn, nn); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnAdd", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "base=%d", base); -! return (-1); -! } - } - -! /* check if we need to add 00 prefix */ -! data = xmlSecBufferGetData(bn); -! size = xmlSecBufferGetSize(bn); -! if((size > 0 && data[0] > 127)||(size==0)) { -! ch = 0; -! ret = xmlSecBufferPrepend(bn, &ch, 1); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBufferPrepend", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "base=%d", base); -! return (-1); -! } -! } -! -! /* do 2's compliment and add 1 to represent negative value */ -! if(positive == 0) { -! data = xmlSecBufferGetData(bn); -! size = xmlSecBufferGetSize(bn); -! for(i = 0; i < size; ++i) { -! data[i] ^= 0xFF; -! } -! -! ret = xmlSecBnAdd(bn, 1); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnAdd", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "base=%d", base); -! return (-1); -! } - } - - return(0); -*************** -*** 256,263 **** - */ - xmlChar* - xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { - xmlChar* res; -! xmlSecSize i, len; - int nn; - xmlChar ch; - ---- 335,346 ---- - */ - xmlChar* - xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { -+ xmlSecBn bn2; -+ int positive = 1; - xmlChar* res; -! xmlSecSize i, len, size; -! xmlSecByte* data; -! int ret; - int nn; - xmlChar ch; - -*************** -*** 265,299 **** - xmlSecAssert2(base > 1, NULL); - xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); - - /* Result string len is - * len = log base (256) * <bn size> - * Since the smallest base == 2 then we can get away with - * len = 8 * <bn size> - */ -! len = 8 * xmlSecBufferGetSize(bn) + 1; - res = (xmlChar*)xmlMalloc(len + 1); - if(res == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_MALLOC_FAILED, -! "len=%d", len); -! return (NULL); - } - memset(res, 0, len + 1); - -! for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) { -! if(xmlSecBnDiv(bn, base, &nn) < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnDiv", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "base=%d", base); -! xmlFree(res); -! return (NULL); -! } -! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); -! res[i] = xmlSecBnRevLookupTable[nn]; - } - xmlSecAssert2(i < len, NULL); - ---- 348,433 ---- - xmlSecAssert2(base > 1, NULL); - xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); - -+ -+ /* copy bn */ -+ data = xmlSecBufferGetData(bn); -+ size = xmlSecBufferGetSize(bn); -+ ret = xmlSecBnInitialize(&bn2, size); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "size=%d", size); -+ return (NULL); -+ } -+ -+ ret = xmlSecBnSetData(&bn2, data, size); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnSetData", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "size=%d", size); -+ xmlSecBnFinalize(&bn2); -+ return (NULL); -+ } -+ -+ /* check if it is a negative number or not */ -+ data = xmlSecBufferGetData(&bn2); -+ size = xmlSecBufferGetSize(&bn2); -+ if((size > 0) && (data[0] > 127)) { -+ /* subtract 1 and do 2's compliment */ -+ ret = xmlSecBnAdd(&bn2, -1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnAdd", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "size=%d", size); -+ xmlSecBnFinalize(&bn2); -+ return (NULL); -+ } -+ for(i = 0; i < size; ++i) { -+ data[i] ^= 0xFF; -+ } -+ -+ positive = 0; -+ } else { -+ positive = 1; -+ } -+ - /* Result string len is - * len = log base (256) * <bn size> - * Since the smallest base == 2 then we can get away with - * len = 8 * <bn size> - */ -! len = 8 * size + 1 + 1; - res = (xmlChar*)xmlMalloc(len + 1); - if(res == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_MALLOC_FAILED, -! "len=%d", len); -! xmlSecBnFinalize(&bn2); -! return (NULL); - } - memset(res, 0, len + 1); - -! for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) { -! if(xmlSecBnDiv(&bn2, base, &nn) < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnDiv", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "base=%d", base); -! xmlFree(res); -! xmlSecBnFinalize(&bn2); -! return (NULL); -! } -! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); -! res[i] = xmlSecBnRevLookupTable[nn]; - } - xmlSecAssert2(i < len, NULL); - -*************** -*** 301,313 **** - for(len = i; (len > 1) && (res[len - 1] == '0'); len--); - res[len] = '\0'; - - /* swap the string because we wrote it in reverse order */ - for(i = 0; i < len / 2; i++) { -! ch = res[i]; -! res[i] = res[len - i - 1]; -! res[len - i - 1] = ch; - } - - return(res); - } - ---- 435,454 ---- - for(len = i; (len > 1) && (res[len - 1] == '0'); len--); - res[len] = '\0'; - -+ /* add "-" for negative numbers */ -+ if(positive == 0) { -+ res[len] = '-'; -+ res[++len] = '\0'; -+ } -+ - /* swap the string because we wrote it in reverse order */ - for(i = 0; i < len / 2; i++) { -! ch = res[i]; -! res[i] = res[len - i - 1]; -! res[len - i - 1] = ch; - } - -+ xmlSecBnFinalize(&bn2); - return(res); - } - -*************** -*** 392,398 **** - } - - data = xmlSecBufferGetData(bn); -! for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) { - xmlSecAssert2(data != NULL, -1); - - over = over + multiplier * data[--i]; ---- 533,541 ---- - } - - data = xmlSecBufferGetData(bn); -! i = xmlSecBufferGetSize(bn); -! over = 0; -! while(i > 0) { - xmlSecAssert2(data != NULL, -1); - - over = over + multiplier * data[--i]; -*************** -*** 487,529 **** - */ - int - xmlSecBnAdd(xmlSecBnPtr bn, int delta) { -! int over; - xmlSecByte* data; - xmlSecSize i; - xmlSecByte ch; - int ret; - - xmlSecAssert2(bn != NULL, -1); -- xmlSecAssert2(delta >= 0, -1); - - if(delta == 0) { -! return(0); - } - - data = xmlSecBufferGetData(bn); -! for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) { -! xmlSecAssert2(data != NULL, -1); - -! over += data[--i]; -! data[i] = over % 256; -! over = over / 256; -! } - -! while(over > 0) { -! ch = over % 256; -! over = over / 256; - -! ret = xmlSecBufferPrepend(bn, &ch, 1); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBufferPrepend", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=1"); -! return (-1); -! } - } -- - return(0); - } - ---- 630,686 ---- - */ - int - xmlSecBnAdd(xmlSecBnPtr bn, int delta) { -! int over, tmp; - xmlSecByte* data; - xmlSecSize i; - xmlSecByte ch; - int ret; - - xmlSecAssert2(bn != NULL, -1); - - if(delta == 0) { -! return(0); - } - - data = xmlSecBufferGetData(bn); -! if(delta > 0) { -! for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) { -! xmlSecAssert2(data != NULL, -1); - -! tmp = data[--i]; -! over += tmp; -! data[i] = over % 256; -! over = over / 256; -! } - -! while(over > 0) { -! ch = over % 256; -! over = over / 256; - -! ret = xmlSecBufferPrepend(bn, &ch, 1); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBufferPrepend", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=1"); -! return (-1); -! } -! } -! } else { -! for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) { -! xmlSecAssert2(data != NULL, -1); -! -! tmp = data[--i]; -! if(tmp < over) { -! data[i] = 0; -! over = (over - tmp) / 256; -! } else { -! data[i] = tmp - over; -! over = 0; -! } -! } - } - return(0); - } - -*************** -*** 787,793 **** - } - - if(addLineBreaks) { -! xmlNodeAddContent(cur, BAD_CAST "\n"); - } - - switch(format) { ---- 944,950 ---- - } - - if(addLineBreaks) { -! xmlNodeAddContent(cur, xmlSecStringCR); - } - - switch(format) { -*************** -*** 833,839 **** - } - - if(addLineBreaks) { -! xmlNodeAddContent(cur, BAD_CAST "\n"); - } - - return(0); ---- 990,996 ---- - } - - if(addLineBreaks) { -! xmlNodeAddContent(cur, xmlSecStringCR); - } - - return(0); -*** misc/xmlsec1-1.2.6/src/dl.c Wed Oct 29 16:57:20 2003 ---- misc/build/xmlsec1-1.2.6/src/dl.c Fri May 11 14:47:19 2007 -*************** -*** 329,334 **** ---- 329,338 ---- - xmlSecCryptoDLInit(void) { - int ret; - -+ /* use xmlMalloc/xmlFree */ -+ xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; -+ xmlsec_lt_dlfree = xmlSecCryptoDLFree; -+ - ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass()); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -*************** -*** 350,358 **** - } - /* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */ - -- /* use xmlMalloc/xmlFree */ -- xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; -- xmlsec_lt_dlfree = xmlSecCryptoDLFree; - return(0); - } - ---- 354,359 ---- -*** misc/xmlsec1-1.2.6/src/mscrypto/Makefile.in Fri May 11 14:47:49 2007 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/Makefile.in Fri May 11 14:47:19 2007 -*************** -*** 1 **** -! dummy ---- 1,178 ---- -! # Makefile.in generated by automake 1.8.3 from Makefile.am. -! # @configure_input@ -! -! # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -! # 2003, 2004 Free Software Foundation, Inc. -! # This Makefile.in is free software; the Free Software Foundation -! # gives unlimited permission to copy and/or distribute it, -! # with or without modifications, as long as this notice is preserved. -! -! # This program is distributed in the hope that it will be useful, -! # but WITHOUT ANY WARRANTY, to the extent permitted by law; without -! # even the implied warranty of MERCHANTABILITY or FITNESS FOR A -! # PARTICULAR PURPOSE. -! -! @SET_MAKE@ -! -! srcdir = @srcdir@ -! top_srcdir = @top_srcdir@ -! top_builddir = ../.. -! LTLIBRARIES = $(lib_LTLIBRARIES) -! am__DEPENDENCIES_1 = -! libxmlsec1_mscrypto_la_DEPENDENCIES = ../libxmlsec1.la \ -! $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ -! $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -! am__objects_1 = -! am_libxmlsec1_mscrypto_la_OBJECTS = akmngr.lo app.lo certkeys.lo ciphers.lo crypto.lo \ -! digests.lo keysstore.lo kt_rsa.lo signatures.lo symkeys.lo \ -! x509.lo x509vfy.lo $(am__objects_1) -! libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS) -! DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) -! depcomp = $(SHELL) $(top_srcdir)/depcomp -! @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/certkeys.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/keysstore.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/kt_rsa.Plo ./$(DEPDIR)/signatures.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo -! COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ -! $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -! LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ -! $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -! $(AM_CFLAGS) $(CFLAGS) -! CCLD = $(CC) -! LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -! $(AM_LDFLAGS) $(LDFLAGS) -o $@ -! CC = @CC@ -! CCDEPMODE = @CCDEPMODE@ -! CFLAGS = @CFLAGS@ -! CPPFLAGS = @CPPFLAGS@ -! CYGPATH_W = @CYGPATH_W@ -! DEFS = @DEFS@ -! DEPDIR = @DEPDIR@ -! LDFLAGS = @LDFLAGS@ -! LIBS = @LIBS@ -! LIBTOOL = @LIBTOOL@ -! LIBXML_CFLAGS = @LIBXML_CFLAGS@ -! LIBXML_LIBS = @LIBXML_LIBS@ -! MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@ -! MSCRYPTO_LIBS = @MSCRYPTO_LIBS@ -! OBJEXT = @OBJEXT@ -! SHELL = @SHELL@ -! XMLSEC_DEFINES = @XMLSEC_DEFINES@ -! exec_prefix = @exec_prefix@ -! libdir = @libdir@ -! prefix = @prefix@ -! NULL = -! -! INCLUDES = \ -! -DPACKAGE=\"@PACKAGE@\" \ -! -I$(top_srcdir) \ -! -I$(top_srcdir)/include \ -! $(XMLSEC_DEFINES) \ -! $(MSCRYPTO_CFLAGS) \ -! $(LIBXSLT_CFLAGS) \ -! $(LIBXML_CFLAGS) \ -! $(NULL) -! -! lib_LTLIBRARIES = \ -! libxmlsec1-mscrypto.la \ -! $(NULL) -! -! libxmlsec1_mscrypto_la_LIBADD = \ -! ../libxmlsec1.la \ -! $(MSCRYPTO_LIBS) \ -! $(LIBXSLT_LIBS) \ -! $(LIBXML_LIBS) \ -! $(NULL) -! -! libxmlsec1_mscrypto_la_LDFLAGS = \ -! -version-info @XMLSEC_VERSION_INFO@ \ -! $(NULL) -! -! all: all-am -! -! .SUFFIXES: -! .SUFFIXES: .c .lo .o .obj -! -! clean-libLTLIBRARIES: -! -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) -! @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ -! dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -! test "$$dir" = "$$p" && dir=.; \ -! echo "rm -f \"$${dir}/so_locations\""; \ -! rm -f "$${dir}/so_locations"; \ -! done -! libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES) -! $(LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_LDFLAGS) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS) -! -! mostlyclean-compile: -! -rm -f *.$(OBJEXT) -! -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certkeys.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509vfy.Plo@am__quote@ -! -! .c.o: -! @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ -! @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi -! @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -! @AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ -! @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -! @am__fastdepCC_FALSE@ $(COMPILE) -c $< -! -! .c.obj: -! @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ -! @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi -! @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -! @AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ -! @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -! @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -! -! .c.lo: -! @am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ -! @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi -! @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -! @AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' @AMDEPBACKSLASH@ -! @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -! @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -! -! mostlyclean-libtool: -! -rm -f *.lo -! -! clean-libtool: -! -rm -rf .libs _libs -! -! all-am: Makefile $(LTLIBRARIES) -! -! mostlyclean-generic: -! -! clean-generic: -! -! clean: clean-am -! -! clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ -! mostlyclean-am -! -! mostlyclean: mostlyclean-am -! -! mostlyclean-am: mostlyclean-compile mostlyclean-generic \ -! mostlyclean-libtool -! -! .PHONY: all all-am clean clean-generic \ -! clean-libLTLIBRARIES clean-libtool \ -! maintainer-clean-generic mostlyclean mostlyclean-compile \ -! mostlyclean-generic mostlyclean-libtool -! -! # Tell versions [3.59,3.63) of GNU make to not export all variables. -! # Otherwise a system limit (for SysV at least) may be exceeded. -! .NOEXPORT: -*** misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c Fri May 11 14:47:44 2007 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c Fri May 11 14:47:19 2007 -*************** -*** 1 **** -! dummy ---- 1,235 ---- -! /** -! * XMLSec library -! * -! * This is free software; see Copyright file in the source -! * distribution for preciese wording. -! * -! * Copyright......................... -! */ -! #include "globals.h" -! -! #include <xmlsec/xmlsec.h> -! #include <xmlsec/keys.h> -! #include <xmlsec/transforms.h> -! #include <xmlsec/errors.h> -! -! #include <xmlsec/mscrypto/crypto.h> -! #include <xmlsec/mscrypto/keysstore.h> -! #include <xmlsec/mscrypto/akmngr.h> -! #include <xmlsec/mscrypto/x509.h> -! -! /** -! * xmlSecMSCryptoAppliedKeysMngrCreate: -! * @hKeyStore: the pointer to key store. -! * @hCertStore: the pointer to certificate database. -! * -! * Create and load key store and certificate database into keys manager -! * -! * Returns keys manager pointer on success or NULL otherwise. -! */ -! xmlSecKeysMngrPtr -! xmlSecMSCryptoAppliedKeysMngrCreate( -! HCERTSTORE hKeyStore , -! HCERTSTORE hCertStore -! ) { -! xmlSecKeyDataStorePtr certStore = NULL ; -! xmlSecKeysMngrPtr keyMngr = NULL ; -! xmlSecKeyStorePtr keyStore = NULL ; -! -! keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; -! if( keyStore == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeyStoreCreate" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return NULL ; -! } -! -! /*- -! * At present, MS Crypto engine do not provide a way to setup a key store. -! */ -! if( keyStore != NULL ) { -! /*TODO: binding key store.*/ -! } -! -! keyMngr = xmlSecKeysMngrCreate() ; -! if( keyMngr == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeysMngrCreate" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeyStoreDestroy( keyStore ) ; -! return NULL ; -! } -! -! /*- -! * Add key store to manager, from now on keys manager destroys the store if -! * needed -! */ -! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -! "xmlSecKeysMngrAdoptKeyStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeyStoreDestroy( keyStore ) ; -! xmlSecKeysMngrDestroy( keyMngr ) ; -! return NULL ; -! } -! -! /*- -! * Initialize crypto library specific data in keys manager -! */ -! if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecMSCryptoKeysMngrInit" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeysMngrDestroy( keyMngr ) ; -! return NULL ; -! } -! -! /*- -! * Set certificate databse to X509 key data store -! */ -! /*- -! * At present, MS Crypto engine do not provide a way to setup a cert store. -! */ -! -! /*- -! * Set the getKey callback -! */ -! keyMngr->getKey = xmlSecKeysMngrGetKey ; -! -! return keyMngr ; -! } -! -! int -! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( -! xmlSecKeysMngrPtr mngr , -! HCRYPTKEY symKey -! ) { -! /*TODO: import the key into keys manager.*/ -! return(0) ; -! } -! -! int -! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( -! xmlSecKeysMngrPtr mngr , -! HCRYPTKEY pubKey -! ) { -! /*TODO: import the key into keys manager.*/ -! return(0) ; -! } -! -! int -! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( -! xmlSecKeysMngrPtr mngr , -! HCRYPTKEY priKey -! ) { -! /*TODO: import the key into keys manager.*/ -! return(0) ; -! } -! -! int -! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( -! xmlSecKeysMngrPtr mngr , -! HCERTSTORE keyStore -! ) { -! xmlSecKeyDataStorePtr x509Store ; -! -! xmlSecAssert2( mngr != NULL, -1 ) ; -! xmlSecAssert2( keyStore != NULL, -1 ) ; -! -! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -! if( x509Store == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeysMngrGetDataStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( -1 ) ; -! } -! -! if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -! "xmlSecMSCryptoX509StoreAdoptKeyStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( -1 ) ; -! } -! -! return( 0 ) ; -! } -! -! int -! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( -! xmlSecKeysMngrPtr mngr , -! HCERTSTORE trustedStore -! ) { -! xmlSecKeyDataStorePtr x509Store ; -! -! xmlSecAssert2( mngr != NULL, -1 ) ; -! xmlSecAssert2( trustedStore != NULL, -1 ) ; -! -! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -! if( x509Store == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeysMngrGetDataStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( -1 ) ; -! } -! -! if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -! "xmlSecMSCryptoX509StoreAdoptKeyStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( -1 ) ; -! } -! -! return( 0 ) ; -! } -! -! int -! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( -! xmlSecKeysMngrPtr mngr , -! HCERTSTORE untrustedStore -! ) { -! xmlSecKeyDataStorePtr x509Store ; -! -! xmlSecAssert2( mngr != NULL, -1 ) ; -! xmlSecAssert2( untrustedStore != NULL, -1 ) ; -! -! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -! if( x509Store == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeysMngrGetDataStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( -1 ) ; -! } -! -! if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -! "xmlSecMSCryptoX509StoreAdoptKeyStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( -1 ) ; -! } -! -! return( 0 ) ; -! } -! -*** misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c Wed Mar 17 06:06:43 2004 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c Fri May 11 14:47:19 2007 -*************** -*** 41,46 **** ---- 41,47 ---- - * a public key from xml document is provided, we need HCRYPTKEY.... The focus - * now is however directed to certificates. Wouter - */ -+ /** replaced by a wrapper style for WINNT 4.0 - struct _xmlSecMSCryptoKeyDataCtx { - HCRYPTPROV hProv; - BOOL fCallerFreeProv; -*************** -*** 51,56 **** ---- 52,175 ---- - HCRYPTKEY hKey; - xmlSecKeyDataType type; - }; ++ esac ++ ++ case $ac_option in ++ # Handling of the options. ++_ACEOF ++cat >>$CONFIG_STATUS <<\_ACEOF ++ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ++ ac_cs_recheck=: ;; ++ --version | --vers* | -V ) ++ echo "$ac_cs_version"; exit 0 ;; ++ --he | --h) ++ # Conflict between --help and --header ++ { { echo "$as_me:$LINENO: error: ambiguous option: $1 ++Try \`$0 --help' for more information." >&5 ++echo "$as_me: error: ambiguous option: $1 ++Try \`$0 --help' for more information." >&2;} ++ { (exit 1); exit 1; }; };; ++ --help | --hel | -h ) ++ echo "$ac_cs_usage"; exit 0 ;; ++ --debug | --d* | -d ) ++ debug=: ;; ++ --file | --fil | --fi | --f ) ++ $ac_shift ++ CONFIG_FILES="$CONFIG_FILES $ac_optarg" ++ ac_need_defaults=false;; ++ --header | --heade | --head | --hea ) ++ $ac_shift ++ CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" ++ ac_need_defaults=false;; ++ -q | -quiet | --quiet | --quie | --qui | --qu | --q \ ++ | -silent | --silent | --silen | --sile | --sil | --si | --s) ++ ac_cs_silent=: ;; ++ ++ # This is an error. ++ -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 ++Try \`$0 --help' for more information." >&5 ++echo "$as_me: error: unrecognized option: $1 ++Try \`$0 --help' for more information." >&2;} ++ { (exit 1); exit 1; }; } ;; ++ ++ *) ac_config_targets="$ac_config_targets $1" ;; ++ ++ esac ++ shift ++done ++ ++ac_configure_extra_args= ++ ++if $ac_cs_silent; then ++ exec 6>/dev/null ++ ac_configure_extra_args="$ac_configure_extra_args --silent" ++fi ++ ++_ACEOF ++cat >>$CONFIG_STATUS <<_ACEOF ++if \$ac_cs_recheck; then ++ echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 ++ exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion ++fi ++ ++_ACEOF ++ ++cat >>$CONFIG_STATUS <<_ACEOF ++# ++# INIT-COMMANDS section. ++# ++ ++AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" ++ ++_ACEOF ++ ++ ++ ++cat >>$CONFIG_STATUS <<\_ACEOF ++for ac_config_target in $ac_config_targets ++do ++ case "$ac_config_target" in ++ # Handling of arguments. ++ "include/xmlsec/version.h" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/version.h" ;; ++ "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; ++ "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; ++ "include/xmlsec/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/Makefile" ;; ++ "include/xmlsec/private/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/private/Makefile" ;; ++ "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; ++ "apps/Makefile" ) CONFIG_FILES="$CONFIG_FILES apps/Makefile" ;; ++ "docs/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;; ++ "docs/api/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/api/Makefile" ;; ++ "man/Makefile" ) CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; ++ "xmlsec1Conf.sh" ) CONFIG_FILES="$CONFIG_FILES xmlsec1Conf.sh:xmlsecConf.sh.in" ;; ++ "xmlsec1-config" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-config:xmlsec-config.in" ;; ++ "xmlsec1-openssl.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-openssl.pc:xmlsec-openssl.pc.in" ;; ++ "xmlsec1-gnutls.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in" ;; ++ "xmlsec1-nss.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-nss.pc:xmlsec-nss.pc.in" ;; ++ "xmlsec1.spec" ) CONFIG_FILES="$CONFIG_FILES xmlsec1.spec:xmlsec.spec.in" ;; ++ "include/xmlsec/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/openssl/Makefile" ;; ++ "src/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/openssl/Makefile" ;; ++ "include/xmlsec/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/gnutls/Makefile" ;; ++ "src/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/gnutls/Makefile" ;; ++ "include/xmlsec/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/nss/Makefile" ;; ++ "src/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/nss/Makefile" ;; ++ "include/xmlsec/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/mscrypto/Makefile" ;; ++ "src/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/mscrypto/Makefile" ;; ++ "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; ++ "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; ++ *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 ++echo "$as_me: error: invalid argument: $ac_config_target" >&2;} ++ { (exit 1); exit 1; }; };; ++ esac ++done ++ ++# If the user did not use the arguments to specify the items to instantiate, ++# then the envvar interface is used. Set only those that are not. ++# We use the long form for the default assignment because of an extremely ++# bizarre bug on SunOS 4.1.3. ++if $ac_need_defaults; then ++ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files ++ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers ++ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands ++fi ++ ++# Have a temporary directory for convenience. Make it in the build tree ++# simply because there is no reason to put it here, and in addition, ++# creating and moving files from /tmp can sometimes cause problems. ++# Create a temporary directory, and hook for its removal unless debugging. ++$debug || ++{ ++ trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 ++ trap '{ (exit 1); exit 1; }' 1 2 13 15 ++} ++ ++# Create a (secure) tmp directory for tmp files. ++ ++{ ++ tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && ++ test -n "$tmp" && test -d "$tmp" ++} || ++{ ++ tmp=./confstat$$-$RANDOM ++ (umask 077 && mkdir $tmp) ++} || ++{ ++ echo "$me: cannot create a temporary directory in ." >&2 ++ { (exit 1); exit 1; } ++} ++ ++_ACEOF ++ ++cat >>$CONFIG_STATUS <<_ACEOF ++ ++# ++# CONFIG_FILES section. ++# ++ ++# No need to generate the scripts if there are no CONFIG_FILES. ++# This happens for instance when ./config.status config.h ++if test -n "\$CONFIG_FILES"; then ++ # Protect against being on the right side of a sed subst in config.status. ++ sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; ++ s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF ++s,@SHELL@,$SHELL,;t t ++s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t ++s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t ++s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t ++s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t ++s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t ++s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t ++s,@exec_prefix@,$exec_prefix,;t t ++s,@prefix@,$prefix,;t t ++s,@program_transform_name@,$program_transform_name,;t t ++s,@bindir@,$bindir,;t t ++s,@sbindir@,$sbindir,;t t ++s,@libexecdir@,$libexecdir,;t t ++s,@datadir@,$datadir,;t t ++s,@sysconfdir@,$sysconfdir,;t t ++s,@sharedstatedir@,$sharedstatedir,;t t ++s,@localstatedir@,$localstatedir,;t t ++s,@libdir@,$libdir,;t t ++s,@includedir@,$includedir,;t t ++s,@oldincludedir@,$oldincludedir,;t t ++s,@infodir@,$infodir,;t t ++s,@mandir@,$mandir,;t t ++s,@build_alias@,$build_alias,;t t ++s,@host_alias@,$host_alias,;t t ++s,@target_alias@,$target_alias,;t t ++s,@DEFS@,$DEFS,;t t ++s,@ECHO_C@,$ECHO_C,;t t ++s,@ECHO_N@,$ECHO_N,;t t ++s,@ECHO_T@,$ECHO_T,;t t ++s,@LIBS@,$LIBS,;t t ++s,@build@,$build,;t t ++s,@build_cpu@,$build_cpu,;t t ++s,@build_vendor@,$build_vendor,;t t ++s,@build_os@,$build_os,;t t ++s,@host@,$host,;t t ++s,@host_cpu@,$host_cpu,;t t ++s,@host_vendor@,$host_vendor,;t t ++s,@host_os@,$host_os,;t t ++s,@XMLSEC_VERSION@,$XMLSEC_VERSION,;t t ++s,@XMLSEC_PACKAGE@,$XMLSEC_PACKAGE,;t t ++s,@XMLSEC_VERSION_SAFE@,$XMLSEC_VERSION_SAFE,;t t ++s,@XMLSEC_VERSION_MAJOR@,$XMLSEC_VERSION_MAJOR,;t t ++s,@XMLSEC_VERSION_MINOR@,$XMLSEC_VERSION_MINOR,;t t ++s,@XMLSEC_VERSION_SUBMINOR@,$XMLSEC_VERSION_SUBMINOR,;t t ++s,@XMLSEC_VERSION_INFO@,$XMLSEC_VERSION_INFO,;t t ++s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t ++s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t ++s,@INSTALL_DATA@,$INSTALL_DATA,;t t ++s,@CYGPATH_W@,$CYGPATH_W,;t t ++s,@PACKAGE@,$PACKAGE,;t t ++s,@VERSION@,$VERSION,;t t ++s,@ACLOCAL@,$ACLOCAL,;t t ++s,@AUTOCONF@,$AUTOCONF,;t t ++s,@AUTOMAKE@,$AUTOMAKE,;t t ++s,@AUTOHEADER@,$AUTOHEADER,;t t ++s,@MAKEINFO@,$MAKEINFO,;t t ++s,@AMTAR@,$AMTAR,;t t ++s,@install_sh@,$install_sh,;t t ++s,@STRIP@,$STRIP,;t t ++s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t ++s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t ++s,@mkdir_p@,$mkdir_p,;t t ++s,@AWK@,$AWK,;t t ++s,@SET_MAKE@,$SET_MAKE,;t t ++s,@am__leading_dot@,$am__leading_dot,;t t ++s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t ++s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t ++s,@MAINT@,$MAINT,;t t ++s,@CC@,$CC,;t t ++s,@CFLAGS@,$CFLAGS,;t t ++s,@LDFLAGS@,$LDFLAGS,;t t ++s,@CPPFLAGS@,$CPPFLAGS,;t t ++s,@ac_ct_CC@,$ac_ct_CC,;t t ++s,@EXEEXT@,$EXEEXT,;t t ++s,@OBJEXT@,$OBJEXT,;t t ++s,@DEPDIR@,$DEPDIR,;t t ++s,@am__include@,$am__include,;t t ++s,@am__quote@,$am__quote,;t t ++s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t ++s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t ++s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t ++s,@CCDEPMODE@,$CCDEPMODE,;t t ++s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t ++s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t ++s,@EGREP@,$EGREP,;t t ++s,@LN_S@,$LN_S,;t t ++s,@ECHO@,$ECHO,;t t ++s,@AR@,$AR,;t t ++s,@ac_ct_AR@,$ac_ct_AR,;t t ++s,@RANLIB@,$RANLIB,;t t ++s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t ++s,@CPP@,$CPP,;t t ++s,@CXX@,$CXX,;t t ++s,@CXXFLAGS@,$CXXFLAGS,;t t ++s,@ac_ct_CXX@,$ac_ct_CXX,;t t ++s,@CXXDEPMODE@,$CXXDEPMODE,;t t ++s,@am__fastdepCXX_TRUE@,$am__fastdepCXX_TRUE,;t t ++s,@am__fastdepCXX_FALSE@,$am__fastdepCXX_FALSE,;t t ++s,@CXXCPP@,$CXXCPP,;t t ++s,@F77@,$F77,;t t ++s,@FFLAGS@,$FFLAGS,;t t ++s,@ac_ct_F77@,$ac_ct_F77,;t t ++s,@LIBTOOL@,$LIBTOOL,;t t ++s,@RM@,$RM,;t t ++s,@CP@,$CP,;t t ++s,@MV@,$MV,;t t ++s,@TAR@,$TAR,;t t ++s,@HELP2MAN@,$HELP2MAN,;t t ++s,@MAN2HTML@,$MAN2HTML,;t t ++s,@U@,$U,;t t ++s,@ANSI2KNR@,$ANSI2KNR,;t t ++s,@INSTALL_LTDL_TRUE@,$INSTALL_LTDL_TRUE,;t t ++s,@INSTALL_LTDL_FALSE@,$INSTALL_LTDL_FALSE,;t t ++s,@CONVENIENCE_LTDL_TRUE@,$CONVENIENCE_LTDL_TRUE,;t t ++s,@CONVENIENCE_LTDL_FALSE@,$CONVENIENCE_LTDL_FALSE,;t t ++s,@LIBADD_DL@,$LIBADD_DL,;t t ++s,@PKG_CONFIG_ENABLED@,$PKG_CONFIG_ENABLED,;t t ++s,@PKG_CONFIG@,$PKG_CONFIG,;t t ++s,@LIBXML_CFLAGS@,$LIBXML_CFLAGS,;t t ++s,@LIBXML_LIBS@,$LIBXML_LIBS,;t t ++s,@LIBXML262_CFLAGS@,$LIBXML262_CFLAGS,;t t ++s,@LIBXML262_LIBS@,$LIBXML262_LIBS,;t t ++s,@LIBXML_CONFIG@,$LIBXML_CONFIG,;t t ++s,@LIBXML_MIN_VERSION@,$LIBXML_MIN_VERSION,;t t ++s,@LIBXSLT_CFLAGS@,$LIBXSLT_CFLAGS,;t t ++s,@LIBXSLT_LIBS@,$LIBXSLT_LIBS,;t t ++s,@XMLSEC_NO_LIBXSLT@,$XMLSEC_NO_LIBXSLT,;t t ++s,@LIBXSLT_CONFIG@,$LIBXSLT_CONFIG,;t t ++s,@LIBXSLT_MIN_VERSION@,$LIBXSLT_MIN_VERSION,;t t ++s,@OPENSSL_CFLAGS@,$OPENSSL_CFLAGS,;t t ++s,@OPENSSL_LIBS@,$OPENSSL_LIBS,;t t ++s,@OPENSSL097_CFLAGS@,$OPENSSL097_CFLAGS,;t t ++s,@OPENSSL097_LIBS@,$OPENSSL097_LIBS,;t t ++s,@XMLSEC_NO_OPENSSL_TRUE@,$XMLSEC_NO_OPENSSL_TRUE,;t t ++s,@XMLSEC_NO_OPENSSL_FALSE@,$XMLSEC_NO_OPENSSL_FALSE,;t t ++s,@XMLSEC_NO_OPENSSL@,$XMLSEC_NO_OPENSSL,;t t ++s,@OPENSSL_CRYPTO_LIB@,$OPENSSL_CRYPTO_LIB,;t t ++s,@OPENSSL_MIN_VERSION@,$OPENSSL_MIN_VERSION,;t t ++s,@GNUTLS_CFLAGS@,$GNUTLS_CFLAGS,;t t ++s,@GNUTLS_LIBS@,$GNUTLS_LIBS,;t t ++s,@XMLSEC_NO_GNUTLS_TRUE@,$XMLSEC_NO_GNUTLS_TRUE,;t t ++s,@XMLSEC_NO_GNUTLS_FALSE@,$XMLSEC_NO_GNUTLS_FALSE,;t t ++s,@XMLSEC_NO_GNUTLS@,$XMLSEC_NO_GNUTLS,;t t ++s,@GNUTLS_CRYPTO_LIB@,$GNUTLS_CRYPTO_LIB,;t t ++s,@GNUTLS_MIN_VERSION@,$GNUTLS_MIN_VERSION,;t t ++s,@NSS_CFLAGS@,$NSS_CFLAGS,;t t ++s,@NSS_LIBS@,$NSS_LIBS,;t t ++s,@XMLSEC_NO_NSS_TRUE@,$XMLSEC_NO_NSS_TRUE,;t t ++s,@XMLSEC_NO_NSS_FALSE@,$XMLSEC_NO_NSS_FALSE,;t t ++s,@XMLSEC_NO_NSS@,$XMLSEC_NO_NSS,;t t ++s,@NSS_CRYPTO_LIB@,$NSS_CRYPTO_LIB,;t t ++s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t ++s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t ++s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t ++s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t ++s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t + s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t + s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t + s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t +@@ -34368,6 +36362,8 @@ + s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t + s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t + s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t ++s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t ++s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t + s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t + s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t + s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t +--- misc/xmlsec1-1.2.6/configure.in 2004-08-26 04:49:24.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/configure.in 2008-06-29 23:44:19.000000000 +0200 +@@ -143,7 +143,7 @@ + dnl find libxml + dnl ========================================================================== + LIBXML_MIN_VERSION="2.4.2" +-LIBXML_CONFIG="xml2-config" ++LIBXML_CONFIG="./libxml2-config" + LIBXML_CFLAGS="" + LIBXML_LIBS="" + LIBXML_FOUND="no" +@@ -503,12 +503,26 @@ + + XMLSEC_NO_NSS="1" + MOZILLA_MIN_VERSION="1.4" ++if test "z$MOZ_FLAVOUR" = "zfirefox" ; then ++ MOZILLA_MIN_VERSION="1.0" ++fi + NSS_MIN_VERSION="3.2" + NSPR_MIN_VERSION="4.0" + NSS_CFLAGS="" + NSS_LIBS="" +-NSS_LIBS_LIST="-lnss3 -lsmime3" +-NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" ++ ++case $host_os in ++cygwin* | mingw* | pw32*) ++ NSS_LIBS_LIST="-lnss3 -lsmime3" ++ NSPR_LIBS_LIST="-lnspr4" ++ ;; ++ ++*) ++ NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" ++ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" ++ ;; ++esac ++ + NSS_CRYPTO_LIB="$PACKAGE-nss" + NSS_FOUND="no" + +@@ -521,9 +535,16 @@ + AC_MSG_RESULT(no) + NSS_FOUND="without" + elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then +- PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION, ++ PKG_CHECK_MODULES(NSS, $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION, + [NSS_FOUND=yes], + [NSS_FOUND=no]) ++ AC_MSG_RESULT($NSS_FOUND) ++ if test "z$NSS_FOUND" = "zno" ; then ++ PKG_CHECK_MODULES(NSS, nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION, ++ [NSS_FOUND=yes], ++ [NSS_FOUND=no]) ++ AC_MSG_RESULT($NSS_FOUND) ++ fi + fi + + if test "z$NSS_FOUND" = "zno" ; then +@@ -534,8 +555,8 @@ + ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION + fi + +- ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" +- ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" ++ ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" ++ ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" + + AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) + NSPR_INCLUDES_FOUND="no" +@@ -570,7 +591,9 @@ + done + + for dir in $ac_nss_lib_dir ; do +- if test -f $dir/libnspr4.so ; then ++ case $host_os in ++ cygwin* | mingw* | pw32*) ++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then + dnl do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then + NSPR_LIBS="$NSPR_LIBS_LIST" +@@ -583,7 +606,26 @@ + fi + NSPR_LIBS_FOUND="yes" + break +- fi ++ fi ++ ;; ++ ++ *) ++ if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then ++ dnl do not add -L/usr/lib because compiler does it anyway ++ if test "z$dir" = "z/usr/lib" ; then ++ NSPR_LIBS="$NSPR_LIBS_LIST" ++ else ++ if test "z$with_gnu_ld" = "zyes" ; then ++ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" ++ else ++ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" ++ fi ++ fi ++ NSPR_LIBS_FOUND="yes" ++ break ++ fi ++ ;; ++ esac + done + fi + +@@ -641,7 +683,9 @@ + done + + for dir in $ac_nss_lib_dir ; do +- if test -f $dir/libnss3.so ; then ++ case $host_os in ++ cygwin* | mingw* | pw32*) ++ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then + dnl do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then + NSS_LIBS="$NSS_LIBS_LIST" +@@ -654,7 +698,26 @@ + fi + NSS_LIBS_FOUND="yes" + break +- fi ++ fi ++ ;; ++ ++ *) ++ if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then ++ dnl do not add -L/usr/lib because compiler does it anyway ++ if test "z$dir" = "z/usr/lib" ; then ++ NSS_LIBS="$NSS_LIBS_LIST" ++ else ++ if test "z$with_gnu_ld" = "zyes" ; then ++ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" ++ else ++ NSS_LIBS="-L$dir $NSS_LIBS_LIST" ++ fi ++ fi ++ NSS_LIBS_FOUND="yes" ++ break ++ fi ++ ;; ++ esac + done + fi + +--- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in 2008-06-29 23:44:40.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,58 @@ +-dummy ++# Makefile.in generated by automake 1.8.3 from Makefile.am. ++# @configure_input@ ++ ++# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, ++# 2003, 2004 Free Software Foundation, Inc. ++# This Makefile.in is free software; the Free Software Foundation ++# gives unlimited permission to copy and/or distribute it, ++# with or without modifications, as long as this notice is preserved. ++ ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY, to the extent permitted by law; without ++# even the implied warranty of MERCHANTABILITY or FITNESS FOR A ++# PARTICULAR PURPOSE. ++ ++@SET_MAKE@ ++ ++HEADERS = $(xmlsecmscryptoinc_HEADERS) ++NULL = ++xmlsecmscryptoinc_HEADERS = \ ++akmngr.h \ ++app.h \ ++crypto.h \ ++symbols.h \ ++certkeys.h \ ++keysstore.h \ ++x509.h \ ++$(NULL) ++ ++all: all-am ++ ++mostlyclean-libtool: ++ -rm -f *.lo ++ ++clean-libtool: ++ -rm -rf .libs _libs ++ ++all-am: Makefile $(HEADERS) ++ ++mostlyclean-generic: ++ ++clean-generic: ++ ++clean: clean-am ++ ++clean-am: clean-generic clean-libtool mostlyclean-am ++ ++mostlyclean: mostlyclean-am ++ ++mostlyclean-am: mostlyclean-generic mostlyclean-libtool ++ ++.PHONY: all all-am clean clean-generic \ ++ clean-libtool \ ++ mostlyclean mostlyclean-generic mostlyclean-libtool ++ ++ ++# Tell versions [3.59,3.63) of GNU make to not export all variables. ++# Otherwise a system limit (for SysV at least) may be exceeded. ++.NOEXPORT: +--- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2008-06-29 23:44:39.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,71 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright .......................... + */ -+ /*- -+ * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is -+ * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support -+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 -+ */ -+ struct _mscrypt_key { -+ HCRYPTKEY hKey ; -+ int refcnt ; -+ } ; -+ -+ /*- -+ * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is -+ * the same as CryptContextAddRef. Because the CryptContextAddRef is not support -+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 -+ */ -+ struct _mscrypt_prov { -+ HCRYPTPROV hProv ; -+ BOOL freeprov ; -+ int refcnt ; -+ } ; -+ -+ struct _xmlSecMSCryptoKeyDataCtx { -+ struct _mscrypt_prov* p_prov ; -+ LPCTSTR providerName; -+ DWORD providerType; -+ PCCERT_CONTEXT pCert; -+ DWORD dwKeySpec; -+ struct _mscrypt_key* p_key ; -+ xmlSecKeyDataType type; -+ }; -+ -+ struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) { -+ struct _mscrypt_key* pkey ; -+ -+ pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ; -+ if( pkey == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ "mscrypt_create_key" , -+ NULL , -+ XMLSEC_ERRORS_R_MALLOC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE -+ ) ; -+ } -+ -+ pkey->hKey = key ; -+ pkey->refcnt = 1 ; -+ -+ return pkey ; -+ } -+ -+ struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) { -+ if( key ) -+ key->refcnt ++ ; -+ -+ return key ; -+ } -+ -+ int mscrypt_release_key( struct _mscrypt_key* key ) { -+ if( key ) { -+ key->refcnt -- ; -+ if( !key->refcnt ) { -+ if( key->hKey ) { -+ CryptDestroyKey( key->hKey ) ; -+ key->hKey = 0 ; -+ } -+ xmlFree( key ) ; -+ } else { -+ return key->refcnt ; -+ } -+ } -+ -+ return 0 ; -+ } -+ -+ struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) { -+ struct _mscrypt_prov* pprov ; -+ -+ pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ; -+ if( pprov == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ "mscrypt_create_prov" , -+ NULL , -+ XMLSEC_ERRORS_R_MALLOC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE -+ ) ; -+ } -+ -+ pprov->hProv = prov ; -+ pprov->freeprov = callerFree ; -+ pprov->refcnt = 1 ; -+ -+ return pprov ; -+ } -+ -+ struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) { -+ if( prov ) -+ prov->refcnt ++ ; -+ -+ return prov ; -+ } -+ -+ int mscrypt_release_prov( struct _mscrypt_prov* prov ) { -+ if( prov ) { -+ prov->refcnt -- ; -+ if( !prov->refcnt ) { -+ if( prov->hProv && prov->freeprov ) { -+ CryptReleaseContext( prov->hProv, 0 ) ; -+ prov->hProv = 0 ; -+ } -+ xmlFree( prov ) ; -+ } else { -+ return prov->refcnt ; -+ } -+ } -+ -+ return 0 ; -+ } - - /****************************************************************************** - * -*************** -*** 88,111 **** - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); - -! if (ctx->hKey != 0) { -! CryptDestroyKey(ctx->hKey); -! ctx->hKey = 0; -! } - - if(ctx->pCert != NULL) { - CertFreeCertificateContext(ctx->pCert); - ctx->pCert = NULL; - } - -! if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) { -! CryptReleaseContext(ctx->hProv, 0); -! ctx->hProv = 0; -! ctx->fCallerFreeProv = FALSE; -! } else { -! ctx->hProv = 0; -! ctx->fCallerFreeProv = FALSE; -! } - - ctx->type = type; - ---- 207,226 ---- - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); - -! if( ctx->p_key != 0 ) { -! mscrypt_release_key( ctx->p_key ) ; -! } -! ctx->p_key = mscrypt_create_key( 0 ) ; - - if(ctx->pCert != NULL) { - CertFreeCertificateContext(ctx->pCert); - ctx->pCert = NULL; - } - -! if( ( ctx->p_prov ) ) { -! mscrypt_release_prov( ctx->p_prov ) ; -! } -! ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ; - - ctx->type = type; - -*************** -*** 116,124 **** - if (!CryptAcquireCertificatePrivateKey(pCert, - CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, - NULL, -! &(ctx->hProv), - &(ctx->dwKeySpec), -! &(ctx->fCallerFreeProv))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptAcquireCertificatePrivateKey", ---- 231,239 ---- - if (!CryptAcquireCertificatePrivateKey(pCert, - CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, - NULL, -! &(ctx->p_prov->hProv), - &(ctx->dwKeySpec), -! &(ctx->p_prov->freeprov))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptAcquireCertificatePrivateKey", -*************** -*** 127,172 **** - return(-1); - } - } else if((type & xmlSecKeyDataTypePublic) != 0){ -! if (!CryptAcquireContext(&(ctx->hProv), - NULL, -! ctx->providerName, - ctx->providerType, - CRYPT_VERIFYCONTEXT)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "CryptAcquireContext", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! ctx->dwKeySpec = 0; -! ctx->fCallerFreeProv = TRUE; - } else { -! xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Unsupported keytype"); -! return(-1); -! } -! -! /* CryptImportPublicKeyInfo is only needed when a real key handle -! * is needed. The key handle is needed for de/encrypting and for -! * verifying of a signature, *not* for signing. We could call -! * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead -! * so no unnessecary calls to CryptImportPublicKeyInfo are being -! * made. WK -! */ -! if(!CryptImportPublicKeyInfo(ctx->hProv, -! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, -! &(pCert->pCertInfo->SubjectPublicKeyInfo), -! &(ctx->hKey))) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "CryptImportPublicKeyInfo", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); - } - ctx->pCert = pCert; - ---- 242,280 ---- - return(-1); - } - } else if((type & xmlSecKeyDataTypePublic) != 0){ -! if (!CryptAcquireContext(&(ctx->p_prov->hProv), - NULL, -! NULL, /*AF: replaces "ctx->providerName" with "NULL" */ - ctx->providerType, - CRYPT_VERIFYCONTEXT)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "CryptAcquireContext", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! ctx->dwKeySpec = 0; -! ctx->p_prov->freeprov = TRUE; -! -! if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv, -! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, -! &(pCert->pCertInfo->SubjectPublicKeyInfo), -! &(ctx->p_key->hKey) ) ) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "CryptImportPublicKeyInfo", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } - } else { -! xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Unsupported keytype"); -! return(-1); - } - ctx->pCert = pCert; - -*************** -*** 190,218 **** - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); - -! if(ctx->hKey != 0) { -! CryptDestroyKey(ctx->hKey); -! ctx->hKey = 0; -! } - - if(ctx->pCert != NULL) { - CertFreeCertificateContext(ctx->pCert); - ctx->pCert = NULL; - } - -! if((ctx->hProv != 0) && ctx->fCallerFreeProv) { -! CryptReleaseContext(ctx->hProv, 0); -! ctx->hProv = 0; -! ctx->fCallerFreeProv = FALSE; -! } else { -! ctx->hProv = 0; -! ctx->fCallerFreeProv = FALSE; -! } - -! ctx->hProv = hProv; -! ctx->fCallerFreeProv = fCallerFreeProv; - ctx->dwKeySpec = dwKeySpec; -! ctx->hKey = hKey; - ctx->type = type; - - return(0); ---- 298,323 ---- - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); - -! if( ctx->p_key != 0 ) { -! mscrypt_release_key( ctx->p_key ) ; -! ctx->p_key = NULL ; -! } - - if(ctx->pCert != NULL) { - CertFreeCertificateContext(ctx->pCert); - ctx->pCert = NULL; - } - -! if( ( ctx->p_prov ) ) { -! mscrypt_release_prov( ctx->p_prov ) ; -! ctx->p_prov = NULL ; -! } else { -! ctx->p_prov = NULL ; -! } - -! ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ; - ctx->dwKeySpec = dwKeySpec; -! ctx->p_key = mscrypt_create_key( hKey ) ; - ctx->type = type; - - return(0); -*************** -*** 238,244 **** - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, 0); - -! return(ctx->hKey); - } - - /** ---- 343,349 ---- - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, 0); - -! return( ctx->p_key ? ctx->p_key->hKey : 0 ); - } - - /** -*************** -*** 273,279 **** - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, 0); - -! return(ctx->hProv); - } - - DWORD ---- 378,384 ---- - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, 0); - -! return( ctx->p_prov ? ctx->p_prov->hProv : 0 ); - } - - DWORD -*************** -*** 316,340 **** - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -- } -- -- if (ctxSrc->hKey != 0) { -- if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), -- "CryptDuplicateKey", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } - } -! if(ctxSrc->hProv != 0) { -! CryptContextAddRef(ctxSrc->hProv, NULL, 0); -! ctxDst->hProv = ctxSrc->hProv; -! ctxDst->fCallerFreeProv = TRUE; -! } else { -! ctxDst->hProv = 0; -! ctxDst->fCallerFreeProv = FALSE; - } - - ctxDst->dwKeySpec = ctxSrc->dwKeySpec; ---- 421,456 ---- - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } -! -! if( ctxSrc->p_key ) { -! if( ctxDst->p_key ) -! mscrypt_release_key( ctxDst->p_key ) ; -! -! ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ; -! if( !ctxDst->p_key ) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), -! "mscrypt_acquire_key", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! } -! -! if( ctxSrc->p_prov ) { -! if( ctxDst->p_prov ) -! mscrypt_release_prov( ctxDst->p_prov ) ; -! -! ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ; -! if( !ctxDst->p_prov ) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), -! "mscrypt_acquire_prov", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } - } - - ctxDst->dwKeySpec = ctxSrc->dwKeySpec; -*************** -*** 355,370 **** - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert(ctx != NULL); - -! if (ctx->hKey != 0) { -! CryptDestroyKey(ctx->hKey); - } - - if(ctx->pCert != NULL) { - CertFreeCertificateContext(ctx->pCert); - } - -! if ((ctx->hProv != 0) && ctx->fCallerFreeProv) { -! CryptReleaseContext(ctx->hProv, 0); - } - - memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); ---- 471,486 ---- - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert(ctx != NULL); - -! if( ctx->p_key ) { -! mscrypt_release_key( ctx->p_key ) ; - } - - if(ctx->pCert != NULL) { - CertFreeCertificateContext(ctx->pCert); - } - -! if( ctx->p_prov ) { -! mscrypt_release_prov( ctx->p_prov ) ; - } - - memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); -*************** -*** 384,397 **** - xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); - return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); -! } else if (ctx->hKey != 0) { - DWORD length = 0; - DWORD lenlen = sizeof(DWORD); -! -! if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -! "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(0); ---- 500,513 ---- - xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); - return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); -! } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) { - DWORD length = 0; - DWORD lenlen = sizeof(DWORD); -! -! if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -! "CryptGetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(0); -*************** -*** 581,587 **** ---- 697,707 ---- - static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output); - static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output); - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), - xmlSecMSCryptoKeyDataSize, - -*************** -*** 938,946 **** - - ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(ctx->hKey != 0, -1); - -! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", ---- 1058,1067 ---- - - ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(ctx->p_key != 0, -1); -! xmlSecAssert2(ctx->p_key->hKey != 0, -1); - -! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", -*************** -*** 960,966 **** - } - - blob = xmlSecBufferGetData(&buf); -! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", ---- 1081,1087 ---- - } - - blob = xmlSecBufferGetData(&buf); -! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", -*************** -*** 1295,1301 **** ---- 1416,1426 ---- - static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, - FILE* output); - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), - xmlSecMSCryptoKeyDataSize, - -*************** -*** 1797,1805 **** - - ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(ctx->hKey != 0, -1); - -! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", ---- 1922,1931 ---- - - ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(ctx->p_key != 0, -1); -! xmlSecAssert2(ctx->p_key->hKey != 0, -1); - -! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", -*************** -*** 1819,1825 **** - } - - blob = xmlSecBufferGetData(&buf); -! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", ---- 1945,1951 ---- - } - - blob = xmlSecBufferGetData(&buf); -! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", -*************** -*** 2010,2016 **** - HCRYPTKEY hKey = 0; - DWORD dwKeySpec; - DWORD dwSize; -- int res = -1; - int ret; - - xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown); ---- 2136,2141 ---- -*************** -*** 2043,2054 **** - dwKeySpec = AT_SIGNATURE; - dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); - if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { -! xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CryptGenKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -! goto done; - } - - ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, ---- 2168,2181 ---- - dwKeySpec = AT_SIGNATURE; - dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); - if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { -! xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CryptGenKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -! if (hProv != 0) -! CryptReleaseContext(hProv, 0); -! return -1 ; - } - - ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, -*************** -*** 2059,2082 **** - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! hProv = 0; -! hKey = 0; - -! /* success */ -! res = 0; -! -! done: -! if (hProv != 0) { -! CryptReleaseContext(ctx->hProv, 0); - } - -! if (hKey != 0) { -! CryptDestroyKey(hKey); -! } -! -! return(res); - } - - static xmlSecKeyDataType ---- 2186,2202 ---- - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -! if( hKey != 0 ) -! CryptDestroyKey( hKey ) ; -! if( hProv != 0 ) -! CryptReleaseContext( hProv, 0 ) ; - -! return -1 ; - } -+ hProv = 0 ; -+ hKey = 0 ; - -! return 0 ; - } - - static xmlSecKeyDataType -*** misc/xmlsec1-1.2.6/src/mscrypto/ciphers.c Fri Sep 26 08:12:51 2003 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/ciphers.c Fri May 11 14:47:19 2007 -*************** -*** 785,791 **** ---- 785,795 ---- - * AES CBC cipher transforms - * - ********************************************************************/ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { -+ #else - static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ -*************** -*** 824,830 **** ---- 828,838 ---- - return(&xmlSecMSCryptoAes128CbcKlass); - } - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { -+ #else - static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ -*************** -*** 863,869 **** ---- 871,881 ---- - return(&xmlSecMSCryptoAes192CbcKlass); - } - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { -+ #else - static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ -*************** -*** 906,912 **** ---- 918,928 ---- - - - #ifndef XMLSEC_NO_DES -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { -+ #else - static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* size_t klassSize */ - xmlSecMSCryptoBlockCipherSize, /* size_t objSize */ -*** misc/xmlsec1-1.2.6/src/mscrypto/crypto.c Wed Nov 12 03:38:51 2003 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c Fri May 11 14:47:19 2007 -*************** -*** 330,342 **** - BYTE* - xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { - BYTE* str = NULL; -! - xmlSecAssert2(pszX500 != NULL, NULL); - xmlSecAssert2(len != NULL, NULL); - - if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, -! NULL, NULL, len, NULL)) { - /* this might not be an error, string might just not exist */ - return(NULL); - } - ---- 330,344 ---- - BYTE* - xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { - BYTE* str = NULL; -! LPCTSTR ppszError = NULL; -! - xmlSecAssert2(pszX500 != NULL, NULL); - xmlSecAssert2(len != NULL, NULL); - - if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, -! NULL, NULL, len, &ppszError)) { - /* this might not be an error, string might just not exist */ -+ DWORD dw = GetLastError(); - return(NULL); - } - -*** misc/xmlsec1-1.2.6/src/mscrypto/digests.c Tue Sep 30 04:09:51 2003 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/digests.c Fri May 11 14:47:19 2007 -*************** -*** 96,107 **** - - /* TODO: Check what provider is best suited here.... */ - if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! NULL, -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); - } - - return(0); ---- 96,110 ---- - - /* TODO: Check what provider is best suited here.... */ - if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { -! //#i57942# This is also committed in rev 1.4 of this file in the xmlsec project -! if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! NULL, -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! } -! return(0); - } - - return(0); -*************** -*** 298,304 **** ---- 301,311 ---- - * SHA1 - * - *****************************************************************************/ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { -+ #else - static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* size_t klassSize */ - xmlSecMSCryptoDigestSize, /* size_t objSize */ -*** misc/xmlsec1-1.2.6/src/mscrypto/keysstore.c Sat Sep 27 05:12:22 2003 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/keysstore.c Fri May 11 14:47:19 2007 -*************** -*** 62,68 **** ---- 62,72 ---- - const xmlChar* name, - xmlSecKeyInfoCtxPtr keyInfoCtx); - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { -+ #else - static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { -+ #endif - sizeof(xmlSecKeyStoreKlass), - xmlSecMSCryptoKeysStoreSize, - -*** misc/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c Fri Sep 26 22:29:25 2003 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c Fri May 11 14:47:19 2007 -*************** -*** 66,72 **** ---- 66,76 ---- - static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform, - xmlSecTransformCtxPtr transformCtx); - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { -+ #else - static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */ -*** misc/xmlsec1-1.2.6/src/mscrypto/signatures.c Fri Sep 26 22:29:25 2003 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/signatures.c Fri May 11 14:47:19 2007 -*************** -*** 483,489 **** ---- 483,493 ---- - * RSA-SHA1 signature transform - * - ***************************************************************************/ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { -+ #else - static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ -*************** -*** 531,537 **** ---- 535,545 ---- - * - ***************************************************************************/ - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { -+ #else - static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ -*** misc/xmlsec1-1.2.6/src/mscrypto/symkeys.c Fri Sep 26 02:58:13 2003 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/symkeys.c Fri May 11 14:47:19 2007 -*************** -*** 72,78 **** ---- 72,82 ---- - * <xmlsec:AESKeyValue> processing - * - *************************************************************************/ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), - xmlSecKeyDataBinarySize, - -*************** -*** 153,159 **** ---- 157,167 ---- - * <xmlsec:DESKeyValue> processing - * - *************************************************************************/ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), - xmlSecKeyDataBinarySize, - -*** misc/xmlsec1-1.2.6/src/mscrypto/x509.c Fri Sep 26 02:58:13 2003 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c Fri May 11 14:47:19 2007 -*************** -*** 240,246 **** ---- 240,250 ---- - - - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { -+ #else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { -+ #endif - sizeof(xmlSecKeyDataKlass), - xmlSecMSCryptoX509DataSize, - -*************** -*** 1572,1577 **** ---- 1576,1582 ---- - xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecMSCryptoX509DataCtxPtr ctx; - xmlSecKeyDataStorePtr x509Store; -+ PCCERT_CONTEXT pCert ; - int ret; - - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1); -*************** -*** 1610,1615 **** ---- 1615,1667 ---- - return(-1); - } - -+ /* -+ * I'll search key according to KeyReq. -+ */ -+ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; -+ if( pCert == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "CertDuplicateCertificateContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ return(-1); -+ } -+ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; -+ if(keyValue == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "xmlSecMSCryptoCertAdopt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ CertFreeCertificateContext( pCert ) ; -+ return(-1); -+ } -+ pCert = NULL ; -+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { -+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; -+ if(keyValue == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "xmlSecMSCryptoCertAdopt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ CertFreeCertificateContext( pCert ) ; -+ return(-1); -+ } -+ pCert = NULL ; -+ } -+ -+ -+ -+ /*- -+ * Get Public key from cert, which does not always work for sign action. -+ * - keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert); - if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -*************** -*** 1619,1624 **** ---- 1671,1721 ---- - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -+ */ -+ -+ /*- -+ * I'll search key according to KeyReq. -+ */ -+ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; -+ if( pCert == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "CertDuplicateCertificateContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ return(-1); -+ } -+ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; -+ if(keyValue == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "xmlSecMSCryptoCertAdopt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ CertFreeCertificateContext( pCert ) ; -+ return(-1); -+ } -+ pCert = NULL ; -+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { -+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; -+ if(keyValue == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "xmlSecMSCryptoCertAdopt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ -+ CertFreeCertificateContext( pCert ) ; -+ return(-1); -+ } -+ pCert = NULL ; -+ } -+ -+ - - /* verify that the key matches our expectations */ - if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { -*************** -*** 1882,1888 **** - xmlSecAssert2(nm->pbData != NULL, NULL); - xmlSecAssert2(nm->cbData > 0, NULL); - -! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0); - str = (char *)xmlMalloc(csz); - if (NULL == str) { - xmlSecError(XMLSEC_ERRORS_HERE, ---- 1979,1985 ---- - xmlSecAssert2(nm->pbData != NULL, NULL); - xmlSecAssert2(nm->cbData > 0, NULL); - -! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0); - str = (char *)xmlMalloc(csz); - if (NULL == str) { - xmlSecError(XMLSEC_ERRORS_HERE, -*************** -*** 1893,1899 **** - return (NULL); - } - -! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz); - if (csz < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, ---- 1990,1996 ---- - return (NULL); - } - -! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz); - if (csz < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -*************** -*** 1904,1920 **** - return(NULL); - } - -! res = xmlStrdup(BAD_CAST str); -! if(res == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlStrdup", -! XMLSEC_ERRORS_R_MALLOC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! xmlFree(str); -! return(NULL); - } -- - xmlFree(str); - return(res); - } ---- 2001,2037 ---- - return(NULL); - } - -! /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead. -! * don't ask me how is it possible not to read something you wrote yourself but also -! * see comment in the xmlSecMSCryptoX509FindCert function. -! */ -! if(strncmp(str, "E=", 2) == 0) { -! res = xmlMalloc(strlen(str) + 13 + 1); -! if(res == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlMalloc", -! XMLSEC_ERRORS_R_MALLOC_FAILED, -! "size=%d", -! strlen(str) + 13 + 1); -! xmlFree(str); -! return(NULL); -! } -! -! memcpy(res, "emailAddress=", 13); -! strcpy(res + 13, BAD_CAST (str + 2)); -! } else { -! res = xmlStrdup(BAD_CAST str); -! if(res == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlStrdup", -! XMLSEC_ERRORS_R_MALLOC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! xmlFree(str); -! return(NULL); -! } - } - xmlFree(str); - return(res); - } -*************** -*** 2153,2159 **** ---- 2270,2280 ---- - xmlSecSize bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx); - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), - sizeof(xmlSecKeyData), - -*** misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c Sat Sep 27 05:12:22 2003 ---- misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c Fri May 11 14:47:19 2007 -*************** -*** 70,76 **** ---- 70,80 ---- - static xmlSecByte * xmlSecMSCryptoX509NameRead (xmlSecByte *str, - int len); - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { -+ #else - static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { -+ #endif - sizeof(xmlSecKeyDataStoreKlass), - xmlSecMSCryptoX509StoreSize, - -*************** -*** 125,130 **** ---- 129,135 ---- - xmlChar *issuerName, xmlChar *issuerSerial, - xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { - xmlSecMSCryptoX509StoreCtxPtr ctx; -+ PCCERT_CONTEXT pCert ; - - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL); - xmlSecAssert2(keyInfoCtx != NULL, NULL); -*************** -*** 132,141 **** - ctx = xmlSecMSCryptoX509StoreGetCtx(store); - xmlSecAssert2(ctx != NULL, NULL); - xmlSecAssert2(ctx->untrusted != NULL, NULL); - -! return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski)); -! } - - - static void - xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { ---- 137,153 ---- - ctx = xmlSecMSCryptoX509StoreGetCtx(store); - xmlSecAssert2(ctx != NULL, NULL); - xmlSecAssert2(ctx->untrusted != NULL, NULL); -+ xmlSecAssert2(ctx->trusted != NULL, NULL); - -! pCert = NULL ; -! if( ctx->untrusted != NULL ) -! pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ; -! -! if( ctx->trusted != NULL && pCert == NULL ) -! pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ; - -+ return( pCert ) ; -+ } - - static void - xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { -*************** -*** 252,268 **** - } - - static BOOL -! xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs, -! xmlSecKeyInfoCtx* keyInfoCtx) { - xmlSecMSCryptoX509StoreCtxPtr ctx; - PCCERT_CONTEXT issuerCert = NULL; - FILETIME fTime; - DWORD flags; - - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); - xmlSecAssert2(cert != NULL, FALSE); - xmlSecAssert2(cert->pCertInfo != NULL, FALSE); -! xmlSecAssert2(certs != NULL, FALSE); - xmlSecAssert2(keyInfoCtx != NULL, FALSE); - - ctx = xmlSecMSCryptoX509StoreGetCtx(store); ---- 264,285 ---- - } - - static BOOL -! xmlSecMSCryptoX509StoreConstructCertsChain( -! xmlSecKeyDataStorePtr store , -! PCCERT_CONTEXT cert , -! HCERTSTORE certStore , -! xmlSecKeyInfoCtx* keyInfoCtx -! ) { - xmlSecMSCryptoX509StoreCtxPtr ctx; - PCCERT_CONTEXT issuerCert = NULL; - FILETIME fTime; - DWORD flags; -+ BOOL selfSigned ; - - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); - xmlSecAssert2(cert != NULL, FALSE); - xmlSecAssert2(cert->pCertInfo != NULL, FALSE); -! xmlSecAssert2(certStore != NULL, FALSE); - xmlSecAssert2(keyInfoCtx != NULL, FALSE); - - ctx = xmlSecMSCryptoX509StoreGetCtx(store); -*************** -*** 283,342 **** - return(FALSE); - } - -! if (!xmlSecMSCryptoCheckRevocation(certs, cert)) { - return(FALSE); - } - -! /* try the untrusted certs in the chain */ -! issuerCert = CertFindCertificateInStore(certs, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_FIND_SUBJECT_NAME, -! &(cert->pCertInfo->Issuer), - NULL); -! if(issuerCert == cert) { -! /* self signed cert, forget it */ -! CertFreeCertificateContext(issuerCert); -! } else if(issuerCert != NULL) { -! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; -! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { -! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -! CertFreeCertificateContext(issuerCert); -! return(FALSE); -! } -! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { -! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -! CertFreeCertificateContext(issuerCert); -! return(FALSE); -! } -! CertFreeCertificateContext(issuerCert); -! return(TRUE); - } - -! /* try the untrusted certs in the store */ -! issuerCert = CertFindCertificateInStore(ctx->untrusted, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_FIND_SUBJECT_NAME, - &(cert->pCertInfo->Issuer), - NULL); -! if(issuerCert == cert) { -! /* self signed cert, forget it */ -! CertFreeCertificateContext(issuerCert); -! } else if(issuerCert != NULL) { -! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; -! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { -! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -! CertFreeCertificateContext(issuerCert); -! return(FALSE); -! } -! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { -! CertFreeCertificateContext(issuerCert); -! return(FALSE); - } -- CertFreeCertificateContext(issuerCert); -- return(TRUE); -- } - - /* try to find issuer cert in the trusted cert in the store */ - issuerCert = CertFindCertificateInStore(ctx->trusted, ---- 300,384 ---- - return(FALSE); - } - -! if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) { - return(FALSE); - } - -! /*- -! * Firstly try to find the cert in the trusted cert store. We will trust -! * the certificate in the trusted store. -! */ -! issuerCert = CertFindCertificateInStore(ctx->trusted, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_FIND_SUBJECT_NAME, -! &(cert->pCertInfo->Subject), - NULL); -! if( issuerCert != NULL ) { -! /* We have found the trusted cert, so return true */ -! CertFreeCertificateContext( issuerCert ) ; -! return( TRUE ) ; - } - -! /* Check whether the certificate is self signed certificate */ -! selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ; -! -! /* try the untrusted certs in the chain */ -! if( !selfSigned ) { -! issuerCert = CertFindCertificateInStore(certStore, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_FIND_SUBJECT_NAME, - &(cert->pCertInfo->Issuer), - NULL); -! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { -! /* self signed cert, forget it */ -! CertFreeCertificateContext(issuerCert); -! } else if(issuerCert != NULL) { -! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; -! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { -! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -! CertFreeCertificateContext(issuerCert); -! return(FALSE); -! } -! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { -! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -! CertFreeCertificateContext(issuerCert); -! return(FALSE); -! } -! -! CertFreeCertificateContext(issuerCert); -! return(TRUE); -! } -! } -! -! /* try the untrusted certs in the store */ -! if( !selfSigned ) { -! issuerCert = CertFindCertificateInStore(ctx->untrusted, -! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, -! 0, -! CERT_FIND_SUBJECT_NAME, -! &(cert->pCertInfo->Issuer), -! NULL); -! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { -! /* self signed cert, forget it */ -! CertFreeCertificateContext(issuerCert); -! } else if(issuerCert != NULL) { -! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; -! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { -! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); -! CertFreeCertificateContext(issuerCert); -! return(FALSE); -! } -! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { -! CertFreeCertificateContext(issuerCert); -! return(FALSE); -! } -! -! CertFreeCertificateContext(issuerCert); -! return(TRUE); -! } - } - - /* try to find issuer cert in the trusted cert in the store */ - issuerCert = CertFindCertificateInStore(ctx->trusted, -*************** -*** 379,404 **** - xmlSecAssert2(certs != NULL, NULL); - xmlSecAssert2(keyInfoCtx != NULL, NULL); - -! while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){ -! PCCERT_CONTEXT nextCert = NULL; - -! xmlSecAssert2(cert->pCertInfo != NULL, NULL); - -! /* if cert is the issuer of any other cert in the list, then it is -! * to be skipped */ -! nextCert = CertFindCertificateInStore(certs, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_FIND_ISSUER_NAME, - &(cert->pCertInfo->Subject), -! NULL); -! if(nextCert != NULL) { -! CertFreeCertificateContext(nextCert); -! continue; -! } -! if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { -! return(cert); -! } - } - - return (NULL); ---- 421,481 ---- - xmlSecAssert2(certs != NULL, NULL); - xmlSecAssert2(keyInfoCtx != NULL, NULL); - -! while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) { -! PCCERT_CONTEXT nextCert ; -! unsigned char selected ; - -! xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ; - -! /* if cert is the issuer of any other cert in the list, then it is -! * to be skipped except that the cert list only have one self-signed -! * certificate. -! */ -! for( selected = 0, nextCert = NULL ; ; ) { -! nextCert = CertFindCertificateInStore( certs, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_FIND_ISSUER_NAME, - &(cert->pCertInfo->Subject), -! nextCert ) ; -! if( nextCert != NULL ) { -! if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) { -! selected = 1 ; -! continue ; -! } else { -! selected = 0 ; -! break ; -! } -! } else { -! selected = 1 ; -! break ; -! } -! } -! -! if( nextCert != NULL ) -! CertFreeCertificateContext( nextCert ) ; -! -! if( !selected ) { -! continue ; -! } -! -! /* JL: OpenOffice.org implements its own certificate verification routine. -! The goal is to seperate validation of the signature -! and the certificate. For example, OOo could show that the document signature is valid, -! but the certificate could not be verified. If we do not prevent the verification of -! the certificate by libxmlsec and the verification fails, then the XML signature will not be -! verified. This would happen, for example, if the root certificate is not installed. -! -! In the store schould only be the certificate from the X509Certificate element -! and the X509IssuerSerial element. The latter is only there -! if the certificate is installed. Both certificates must be the same! -! In case of writing the signature, the store contains only the certificate that -! was created based on the information from the X509IssuerSerial element. */ -! return cert; -! -! /* if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) { -! return( cert ) ; -! } */ - } - - return (NULL); -*************** -*** 458,466 **** ---- 535,660 ---- - return(0); - } - -+ int -+ xmlSecMSCryptoX509StoreAdoptKeyStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE keyStore -+ ) { -+ xmlSecMSCryptoX509StoreCtxPtr ctx; -+ int ret; -+ -+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); -+ xmlSecAssert2( keyStore != NULL, -1); -+ -+ ctx = xmlSecMSCryptoX509StoreGetCtx(store); -+ xmlSecAssert2(ctx != NULL, -1); -+ xmlSecAssert2(ctx->trusted != NULL, -1); -+ -+ if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertAddStoreToCollection", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ { -+ PCCERT_CONTEXT ptCert ; -+ -+ ptCert = NULL ; -+ while( 1 ) { -+ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; -+ if( ptCert == NULL ) -+ break ; -+ } -+ } -+ -+ return(0); -+ } -+ -+ int -+ xmlSecMSCryptoX509StoreAdoptTrustedStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE trustedStore -+ ) { -+ xmlSecMSCryptoX509StoreCtxPtr ctx; -+ int ret; -+ -+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); -+ xmlSecAssert2( trustedStore != NULL, -1); -+ -+ ctx = xmlSecMSCryptoX509StoreGetCtx(store); -+ xmlSecAssert2(ctx != NULL, -1); -+ xmlSecAssert2(ctx->trusted != NULL, -1); -+ -+ if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertAddStoreToCollection", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ { -+ PCCERT_CONTEXT ptCert ; -+ -+ ptCert = NULL ; -+ while( 1 ) { -+ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; -+ if( ptCert == NULL ) -+ break ; -+ } -+ } -+ -+ return(0); -+ } -+ -+ int -+ xmlSecMSCryptoX509StoreAdoptUntrustedStore ( -+ xmlSecKeyDataStorePtr store, -+ HCERTSTORE untrustedStore -+ ) { -+ xmlSecMSCryptoX509StoreCtxPtr ctx; -+ int ret; -+ -+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); -+ xmlSecAssert2( untrustedStore != NULL, -1); -+ -+ ctx = xmlSecMSCryptoX509StoreGetCtx(store); -+ xmlSecAssert2(ctx != NULL, -1); -+ xmlSecAssert2(ctx->untrusted != NULL, -1); -+ -+ if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertAddStoreToCollection", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ { -+ PCCERT_CONTEXT ptCert ; -+ -+ ptCert = NULL ; -+ while( 1 ) { -+ ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ; -+ if( ptCert == NULL ) -+ break ; -+ } -+ } -+ -+ return(0); -+ } -+ - static int - xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { - xmlSecMSCryptoX509StoreCtxPtr ctx; -+ HCERTSTORE hTrustedMemStore ; -+ HCERTSTORE hUntrustedMemStore ; -+ - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); - - ctx = xmlSecMSCryptoX509StoreGetCtx(store); -*************** -*** 468,503 **** - - memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); - - /* create trusted certs store */ -! ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_STORE_CREATE_NEW_FLAG, - NULL); -! if(ctx->trusted == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - -! /* create trusted certs store */ -! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_STORE_CREATE_NEW_FLAG, - NULL); -! if(ctx->untrusted == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); - } - ---- 662,765 ---- - - memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); - -+ /* create trusted certs store collection */ -+ ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, -+ 0, -+ NULL, -+ 0, -+ NULL); -+ if(ctx->trusted == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertOpenStore", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ - /* create trusted certs store */ -! hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_STORE_CREATE_NEW_FLAG, - NULL); -! if(hTrustedMemStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ ctx->trusted = NULL ; - return(-1); - } - -! /* add the memory trusted certs store to trusted certs store collection */ -! if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! "CertAddStoreToCollection", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); -! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); -! ctx->trusted = NULL ; -! return(-1); -! } -! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); -! -! /* create untrusted certs store collection */ -! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, -! 0, -! NULL, -! 0, -! NULL); -! if(ctx->untrusted == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! "CertOpenStore", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); -! ctx->trusted = NULL ; -! return(-1); -! } -! -! /* create untrusted certs store */ -! hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_STORE_CREATE_NEW_FLAG, - NULL); -! if(hUntrustedMemStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ ctx->trusted = NULL ; -+ ctx->untrusted = NULL ; - return(-1); - } - -+ /* add the memory trusted certs store to untrusted certs store collection */ -+ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -+ "CertAddStoreToCollection", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); -+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); -+ ctx->trusted = NULL ; -+ ctx->untrusted = NULL ; -+ return(-1); -+ } -+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); -+ - return(0); - } - -*************** -*** 567,576 **** ---- 829,869 ---- - - if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) { - xmlSecBn issuerSerialBn; -+ xmlChar * p; - CERT_NAME_BLOB cnb; -+ CRYPT_INTEGER_BLOB cib; - BYTE *cName = NULL; - DWORD cNameLen = 0; -+ -+ /* aleksey: for some unknown to me reasons, mscrypto wants Email -+ * instead of emailAddress. This code is not bullet proof and may -+ * produce incorrect results if someone has "emailAddress=" string -+ * in one of the fields, but it is best I can suggest to fix this problem. -+ * Also see xmlSecMSCryptoX509NameWrite function. -+ */ -+ while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) { -+ memcpy(p, " Email=", 13); -+ } -+ - -+ -+ /* get issuer name */ -+ cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, -+ issuerName, -+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, -+ &cNameLen); -+ if(cName == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecMSCryptoCertStrToName", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return (NULL); -+ } -+ cnb.pbData = cName; -+ cnb.cbData = cNameLen; -+ -+ /* get serial number */ - ret = xmlSecBnInitialize(&issuerSerialBn, 0); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -*************** -*** 578,583 **** ---- 871,877 ---- - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -+ xmlFree(cName); - return(NULL); - } - -*************** -*** 589,614 **** - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecBnFinalize(&issuerSerialBn); -! return(NULL); - } - -! cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, -! issuerName, -! CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, -! &cNameLen); -! if(cName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -! "xmlSecMSCryptoCertStrToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecBnFinalize(&issuerSerialBn); -! return (NULL); - } - -! cnb.pbData = cName; -! cnb.cbData = cNameLen; -! while((pCert = CertFindCertificateInStore(store, - PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, - 0, - CERT_FIND_ISSUER_NAME, ---- 883,912 ---- - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecBnFinalize(&issuerSerialBn); -! xmlFree(cName); -! return(NULL); - } - -! /* I have no clue why at a sudden a swap is needed to -! * convert from lsb... This code is purely based upon -! * trial and error :( WK -! */ -! ret = xmlSecBnReverse(&issuerSerialBn); -! if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -! "xmlSecBnReverse", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecBnFinalize(&issuerSerialBn); -! xmlFree(cName); -! return(NULL); - } - -! cib.pbData = xmlSecBufferGetData(&issuerSerialBn); -! cib.cbData = xmlSecBufferGetSize(&issuerSerialBn); -! -! while((pCert = CertFindCertificateInStore(store, - PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, - 0, - CERT_FIND_ISSUER_NAME, -*************** -*** 622,631 **** - if((pCert->pCertInfo != NULL) && - (pCert->pCertInfo->SerialNumber.pbData != NULL) && - (pCert->pCertInfo->SerialNumber.cbData > 0) && -! (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData, -! pCert->pCertInfo->SerialNumber.cbData))) { -! -! break; - } - } - xmlFree(cName); ---- 920,928 ---- - if((pCert->pCertInfo != NULL) && - (pCert->pCertInfo->SerialNumber.pbData != NULL) && - (pCert->pCertInfo->SerialNumber.cbData > 0) && -! (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE) -! ) { -! break; - } - } - xmlFree(cName); -*** misc/xmlsec1-1.2.6/src/nss/Makefile.am Tue Sep 16 11:43:03 2003 ---- misc/build/xmlsec1-1.2.6/src/nss/Makefile.am Fri May 11 14:47:19 2007 -*************** -*** 20,40 **** - $(NULL) - - libxmlsec1_nss_la_SOURCES =\ - app.c \ - bignum.c \ - ciphers.c \ - crypto.c \ - digests.c \ - hmac.c \ - pkikeys.c \ - signatures.c \ - symkeys.c \ - x509.c \ - x509vfy.c \ -- keysstore.c \ -- kt_rsa.c \ -- kw_des.c \ -- kw_aes.c \ - $(NULL) - - libxmlsec1_nss_la_LIBADD = \ ---- 20,41 ---- - $(NULL) - - libxmlsec1_nss_la_SOURCES =\ -+ akmngr.c \ - app.c \ - bignum.c \ - ciphers.c \ - crypto.c \ - digests.c \ - hmac.c \ -+ keysstore.c \ -+ keytrans.c \ -+ keywrapers.c \ - pkikeys.c \ - signatures.c \ - symkeys.c \ -+ tokens.c \ - x509.c \ - x509vfy.c \ - $(NULL) - - libxmlsec1_nss_la_LIBADD = \ -*** misc/xmlsec1-1.2.6/src/nss/Makefile.in Thu Aug 26 08:00:32 2004 ---- misc/build/xmlsec1-1.2.6/src/nss/Makefile.in Fri May 11 14:47:19 2007 -*************** -*** 54,62 **** - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) - am__objects_1 = -! am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \ - digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ -! x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \ - $(am__objects_1) - libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) - DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) ---- 54,62 ---- - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) - am__objects_1 = -! am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \ - digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ -! x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \ - $(am__objects_1) - libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) - DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) -*************** -*** 65,75 **** - @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) - LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ ---- 65,75 ---- - @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ - @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ -! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) - LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ -*************** -*** 321,341 **** - $(NULL) - - libxmlsec1_nss_la_SOURCES = \ - app.c \ - bignum.c \ - ciphers.c \ - crypto.c \ - digests.c \ - hmac.c \ - pkikeys.c \ - signatures.c \ - symkeys.c \ - x509.c \ - x509vfy.c \ -- keysstore.c \ -- kt_rsa.c \ -- kw_des.c \ -- kw_aes.c \ - $(NULL) - - libxmlsec1_nss_la_LIBADD = \ ---- 321,342 ---- - $(NULL) - - libxmlsec1_nss_la_SOURCES = \ -+ akmngr.c \ - app.c \ - bignum.c \ - ciphers.c \ - crypto.c \ - digests.c \ - hmac.c \ -+ keysstore.c \ -+ keytrans.c \ -+ keywrappers.c \ - pkikeys.c \ - signatures.c \ - symkeys.c \ -+ tokens.c \ - x509.c \ - x509vfy.c \ - $(NULL) - - libxmlsec1_nss_la_LIBADD = \ -*************** -*** 418,423 **** ---- 419,425 ---- - distclean-compile: - -rm -f *.tab.c - -+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ -*************** -*** 425,433 **** - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ ---- 427,435 ---- - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@ -! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ -*** misc/xmlsec1-1.2.6/src/nss/akmngr.c Fri May 11 14:47:44 2007 ---- misc/build/xmlsec1-1.2.6/src/nss/akmngr.c Fri May 11 14:47:19 2007 -*************** -*** 1 **** -! dummy ---- 1,384 ---- -! /** -! * XMLSec library -! * -! * This is free software; see Copyright file in the source -! * distribution for preciese wording. -! * -! * Copyright......................... -! */ -! #include "globals.h" -! -! #include <nspr.h> -! #include <nss.h> -! #include <pk11func.h> -! #include <cert.h> -! #include <keyhi.h> -! -! #include <xmlsec/xmlsec.h> -! #include <xmlsec/keys.h> -! #include <xmlsec/transforms.h> -! #include <xmlsec/errors.h> -! -! #include <xmlsec/nss/crypto.h> -! #include <xmlsec/nss/tokens.h> -! #include <xmlsec/nss/akmngr.h> -! #include <xmlsec/nss/pkikeys.h> -! #include <xmlsec/nss/ciphers.h> -! #include <xmlsec/nss/keysstore.h> -! -! /** -! * xmlSecNssAppliedKeysMngrCreate: -! * @slot: array of pointers to NSS PKCS#11 slot infomation. -! * @cSlots: number of slots in the array -! * @handler: the pointer to NSS certificate database. -! * -! * Create and load NSS crypto slot and certificate database into keys manager -! * -! * Returns keys manager pointer on success or NULL otherwise. -! */ -! xmlSecKeysMngrPtr -! xmlSecNssAppliedKeysMngrCreate( -! PK11SlotInfo** slots, -! int cSlots, -! CERTCertDBHandle* handler -! ) { -! xmlSecKeyDataStorePtr certStore = NULL ; -! xmlSecKeysMngrPtr keyMngr = NULL ; -! xmlSecKeyStorePtr keyStore = NULL ; -! int islot = 0; -! keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; -! if( keyStore == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeyStoreCreate" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return NULL ; -! } -! -! for (islot = 0; islot < cSlots; islot++) -! { -! xmlSecNssKeySlotPtr keySlot ; -! -! /* Create a key slot */ -! keySlot = xmlSecNssKeySlotCreate() ; -! if( keySlot == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -! "xmlSecNssKeySlotCreate" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeyStoreDestroy( keyStore ) ; -! return NULL ; -! } -! -! /* Set slot */ -! if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -! "xmlSecNssKeySlotSetSlot" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeyStoreDestroy( keyStore ) ; -! xmlSecNssKeySlotDestroy( keySlot ) ; -! return NULL ; -! } -! -! /* Adopt keySlot */ -! if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -! "xmlSecNssKeysStoreAdoptKeySlot" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeyStoreDestroy( keyStore ) ; -! xmlSecNssKeySlotDestroy( keySlot ) ; -! return NULL ; -! } -! } -! -! keyMngr = xmlSecKeysMngrCreate() ; -! if( keyMngr == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeysMngrCreate" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeyStoreDestroy( keyStore ) ; -! return NULL ; -! } -! -! /*- -! * Add key store to manager, from now on keys manager destroys the store if -! * needed -! */ -! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -! "xmlSecKeysMngrAdoptKeyStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeyStoreDestroy( keyStore ) ; -! xmlSecKeysMngrDestroy( keyMngr ) ; -! return NULL ; -! } -! -! /*- -! * Initialize crypto library specific data in keys manager -! */ -! if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeysMngrCreate" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeysMngrDestroy( keyMngr ) ; -! return NULL ; -! } -! -! /*- -! * Set certificate databse to X509 key data store -! */ -! /** -! * Because Tej's implementation of certDB use the default DB, so I ignore -! * the certDB handler at present. I'll modify the cert store sources to -! * accept particular certDB instead of default ones. -! certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; -! if( certStore == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -! "xmlSecKeysMngrGetDataStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeysMngrDestroy( keyMngr ) ; -! return NULL ; -! } -! -! if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -! "xmlSecNssKeyDataStoreX509SetCertDb" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeysMngrDestroy( keyMngr ) ; -! return NULL ; -! } -! */ -! -! /*- -! * Set the getKey callback -! */ -! keyMngr->getKey = xmlSecKeysMngrGetKey ; -! -! return keyMngr ; -! } -! -! int -! xmlSecNssAppliedKeysMngrSymKeyLoad( -! xmlSecKeysMngrPtr mngr , -! PK11SymKey* symKey -! ) { -! xmlSecKeyPtr key ; -! xmlSecKeyDataPtr data ; -! xmlSecKeyStorePtr keyStore ; -! -! xmlSecAssert2( mngr != NULL , -1 ) ; -! xmlSecAssert2( symKey != NULL , -1 ) ; -! -! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -! if( keyStore == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeysMngrGetKeysStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1) ; -! } -! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -! -! data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; -! if( data == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSymKeyDataKeyAdopt" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1) ; -! } -! -! key = xmlSecKeyCreate() ; -! if( key == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSymKeyDataKeyAdopt" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! if( xmlSecKeySetValue( key , data ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSymKeyDataKeyAdopt" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSymKeyDataKeyAdopt" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDestroy( key ) ; -! return(-1) ; -! } -! -! return(0) ; -! } -! -! int -! xmlSecNssAppliedKeysMngrPubKeyLoad( -! xmlSecKeysMngrPtr mngr , -! SECKEYPublicKey* pubKey -! ) { -! xmlSecKeyPtr key ; -! xmlSecKeyDataPtr data ; -! xmlSecKeyStorePtr keyStore ; -! -! xmlSecAssert2( mngr != NULL , -1 ) ; -! xmlSecAssert2( pubKey != NULL , -1 ) ; -! -! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -! if( keyStore == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeysMngrGetKeysStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1) ; -! } -! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -! -! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; -! if( data == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssPKIAdoptKey" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1) ; -! } -! -! key = xmlSecKeyCreate() ; -! if( key == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSymKeyDataKeyAdopt" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! if( xmlSecKeySetValue( key , data ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSymKeyDataKeyAdopt" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSymKeyDataKeyAdopt" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDestroy( key ) ; -! return(-1) ; -! } -! -! return(0) ; -! } -! -! int -! xmlSecNssAppliedKeysMngrPriKeyLoad( -! xmlSecKeysMngrPtr mngr , -! SECKEYPrivateKey* priKey -! ) { -! xmlSecKeyPtr key ; -! xmlSecKeyDataPtr data ; -! xmlSecKeyStorePtr keyStore ; -! -! xmlSecAssert2( mngr != NULL , -1 ) ; -! xmlSecAssert2( priKey != NULL , -1 ) ; -! -! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -! if( keyStore == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeysMngrGetKeysStore" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1) ; -! } -! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -! -! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; -! if( data == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssPKIAdoptKey" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1) ; -! } -! -! key = xmlSecKeyCreate() ; -! if( key == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSymKeyDataKeyAdopt" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! if( xmlSecKeySetValue( key , data ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSymKeyDataKeyAdopt" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSymKeyDataKeyAdopt" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDestroy( key ) ; -! return(-1) ; -! } -! -! return(0) ; -! } -! -*** misc/xmlsec1-1.2.6/src/nss/ciphers.c Fri Sep 26 02:58:15 2003 ---- misc/build/xmlsec1-1.2.6/src/nss/ciphers.c Fri May 11 14:47:19 2007 -*************** -*** 1,838 **** -! /** -! * XMLSec library -! * -! * This is free software; see Copyright file in the source -! * distribution for preciese wording. -! * -! * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> -! * Copyright (c) 2003 America Online, Inc. All rights reserved. -! */ - #include "globals.h" - - #include <string.h> - -- #include <nspr.h> - #include <nss.h> -- #include <secoid.h> - #include <pk11func.h> - - #include <xmlsec/xmlsec.h> - #include <xmlsec/keys.h> - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> - -! #define XMLSEC_NSS_MAX_KEY_SIZE 32 -! #define XMLSEC_NSS_MAX_IV_SIZE 32 -! #define XMLSEC_NSS_MAX_BLOCK_SIZE 32 -! -! /************************************************************************** -! * -! * Internal Nss Block cipher CTX - * -! *****************************************************************************/ -! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, -! *xmlSecNssBlockCipherCtxPtr; - struct _xmlSecNssBlockCipherCtx { -! CK_MECHANISM_TYPE cipher; -! PK11Context* cipherCtx; -! xmlSecKeyDataId keyId; -! int keyInitialized; -! int ctxInitialized; -! xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; -! xmlSecSize keySize; -! xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; -! xmlSecSize ivSize; -! }; -! static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, -! xmlSecBufferPtr in, -! xmlSecBufferPtr out, -! int encrypt, -! const xmlChar* cipherName, -! xmlSecTransformCtxPtr transformCtx); -! static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, -! xmlSecBufferPtr in, -! xmlSecBufferPtr out, -! int encrypt, -! const xmlChar* cipherName, -! xmlSecTransformCtxPtr transformCtx); -! static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, -! xmlSecBufferPtr in, -! xmlSecBufferPtr out, -! int encrypt, -! const xmlChar* cipherName, -! xmlSecTransformCtxPtr transformCtx); -! static int -! xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, -! xmlSecBufferPtr in, xmlSecBufferPtr out, -! int encrypt, -! const xmlChar* cipherName, -! xmlSecTransformCtxPtr transformCtx) { -! SECItem keyItem; -! SECItem ivItem; -! PK11SlotInfo* slot; -! PK11SymKey* symKey; -! int ivLen; -! SECStatus rv; -! int ret; -! -! xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(ctx->cipher != 0, -1); -! xmlSecAssert2(ctx->cipherCtx == NULL, -1); -! xmlSecAssert2(ctx->keyInitialized != 0, -1); -! xmlSecAssert2(ctx->ctxInitialized == 0, -1); -! xmlSecAssert2(in != NULL, -1); -! xmlSecAssert2(out != NULL, -1); -! xmlSecAssert2(transformCtx != NULL, -1); -! -! ivLen = PK11_GetIVLength(ctx->cipher); -! xmlSecAssert2(ivLen > 0, -1); -! xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); -! -! if(encrypt) { -! /* generate random iv */ -! rv = PK11_GenerateRandom(ctx->iv, ivLen); -! if(rv != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "PK11_GenerateRandom", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "size=%d", ivLen); -! return(-1); -! } -! -! /* write iv to the output */ -! ret = xmlSecBufferAppend(out, ctx->iv, ivLen); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "xmlSecBufferAppend", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=%d", ivLen); -! return(-1); -! } -! -! } else { -! /* if we don't have enough data, exit and hope that -! * we'll have iv next time */ -! if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { -! return(0); -! } -! -! /* copy iv to our buffer*/ -! xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); -! memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); -! -! /* and remove from input */ -! ret = xmlSecBufferRemoveHead(in, ivLen); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "xmlSecBufferRemoveHead", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=%d", ivLen); -! return(-1); - } -! } - -! memset(&keyItem, 0, sizeof(keyItem)); -! keyItem.data = ctx->key; -! keyItem.len = ctx->keySize; -! memset(&ivItem, 0, sizeof(ivItem)); -! ivItem.data = ctx->iv; -! ivItem.len = ctx->ivSize; -! -! slot = PK11_GetBestSlot(ctx->cipher, NULL); -! if(slot == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "PK11_GetBestSlot", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! -! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, -! CKA_SIGN, &keyItem, NULL); -! if(symKey == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "PK11_ImportSymKey", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! PK11_FreeSlot(slot); -! return(-1); -! } - -! ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, -! (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, -! symKey, &ivItem); -! if(ctx->cipherCtx == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "PK11_CreateContextBySymKey", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! PK11_FreeSymKey(symKey); -! PK11_FreeSlot(slot); -! return(-1); - } -! -! ctx->ctxInitialized = 1; -! PK11_FreeSymKey(symKey); -! PK11_FreeSlot(slot); -! return(0); - } - -! static int -! xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, -! xmlSecBufferPtr in, xmlSecBufferPtr out, -! int encrypt, -! const xmlChar* cipherName, -! xmlSecTransformCtxPtr transformCtx) { -! xmlSecSize inSize, inBlocks, outSize; -! int blockLen; -! int outLen = 0; -! xmlSecByte* outBuf; -! SECStatus rv; -! int ret; -! -! xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(ctx->cipher != 0, -1); -! xmlSecAssert2(ctx->cipherCtx != NULL, -1); -! xmlSecAssert2(ctx->ctxInitialized != 0, -1); -! xmlSecAssert2(in != NULL, -1); -! xmlSecAssert2(out != NULL, -1); -! xmlSecAssert2(transformCtx != NULL, -1); - -! blockLen = PK11_GetBlockSize(ctx->cipher, NULL); -! xmlSecAssert2(blockLen > 0, -1); - -! inSize = xmlSecBufferGetSize(in); -! outSize = xmlSecBufferGetSize(out); -! -! if(inSize < (xmlSecSize)blockLen) { -! return(0); -! } - -! if(encrypt) { -! inBlocks = inSize / ((xmlSecSize)blockLen); -! } else { -! /* we want to have the last block in the input buffer -! * for padding check */ -! inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); -! } -! inSize = inBlocks * ((xmlSecSize)blockLen); - -! /* we write out the input size plus may be one block */ -! ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "xmlSecBufferSetMaxSize", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=%d", outSize + inSize + blockLen); -! return(-1); -! } -! outBuf = xmlSecBufferGetData(out) + outSize; -! -! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, -! xmlSecBufferGetData(in), inSize); -! if(rv != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "PK11_CipherOp", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! xmlSecAssert2((xmlSecSize)outLen == inSize, -1); -! -! /* set correct output buffer size */ -! ret = xmlSecBufferSetSize(out, outSize + outLen); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "xmlSecBufferSetSize", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=%d", outSize + outLen); -! return(-1); -! } -! -! /* remove the processed block from input */ -! ret = xmlSecBufferRemoveHead(in, inSize); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "xmlSecBufferRemoveHead", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=%d", inSize); -! return(-1); -! } -! return(0); - } - -! static int -! xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, -! xmlSecBufferPtr in, -! xmlSecBufferPtr out, -! int encrypt, -! const xmlChar* cipherName, -! xmlSecTransformCtxPtr transformCtx) { -! xmlSecSize inSize, outSize; -! int blockLen, outLen = 0; -! xmlSecByte* inBuf; -! xmlSecByte* outBuf; -! SECStatus rv; -! int ret; -! -! xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(ctx->cipher != 0, -1); -! xmlSecAssert2(ctx->cipherCtx != NULL, -1); -! xmlSecAssert2(ctx->ctxInitialized != 0, -1); -! xmlSecAssert2(in != NULL, -1); -! xmlSecAssert2(out != NULL, -1); -! xmlSecAssert2(transformCtx != NULL, -1); -! -! blockLen = PK11_GetBlockSize(ctx->cipher, NULL); -! xmlSecAssert2(blockLen > 0, -1); - -! inSize = xmlSecBufferGetSize(in); -! outSize = xmlSecBufferGetSize(out); - -! if(encrypt != 0) { -! xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); -! -! /* create padding */ -! ret = xmlSecBufferSetMaxSize(in, blockLen); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "xmlSecBufferSetMaxSize", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=%d", blockLen); -! return(-1); -! } -! inBuf = xmlSecBufferGetData(in); -! -! /* generate random padding */ -! if((xmlSecSize)blockLen > (inSize + 1)) { -! rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); -! if(rv != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "PK11_GenerateRandom", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "size=%d", blockLen - inSize - 1); -! return(-1); -! } -! } -! inBuf[blockLen - 1] = blockLen - inSize; -! inSize = blockLen; -! } else { -! if(inSize != (xmlSecSize)blockLen) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "data=%d;block=%d", inSize, blockLen); -! return(-1); - } -- } -- -- /* process last block */ -- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferSetMaxSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + 2 * blockLen); -- return(-1); -- } -- outBuf = xmlSecBufferGetData(out) + outSize; - -! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, -! xmlSecBufferGetData(in), inSize); -! if(rv != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "PK11_CipherOp", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! xmlSecAssert2((xmlSecSize)outLen == inSize, -1); -! -! if(encrypt == 0) { -! /* check padding */ -! if(outLen < outBuf[blockLen - 1]) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "padding=%d;buffer=%d", -! outBuf[blockLen - 1], outLen); -! return(-1); -! } -! outLen -= outBuf[blockLen - 1]; -! } -! -! /* set correct output buffer size */ -! ret = xmlSecBufferSetSize(out, outSize + outLen); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "xmlSecBufferSetSize", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=%d", outSize + outLen); -! return(-1); -! } - -! /* remove the processed block from input */ -! ret = xmlSecBufferRemoveHead(in, inSize); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(cipherName), -! "xmlSecBufferRemoveHead", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "size=%d", inSize); -! return(-1); -! } - -! return(0); - } - -! -! /****************************************************************************** -! * -! * EVP Block Cipher transforms - * -! * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure - * -! *****************************************************************************/ -! #define xmlSecNssBlockCipherSize \ -! (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) -! #define xmlSecNssBlockCipherGetCtx(transform) \ -! ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) -! -! static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); -! static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); -! static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, -! xmlSecKeyReqPtr keyReq); -! static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, -! xmlSecKeyPtr key); -! static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, -! int last, -! xmlSecTransformCtxPtr transformCtx); -! static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); -! -! - -! static int -! xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { -! #ifndef XMLSEC_NO_DES -! if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { -! return(1); -! } -! #endif /* XMLSEC_NO_DES */ - -! #ifndef XMLSEC_NO_AES -! if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || -! xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || -! xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { -! -! return(1); -! } -! #endif /* XMLSEC_NO_AES */ -! -! return(0); - } - -! static int -! xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { -! xmlSecNssBlockCipherCtxPtr ctx; -! -! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); - -! ctx = xmlSecNssBlockCipherGetCtx(transform); -! xmlSecAssert2(ctx != NULL, -1); -! -! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); - -! #ifndef XMLSEC_NO_DES -! if(transform->id == xmlSecNssTransformDes3CbcId) { -! ctx->cipher = CKM_DES3_CBC; -! ctx->keyId = xmlSecNssKeyDataDesId; -! ctx->keySize = 24; -! } else -! #endif /* XMLSEC_NO_DES */ -! -! #ifndef XMLSEC_NO_AES -! if(transform->id == xmlSecNssTransformAes128CbcId) { -! ctx->cipher = CKM_AES_CBC; -! ctx->keyId = xmlSecNssKeyDataAesId; -! ctx->keySize = 16; -! } else if(transform->id == xmlSecNssTransformAes192CbcId) { -! ctx->cipher = CKM_AES_CBC; -! ctx->keyId = xmlSecNssKeyDataAesId; -! ctx->keySize = 24; -! } else if(transform->id == xmlSecNssTransformAes256CbcId) { -! ctx->cipher = CKM_AES_CBC; -! ctx->keyId = xmlSecNssKeyDataAesId; -! ctx->keySize = 32; -! } else -! #endif /* XMLSEC_NO_AES */ -! -! if(1) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! NULL, -! XMLSEC_ERRORS_R_INVALID_TRANSFORM, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! -! return(0); - } - -! static void -! xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { -! xmlSecNssBlockCipherCtxPtr ctx; -! -! xmlSecAssert(xmlSecNssBlockCipherCheckId(transform)); -! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize)); - -! ctx = xmlSecNssBlockCipherGetCtx(transform); -! xmlSecAssert(ctx != NULL); - -! if(ctx->cipherCtx != NULL) { -! PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); -! } -! -! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); - } - -! static int -! xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { -! xmlSecNssBlockCipherCtxPtr ctx; -! -! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -! xmlSecAssert2(keyReq != NULL, -1); -! -! ctx = xmlSecNssBlockCipherGetCtx(transform); -! xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(ctx->keyId != NULL, -1); -! -! keyReq->keyId = ctx->keyId; -! keyReq->keyType = xmlSecKeyDataTypeSymmetric; -! if(transform->operation == xmlSecTransformOperationEncrypt) { -! keyReq->keyUsage = xmlSecKeyUsageEncrypt; -! } else { -! keyReq->keyUsage = xmlSecKeyUsageDecrypt; -! } -! keyReq->keyBitsSize = 8 * ctx->keySize; -! return(0); -! } - -! static int -! xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { -! xmlSecNssBlockCipherCtxPtr ctx; -! xmlSecBufferPtr buffer; -! -! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -! xmlSecAssert2(key != NULL, -1); -! -! ctx = xmlSecNssBlockCipherGetCtx(transform); -! xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(ctx->cipher != 0, -1); -! xmlSecAssert2(ctx->keyInitialized == 0, -1); -! xmlSecAssert2(ctx->keyId != NULL, -1); -! xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); -! -! xmlSecAssert2(ctx->keySize > 0, -1); -! xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); -! -! buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); -! xmlSecAssert2(buffer != NULL, -1); -! -! if(xmlSecBufferGetSize(buffer) < ctx->keySize) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! NULL, -! XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, -! "keySize=%d;expected=%d", -! xmlSecBufferGetSize(buffer), ctx->keySize); -! return(-1); -! } -! -! xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); -! memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); -! -! ctx->keyInitialized = 1; -! return(0); - } - - static int -! xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { -! xmlSecNssBlockCipherCtxPtr ctx; -! xmlSecBufferPtr in, out; -! int ret; -! -! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -! xmlSecAssert2(transformCtx != NULL, -1); -! -! in = &(transform->inBuf); -! out = &(transform->outBuf); -! -! ctx = xmlSecNssBlockCipherGetCtx(transform); -! xmlSecAssert2(ctx != NULL, -1); - -! if(transform->status == xmlSecTransformStatusNone) { -! transform->status = xmlSecTransformStatusWorking; -! } -! -! if(transform->status == xmlSecTransformStatusWorking) { -! if(ctx->ctxInitialized == 0) { -! ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, -! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -! xmlSecTransformGetName(transform), transformCtx); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! "xmlSecNssBlockCipherCtxInit", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! } -! if((ctx->ctxInitialized == 0) && (last != 0)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "not enough data to initialize transform"); -! return(-1); -! } -! -! if(ctx->ctxInitialized != 0) { -! ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, -! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -! xmlSecTransformGetName(transform), transformCtx); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! "xmlSecNssBlockCipherCtxUpdate", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! } -! -! if(last) { -! ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, -! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -! xmlSecTransformGetName(transform), transformCtx); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! "xmlSecNssBlockCipherCtxFinal", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! transform->status = xmlSecTransformStatusFinished; -! } -! } else if(transform->status == xmlSecTransformStatusFinished) { -! /* the only way we can get here is if there is no input */ -! xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); -! } else if(transform->status == xmlSecTransformStatusNone) { -! /* the only way we can get here is if there is no enough data in the input */ -! xmlSecAssert2(last == 0, -1); -! } else { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! NULL, -! XMLSEC_ERRORS_R_INVALID_STATUS, -! "status=%d", transform->status); -! return(-1); -! } -! -! return(0); - } - - -! #ifndef XMLSEC_NO_AES -! /********************************************************************* - * -! * AES CBC cipher transforms - * -! ********************************************************************/ - static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { -! /* klass/object sizes */ -! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ -! -! xmlSecNameAes128Cbc, /* const xmlChar* name; */ -! xmlSecHrefAes128Cbc, /* const xmlChar* href; */ -! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -! -! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ -! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -! NULL, /* xmlSecTransformNodeReadMethod readNode; */ -! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -! NULL, /* xmlSecTransformValidateMethod validate; */ -! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -! NULL, /* xmlSecTransformPopXmlMethod popXml; */ -! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ -! -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ -! }; - - /** -! * xmlSecNssTransformAes128CbcGetKlass: -! * -! * AES 128 CBC encryption transform klass. -! * -! * Returns pointer to AES 128 CBC encryption transform. -! */ -! xmlSecTransformId -! xmlSecNssTransformAes128CbcGetKlass(void) { -! return(&xmlSecNssAes128CbcKlass); - } - -- static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { -- /* klass/object sizes */ -- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ -- -- xmlSecNameAes192Cbc, /* const xmlChar* name; */ -- xmlSecHrefAes192Cbc, /* const xmlChar* href; */ -- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -- -- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ -- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -- NULL, /* xmlSecTransformNodeReadMethod readNode; */ -- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -- NULL, /* xmlSecTransformValidateMethod validate; */ -- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -- NULL, /* xmlSecTransformPopXmlMethod popXml; */ -- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ -- -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ -- }; -- - /** -! * xmlSecNssTransformAes192CbcGetKlass: -! * -! * AES 192 CBC encryption transform klass. -! * -! * Returns pointer to AES 192 CBC encryption transform. -! */ -! xmlSecTransformId -! xmlSecNssTransformAes192CbcGetKlass(void) { -! return(&xmlSecNssAes192CbcKlass); - } - -- static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { -- /* klass/object sizes */ -- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ -- -- xmlSecNameAes256Cbc, /* const xmlChar* name; */ -- xmlSecHrefAes256Cbc, /* const xmlChar* href; */ -- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -- -- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ -- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -- NULL, /* xmlSecTransformNodeReadMethod readNode; */ -- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -- NULL, /* xmlSecTransformValidateMethod validate; */ -- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -- NULL, /* xmlSecTransformPopXmlMethod popXml; */ -- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ -- -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ -- }; -- - /** -! * xmlSecNssTransformAes256CbcGetKlass: -! * -! * AES 256 CBC encryption transform klass. -! * -! * Returns pointer to AES 256 CBC encryption transform. -! */ -! xmlSecTransformId -! xmlSecNssTransformAes256CbcGetKlass(void) { -! return(&xmlSecNssAes256CbcKlass); - } - -! #endif /* XMLSEC_NO_AES */ -! -! #ifndef XMLSEC_NO_DES -! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { -! /* klass/object sizes */ -! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ -! -! xmlSecNameDes3Cbc, /* const xmlChar* name; */ -! xmlSecHrefDes3Cbc, /* const xmlChar* href; */ -! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -! -! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ -! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -! NULL, /* xmlSecTransformNodeReadMethod readNode; */ -! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -! NULL, /* xmlSecTransformValidateMethod validate; */ -! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -! NULL, /* xmlSecTransformPopXmlMethod popXml; */ -! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ -! -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ -! }; -! -! /** -! * xmlSecNssTransformDes3CbcGetKlass: - * -! * Triple DES CBC encryption transform klass. -! * -! * Returns pointer to Triple DES encryption transform. - */ -! xmlSecTransformId -! xmlSecNssTransformDes3CbcGetKlass(void) { -! return(&xmlSecNssDes3CbcKlass); - } -! #endif /* XMLSEC_NO_DES */ - ---- 1,967 ---- -! /* -- C Source File -- **/ - #include "globals.h" - -+ #include <stdlib.h> - #include <string.h> - - #include <nss.h> - #include <pk11func.h> - - #include <xmlsec/xmlsec.h> -+ #include <xmlsec/xmltree.h> -+ #include <xmlsec/base64.h> - #include <xmlsec/keys.h> -+ #include <xmlsec/keyinfo.h> - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> -+ #include <xmlsec/nss/ciphers.h> - -! /** -! * Internal Nss Block Cipher Context - * -! * This context is designed for repositing a block cipher for transform -! */ -! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; -! typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; -! - struct _xmlSecNssBlockCipherCtx { -! CK_MECHANISM_TYPE cipher ; -! PK11SymKey* symkey ; -! PK11Context* cipherCtx ; -! xmlSecKeyDataId keyId ; -! } ; -! -! #define xmlSecNssBlockCipherSize \ -! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) -! -! #define xmlSecNssBlockCipherGetCtx( transform ) \ -! ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) -! -! static int -! xmlSecNssBlockCipherCheckId( -! xmlSecTransformPtr transform -! ) { -! #ifndef XMLSEC_NO_DES -! if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) { -! return 1 ; - } -! #endif /* XMLSEC_NO_DES */ - -! #ifndef XMLSEC_NO_AES -! if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) || -! xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) || -! xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) { - -! return 1 ; - } -! #endif /* XMLSEC_NO_AES */ -! -! return 0 ; - } - -! static int -! xmlSecNssBlockCipherFetchCtx( -! xmlSecNssBlockCipherCtxPtr context , -! xmlSecTransformId id -! ) { -! xmlSecAssert2( context != NULL, -1 ) ; -! -! #ifndef XMLSEC_NO_DES -! if( id == xmlSecNssTransformDes3CbcId ) { -! context->cipher = CKM_DES3_CBC ; -! context->keyId = xmlSecNssKeyDataDesId ; -! } else -! #endif /* XMLSEC_NO_DES */ -! -! #ifndef XMLSEC_NO_AES -! if( id == xmlSecNssTransformAes128CbcId ) { -! context->cipher = CKM_AES_CBC ; -! context->keyId = xmlSecNssKeyDataAesId ; -! } else -! if( id == xmlSecNssTransformAes192CbcId ) { -! context->cipher = CKM_AES_CBC ; -! context->keyId = xmlSecNssKeyDataAesId ; -! } else -! if( id == xmlSecNssTransformAes256CbcId ) { -! context->cipher = CKM_AES_CBC ; -! context->keyId = xmlSecNssKeyDataAesId ; -! } else -! #endif /* XMLSEC_NO_AES */ -! -! if( 1 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } - -! return 0 ; -! } - -! /** -! * xmlSecTransformInitializeMethod: -! * @transform: the pointer to transform object. -! * -! * The transform specific initialization method. -! * -! * Returns 0 on success or a negative value otherwise. -! */ -! static int -! xmlSecNssBlockCipherInitialize( -! xmlSecTransformPtr transform -! ) { -! xmlSecNssBlockCipherCtxPtr context = NULL ; -! -! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -! -! context = xmlSecNssBlockCipherGetCtx( transform ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssBlockCipherGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssBlockCipherFetchCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } - -! context->symkey = NULL ; -! context->cipherCtx = NULL ; - -! return 0 ; - } - -! /** -! * xmlSecTransformFinalizeMethod: -! * @transform: the pointer to transform object. -! * -! * The transform specific destroy method. -! */ -! static void -! xmlSecNssBlockCipherFinalize( -! xmlSecTransformPtr transform -! ) { -! xmlSecNssBlockCipherCtxPtr context = NULL ; - -! xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ; -! xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ; - -! context = xmlSecNssBlockCipherGetCtx( transform ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssBlockCipherGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return ; - } - -! if( context->cipherCtx != NULL ) { -! PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ; -! context->cipherCtx = NULL ; -! } - -! if( context->symkey != NULL ) { -! PK11_FreeSymKey( context->symkey ) ; -! context->symkey = NULL ; -! } - -! context->cipher = CKM_INVALID_MECHANISM ; -! context->keyId = NULL ; - } - -! /** -! * xmlSecTransformSetKeyRequirementsMethod: -! * @transform: the pointer to transform object. -! * @keyReq: the pointer to key requirements structure. - * -! * Transform specific method to set transform's key requirements. - * -! * Returns 0 on success or a negative value otherwise. -! */ -! static int -! xmlSecNssBlockCipherSetKeyReq( -! xmlSecTransformPtr transform , -! xmlSecKeyReqPtr keyReq -! ) { -! xmlSecNssBlockCipherCtxPtr context = NULL ; -! xmlSecSize cipherSize = 0 ; -! -! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -! xmlSecAssert2( keyReq != NULL , -1 ) ; -! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -! -! context = xmlSecNssBlockCipherGetCtx( transform ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssBlockCipherGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! keyReq->keyId = context->keyId ; -! keyReq->keyType = xmlSecKeyDataTypeSymmetric ; -! -! if( transform->operation == xmlSecTransformOperationEncrypt ) { -! keyReq->keyUsage = xmlSecKeyUsageEncrypt ; -! } else { -! keyReq->keyUsage = xmlSecKeyUsageDecrypt ; -! } -! -! /* -! if( context->symkey != NULL ) -! cipherSize = PK11_GetKeyLength( context->symkey ) ; - -! keyReq->keyBitsSize = cipherSize * 8 ; -! */ - -! return 0 ; - } - -! /** -! * xmlSecTransformSetKeyMethod: -! * @transform: the pointer to transform object. -! * @key: the pointer to key. -! * -! * The transform specific method to set the key for use. -! * -! * Returns 0 on success or a negative value otherwise. -! */ -! static int -! xmlSecNssBlockCipherSetKey( -! xmlSecTransformPtr transform , -! xmlSecKeyPtr key -! ) { -! xmlSecNssBlockCipherCtxPtr context = NULL ; -! xmlSecKeyDataPtr keyData = NULL ; -! PK11SymKey* symkey = NULL ; -! CK_ATTRIBUTE_TYPE operation ; -! int ivLen ; -! -! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -! xmlSecAssert2( key != NULL , -1 ) ; -! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -! -! context = xmlSecNssBlockCipherGetCtx( transform ) ; -! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssBlockCipherGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; -! -! keyData = xmlSecKeyGetValue( key ) ; -! if( keyData == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , -! "xmlSecKeyGetValue" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -! "xmlSecNssSymKeyDataGetKey" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } - -! context->symkey = symkey ; - -! return 0 ; - } - -! /** -! * Block cipher transform init -! */ -! static int -! xmlSecNssBlockCipherCtxInit( -! xmlSecNssBlockCipherCtxPtr ctx , -! xmlSecBufferPtr in , -! xmlSecBufferPtr out , -! int encrypt , -! const xmlChar* cipherName , -! xmlSecTransformCtxPtr transformCtx -! ) { -! SECItem ivItem ; -! SECItem* secParam = NULL ; -! xmlSecBufferPtr ivBuf = NULL ; -! int ivLen ; -! -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( in != NULL , -1 ) ; -! xmlSecAssert2( out != NULL , -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! ivLen = PK11_GetIVLength( ctx->cipher ) ; -! if( ivLen < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_GetIVLength" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferCreate" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( encrypt ) { -! if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "PK11_GenerateRandom" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy( ivBuf ) ; -! return -1 ; -! } -! if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferSetSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy( ivBuf ) ; -! return -1 ; -! } -! -! if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferAppend" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy( ivBuf ) ; -! return -1 ; -! } -! } else { -! if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferSetData" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy( ivBuf ) ; -! return -1 ; -! } -! -! if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferRemoveHead" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy( ivBuf ) ; -! return -1 ; -! } -! } -! -! ivItem.data = xmlSecBufferGetData( ivBuf ) ; -! ivItem.len = xmlSecBufferGetSize( ivBuf ) ; -! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "PK11_ParamFromIV" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy( ivBuf ) ; -! return -1 ; -! } -! -! ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; -! if( ctx->cipherCtx == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferRemoveHead" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! SECITEM_FreeItem( secParam , PR_TRUE ) ; -! xmlSecBufferDestroy( ivBuf ) ; -! return -1 ; -! } - -! SECITEM_FreeItem( secParam , PR_TRUE ) ; -! xmlSecBufferDestroy( ivBuf ) ; - -! return 0 ; - } - -! /** -! * Block cipher transform update -! */ -! static int -! xmlSecNssBlockCipherCtxUpdate( -! xmlSecNssBlockCipherCtxPtr ctx , -! xmlSecBufferPtr in , -! xmlSecBufferPtr out , -! int encrypt , -! const xmlChar* cipherName , -! xmlSecTransformCtxPtr transformCtx -! ) { -! xmlSecSize inSize ; -! xmlSecSize outSize ; -! xmlSecSize inBlocks ; -! int blockSize ; -! int outLen ; -! xmlSecByte* outBuf ; -! -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( in != NULL , -1 ) ; -! xmlSecAssert2( out != NULL , -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "PK11_GetBlockSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! inSize = xmlSecBufferGetSize( in ) ; -! outSize = xmlSecBufferGetSize( out ) ; -! -! inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; -! inSize = inBlocks * blockSize ; -! -! if( inSize < blockSize ) { -! return 0 ; -! } -! -! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferSetMaxSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! outBuf = xmlSecBufferGetData( out ) + outSize ; -! -! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "PK11_CipherOp" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferSetSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferRemoveHead" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } - -! return 0 ; - } - -+ /** -+ * Block cipher transform final -+ */ - static int -! xmlSecNssBlockCipherCtxFinal( -! xmlSecNssBlockCipherCtxPtr ctx , -! xmlSecBufferPtr in , -! xmlSecBufferPtr out , -! int encrypt , -! const xmlChar* cipherName , -! xmlSecTransformCtxPtr transformCtx -! ) { -! xmlSecSize inSize ; -! xmlSecSize outSize ; -! int blockSize ; -! int outLen ; -! xmlSecByte* inBuf ; -! xmlSecByte* outBuf ; -! -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( in != NULL , -1 ) ; -! xmlSecAssert2( out != NULL , -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "PK11_GetBlockSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! inSize = xmlSecBufferGetSize( in ) ; -! outSize = xmlSecBufferGetSize( out ) ; -! -! /******************************************************************/ -! if( encrypt != 0 ) { -! xmlSecAssert2( inSize < blockSize, -1 ) ; -! -! /* create padding */ -! if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferSetMaxSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! inBuf = xmlSecBufferGetData( in ) ; -! -! /* generate random */ -! if( blockSize > ( inSize + 1 ) ) { -! if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "PK11_GenerateRandom" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! } -! -! inBuf[blockSize-1] = blockSize - inSize ; -! inSize = blockSize ; -! } else { -! if( inSize != blockSize ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! NULL , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! } -! -! /* process the last block */ -! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferSetMaxSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! outBuf = xmlSecBufferGetData( out ) + outSize ; -! -! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "PK11_CipherOp" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( encrypt == 0 ) { -! /* check padding */ -! if( outLen < outBuf[blockSize-1] ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! NULL , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! outLen -= outBuf[blockSize-1] ; -! } -! /******************************************************************/ -! -! /****************************************************************** -! if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferSetMaxSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! outBuf = xmlSecBufferGetData( out ) + outSize ; -! -! if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "PK11_DigestFinal" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! ******************************************************************/ -! -! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferSetSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( cipherName ) , -! "xmlSecBufferRemoveHead" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! /* PK11_Finalize( ctx->cipherCtx ) ;*/ -! PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ; -! ctx->cipherCtx = NULL ; - -! return 0 ; - } - - -! -! /** -! * xmlSecTransformExecuteMethod: -! * @transform: the pointer to transform object. -! * @last: the flag: if set to 1 then it's the last data chunk. -! * @transformCtx: the pointer to transform context object. - * -! * Transform specific method to process a chunk of data. - * -! * Returns 0 on success or a negative value otherwise. -! */ -! static int -! xmlSecNssBlockCipherExecute( -! xmlSecTransformPtr transform , -! int last , -! xmlSecTransformCtxPtr transformCtx -! ) { -! xmlSecNssBlockCipherCtxPtr context = NULL ; -! xmlSecBufferPtr inBuf = NULL ; -! xmlSecBufferPtr outBuf = NULL ; -! const xmlChar* cipherName ; -! int operation ; -! int rtv ; -! -! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! context = xmlSecNssBlockCipherGetCtx( transform ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssBlockCipherGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! inBuf = &( transform->inBuf ) ; -! outBuf = &( transform->outBuf ) ; -! -! if( transform->status == xmlSecTransformStatusNone ) { -! transform->status = xmlSecTransformStatusWorking ; -! } -! -! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; -! cipherName = xmlSecTransformGetName( transform ) ; -! -! if( transform->status == xmlSecTransformStatusWorking ) { -! if( context->cipherCtx == NULL ) { -! rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; -! if( rtv < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssBlockCipherCtxInit" , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! } -! -! if( context->cipherCtx == NULL && last != 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! NULL , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! "No enough data to intialize transform" ) ; -! return -1 ; -! } -! -! if( context->cipherCtx != NULL ) { -! rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; -! if( rtv < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssBlockCipherCtxUpdate" , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! } -! -! if( last ) { -! rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; -! if( rtv < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssBlockCipherCtxFinal" , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! transform->status = xmlSecTransformStatusFinished ; -! } -! } else if( transform->status == xmlSecTransformStatusFinished ) { -! if( xmlSecBufferGetSize( inBuf ) != 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! NULL , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! "status=%d", transform->status ) ; -! return -1 ; -! } -! } else { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! NULL , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! "status=%d", transform->status ) ; -! return -1 ; -! } -! -! return 0 ; -! } -! -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecTransformKlass xmlSecNssAes128CbcKlass = { -! #else - static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { -! #endif -! sizeof( xmlSecTransformKlass ) , -! xmlSecNssBlockCipherSize , -! -! xmlSecNameAes128Cbc , -! xmlSecHrefAes128Cbc , -! xmlSecTransformUsageEncryptionMethod , -! -! xmlSecNssBlockCipherInitialize , -! xmlSecNssBlockCipherFinalize , -! NULL , -! NULL , -! -! xmlSecNssBlockCipherSetKeyReq , -! xmlSecNssBlockCipherSetKey , -! NULL , -! xmlSecTransformDefaultGetDataType , -! -! xmlSecTransformDefaultPushBin , -! xmlSecTransformDefaultPopBin , -! NULL , -! NULL , -! xmlSecNssBlockCipherExecute , -! -! NULL , -! NULL -! } ; -! -! -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecTransformKlass xmlSecNssAes192CbcKlass = { -! #else -! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { -! #endif -! sizeof( xmlSecTransformKlass ) , -! xmlSecNssBlockCipherSize , -! -! xmlSecNameAes192Cbc , -! xmlSecHrefAes192Cbc , -! xmlSecTransformUsageEncryptionMethod , -! -! xmlSecNssBlockCipherInitialize , -! xmlSecNssBlockCipherFinalize , -! NULL , -! NULL , -! -! xmlSecNssBlockCipherSetKeyReq , -! xmlSecNssBlockCipherSetKey , -! NULL , -! xmlSecTransformDefaultGetDataType , -! -! xmlSecTransformDefaultPushBin , -! xmlSecTransformDefaultPopBin , -! NULL , -! NULL , -! xmlSecNssBlockCipherExecute , -! -! NULL , -! NULL -! } ; -! -! -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecTransformKlass xmlSecNssAes256CbcKlass = { -! #else -! static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { -! #endif -! sizeof( xmlSecTransformKlass ) , -! xmlSecNssBlockCipherSize , -! -! xmlSecNameAes256Cbc , -! xmlSecHrefAes256Cbc , -! xmlSecTransformUsageEncryptionMethod , -! -! xmlSecNssBlockCipherInitialize , -! xmlSecNssBlockCipherFinalize , -! NULL , -! NULL , -! -! xmlSecNssBlockCipherSetKeyReq , -! xmlSecNssBlockCipherSetKey , -! NULL , -! xmlSecTransformDefaultGetDataType , -! -! xmlSecTransformDefaultPushBin , -! xmlSecTransformDefaultPopBin , -! NULL , -! NULL , -! xmlSecNssBlockCipherExecute , -! -! NULL , -! NULL -! } ; -! -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecTransformKlass xmlSecNssDes3CbcKlass = { -! #else -! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { -! #endif -! sizeof( xmlSecTransformKlass ) , -! xmlSecNssBlockCipherSize , -! -! xmlSecNameDes3Cbc , -! xmlSecHrefDes3Cbc , -! xmlSecTransformUsageEncryptionMethod , -! -! xmlSecNssBlockCipherInitialize , -! xmlSecNssBlockCipherFinalize , -! NULL , -! NULL , -! -! xmlSecNssBlockCipherSetKeyReq , -! xmlSecNssBlockCipherSetKey , -! NULL , -! xmlSecTransformDefaultGetDataType , -! -! xmlSecTransformDefaultPushBin , -! xmlSecTransformDefaultPopBin , -! NULL , -! NULL , -! xmlSecNssBlockCipherExecute , -! -! NULL , -! NULL -! } ; - - /** -! * xmlSecNssTransformAes128CbcGetKlass -! * -! * Get the AES128_CBC transform klass -! * -! * Return AES128_CBC transform klass -! */ -! xmlSecTransformId -! xmlSecNssTransformAes128CbcGetKlass( void ) { -! return ( &xmlSecNssAes128CbcKlass ) ; - } - - /** -! * xmlSecNssTransformAes192CbcGetKlass -! * -! * Get the AES192_CBC transform klass -! * -! * Return AES192_CBC transform klass -! */ -! xmlSecTransformId -! xmlSecNssTransformAes192CbcGetKlass( void ) { -! return ( &xmlSecNssAes192CbcKlass ) ; - } - - /** -! * xmlSecNssTransformAes256CbcGetKlass -! * -! * Get the AES256_CBC transform klass -! * -! * Return AES256_CBC transform klass -! */ -! xmlSecTransformId -! xmlSecNssTransformAes256CbcGetKlass( void ) { -! return ( &xmlSecNssAes256CbcKlass ) ; - } - -! /** -! * xmlSecNssTransformDes3CbcGetKlass - * -! * Get the DES3_CBC transform klass -! * -! * Return DES3_CBC transform klass - */ -! xmlSecTransformId -! xmlSecNssTransformDes3CbcGetKlass( void ) { -! return ( &xmlSecNssDes3CbcKlass ) ; - } -! - -*** misc/xmlsec1-1.2.6/src/nss/crypto.c Wed Oct 29 16:57:25 2003 ---- misc/build/xmlsec1-1.2.6/src/nss/crypto.c Fri May 11 14:47:20 2007 -*************** -*** 130,135 **** ---- 130,136 ---- - /** - * High level routines form xmlsec command line utility - */ -+ /* - gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit; - gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown; - gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit; -*************** -*** 143,152 **** - gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; - gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; - gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; -! #endif /* XMLSEC_NO_X509 */ - gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; - gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; - gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; - - return(gXmlSecNssFunctions); - } ---- 144,172 ---- - gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; - gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; - gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; -! #endif - gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; - gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; - gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; ++#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ ++#define __XMLSEC_MSCRYPTO_AKMNGR_H__ ++ ++#include <windows.h> ++#include <wincrypt.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++ ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr ++xmlSecMSCryptoAppliedKeysMngrCreate( ++ HCERTSTORE keyStore , ++ HCERTSTORE certStore ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY symKey ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY pubKey ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY priKey ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE keyStore ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE trustedStore ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE untrustedStore ++) ; ++ ++#ifdef __cplusplus ++} ++#endif /* __cplusplus */ ++ ++#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ ++ ++ +--- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2003-09-26 08:12:46.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2008-06-29 23:44:19.000000000 +0200 +@@ -77,6 +77,21 @@ + PCCERT_CONTEXT cert, + xmlSecKeyDataType type); + ++XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE keyStore ++ ) ; ++ ++XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE trustedStore ++ ) ; ++ ++XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE untrustedStore ++ ) ; ++ + + #endif /* XMLSEC_NO_X509 */ + +--- misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2003-07-30 04:46:35.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2008-06-29 23:44:19.000000000 +0200 +@@ -3,6 +3,7 @@ + xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss + + xmlsecnssinc_HEADERS = \ ++akmngr.h \ + app.h \ + crypto.h \ + symbols.h \ +@@ -10,6 +11,8 @@ + keysstore.h \ + pkikeys.h \ + x509.h \ ++tokens.h \ ++ciphers.h \ + $(NULL) + + install-exec-hook: +--- misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2004-08-26 08:00:31.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2008-06-29 23:44:19.000000000 +0200 +@@ -273,6 +273,7 @@ + NULL = + xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss + xmlsecnssinc_HEADERS = \ ++akmngr.h \ + app.h \ + crypto.h \ + symbols.h \ +@@ -280,6 +281,8 @@ + keysstore.h \ + pkikeys.h \ + x509.h \ ++tokens.h \ ++ciphers.h \ + $(NULL) + + all: all-am +--- misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2008-06-29 23:44:39.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,56 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright .......................... + */ -+ -+ gXmlSecNssFunctions->cryptoAppInit = NULL ; -+ gXmlSecNssFunctions->cryptoAppShutdown = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ; -+ #ifndef XMLSEC_NO_X509 -+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ; -+ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ; -+ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ; -+ #endif /* XMLSEC_NO_X509 */ -+ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ; - - return(gXmlSecNssFunctions); - } -*** misc/xmlsec1-1.2.6/src/nss/digests.c Fri Sep 26 02:58:15 2003 ---- misc/build/xmlsec1-1.2.6/src/nss/digests.c Fri May 11 14:47:20 2007 -*************** -*** 21,27 **** - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - -- #include <xmlsec/nss/app.h> - #include <xmlsec/nss/crypto.h> - - #define XMLSEC_NSS_MAX_DIGEST_SIZE 32 ---- 21,26 ---- -*************** -*** 107,113 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SECOID_FindOIDByTag", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ---- 106,112 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SECOID_FindOIDByTag", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - -*************** -*** 117,123 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateDigestContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ---- 116,122 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateDigestContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - -*************** -*** 208,214 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - transform->status = xmlSecTransformStatusWorking; ---- 207,213 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - transform->status = xmlSecTransformStatusWorking; -*************** -*** 225,231 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ---- 224,230 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - -*************** -*** 246,252 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - xmlSecAssert2(ctx->dgstSize > 0, -1); ---- 245,251 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - xmlSecAssert2(ctx->dgstSize > 0, -1); -*************** -*** 285,291 **** ---- 284,294 ---- - * SHA1 Digest transforms - * - *****************************************************************************/ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecNssSha1Klass = { -+ #else - static xmlSecTransformKlass xmlSecNssSha1Klass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssDigestSize, /* xmlSecSize objSize */ -*** misc/xmlsec1-1.2.6/src/nss/hmac.c Fri Sep 26 02:58:15 2003 ---- misc/build/xmlsec1-1.2.6/src/nss/hmac.c Fri May 11 14:47:20 2007 -*************** -*** 23,30 **** - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - -- #include <xmlsec/nss/app.h> - #include <xmlsec/nss/crypto.h> - - #define XMLSEC_NSS_MAX_HMAC_SIZE 128 - ---- 23,30 ---- - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> -+ #include <xmlsec/nss/tokens.h> - - #define XMLSEC_NSS_MAX_HMAC_SIZE 128 - -*************** -*** 241,253 **** - keyItem.data = xmlSecBufferGetData(buffer); - keyItem.len = xmlSecBufferGetSize(buffer); - -! slot = PK11_GetBestSlot(ctx->digestType, NULL); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ---- 241,253 ---- - keyItem.data = xmlSecBufferGetData(buffer); - keyItem.len = xmlSecBufferGetSize(buffer); - -! slot = xmlSecNssSlotGet(ctx->digestType); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - -*************** -*** 258,264 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - PK11_FreeSlot(slot); - return(-1); - } ---- 258,264 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - PK11_FreeSlot(slot); - return(-1); - } -*************** -*** 269,275 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - PK11_FreeSymKey(symKey); - PK11_FreeSlot(slot); - return(-1); ---- 269,275 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - PK11_FreeSymKey(symKey); - PK11_FreeSlot(slot); - return(-1); -*************** -*** 368,374 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - transform->status = xmlSecTransformStatusWorking; ---- 368,374 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - transform->status = xmlSecTransformStatusWorking; -*************** -*** 385,391 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ---- 385,391 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - -*************** -*** 408,414 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - xmlSecAssert2(dgstSize > 0, -1); ---- 408,414 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - xmlSecAssert2(dgstSize > 0, -1); -*************** -*** 459,465 **** ---- 459,469 ---- - /** - * HMAC SHA1 - */ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecNssHmacSha1Klass = { -+ #else - static xmlSecTransformKlass xmlSecNssHmacSha1Klass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssHmacSize, /* xmlSecSize objSize */ -*************** -*** 501,507 **** ---- 505,515 ---- - /** - * HMAC Ripemd160 - */ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { -+ #else - static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssHmacSize, /* xmlSecSize objSize */ -*************** -*** 543,549 **** ---- 551,561 ---- - /** - * HMAC Md5 - */ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecNssHmacMd5Klass = { -+ #else - static xmlSecTransformKlass xmlSecNssHmacMd5Klass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssHmacSize, /* xmlSecSize objSize */ -*** misc/xmlsec1-1.2.6/src/nss/keysstore.c Fri Sep 26 02:58:15 2003 ---- misc/build/xmlsec1-1.2.6/src/nss/keysstore.c Fri May 11 14:47:20 2007 -*************** -*** 1,119 **** - /** - * XMLSec library - * -- * Nss keys store that uses Simple Keys Store under the hood. Uses the -- * Nss DB as a backing store for the finding keys, but the NSS DB is -- * not written to by the keys store. -- * So, if store->findkey is done and the key is not found in the simple -- * keys store, the NSS DB is looked up. -- * If store is called to adopt a key, that key is not written to the NSS -- * DB. -- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate -- * source of keys for xmlsec -- * - * This is free software; see Copyright file in the source - * distribution for precise wording. - * -! * Copyright (c) 2003 America Online, Inc. All rights reserved. - */ -- #include "globals.h" - -! #include <stdlib.h> - #include <string.h> - -! #include <nss.h> -! #include <cert.h> -! #include <pk11func.h> -! #include <keyhi.h> - -- #include <libxml/tree.h> - - #include <xmlsec/xmlsec.h> -! #include <xmlsec/buffer.h> -! #include <xmlsec/base64.h> -! #include <xmlsec/errors.h> -! #include <xmlsec/xmltree.h> -! - #include <xmlsec/keysmngr.h> - - #include <xmlsec/nss/crypto.h> - #include <xmlsec/nss/keysstore.h> -! #include <xmlsec/nss/x509.h> - #include <xmlsec/nss/pkikeys.h> - -! /**************************************************************************** - * -! * Nss Keys Store. Uses Simple Keys Store under the hood -! * -! * Simple Keys Store ptr is located after xmlSecKeyStore - * -! ***************************************************************************/ -! #define xmlSecNssKeysStoreSize \ -! (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) -! -! #define xmlSecNssKeysStoreGetSS(store) \ -! ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ -! (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ -! (xmlSecKeyStorePtr*)NULL) -! -! static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); -! static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); -! static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, -! const xmlChar* name, -! xmlSecKeyInfoCtxPtr keyInfoCtx); - -! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { -! sizeof(xmlSecKeyStoreKlass), -! xmlSecNssKeysStoreSize, - -! /* data */ -! BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ -! -! /* constructors/destructor */ -! xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ -! xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ -! xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ -! -! /* reserved for the future */ -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ -! }; - -! /** -! * xmlSecNssKeysStoreGetKlass: -! * -! * The Nss list based keys store klass. - * -! * Returns Nss list based keys store klass. - */ -! xmlSecKeyStoreId -! xmlSecNssKeysStoreGetKlass(void) { -! return(&xmlSecNssKeysStoreKlass); - } - -! /** -! * xmlSecNssKeysStoreAdoptKey: -! * @store: the pointer to Nss keys store. -! * @key: the pointer to key. -! * -! * Adds @key to the @store. - * -! * Returns 0 on success or a negative value if an error occurs. - */ -! int -! xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { -! xmlSecKeyStorePtr *ss; -! -! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); -! xmlSecAssert2((key != NULL), -1); - -! ss = xmlSecNssKeysStoreGetSS(store); -! xmlSecAssert2(((ss != NULL) && (*ss != NULL) && -! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); - -! return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); - } - - /** - * xmlSecNssKeysStoreLoad: - * @store: the pointer to Nss keys store. ---- 1,522 ---- - /** - * XMLSec library - * - * This is free software; see Copyright file in the source - * distribution for precise wording. - * -! * Copyright................................ - */ - -! /** -! * NSS key store uses a key list and a slot list as the key repository. NSS slot -! * list is a backup repository for the finding keys. If a key is not found from -! * the key list, the NSS slot list is looked up. -! * -! * Any key in the key list will not save to pkcs11 slot. When a store to called -! * to adopt a key, the key is resident in the key list; While a store to called -! * to set a is resident in the key list; While a store to called to set a slot -! * list, which means that the keys in the listed slot can be used for xml sign- -! * nature or encryption. -! * -! * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. -! * -! * The framework will decrease the user interfaces to administrate xmlSec crypto -! * engine. He can only focus on NSS layer functions. For examples, after the -! * user set up a slot list handler to the keys store, he do not need to do any -! * other work atop xmlSec interfaces, his action on the slot list handler, such -! * as add a token to, delete a token from the list, will directly effect the key -! * store behaviors. -! * -! * For example, a scenariio: -! * 0. Create a slot list;( NSS interfaces ) -! * 1. Create a keys store;( xmlSec interfaces ) -! * 2. Set slot list with the keys store;( xmlSec Interfaces ) -! * 3. Add a slot to the slot list;( NSS interfaces ) -! * 4. Perform xml signature; ( xmlSec Interfaces ) -! * 5. Deleter a slot from the slot list;( NSS interfaces ) -! * 6. Perform xml encryption; ( xmlSec Interfaces ) -! * 7. Perform xml signature;( xmlSec Interfaces ) -! * 8. Destroy the keys store;( xmlSec Interfaces ) -! * 8. Destroy the slot list.( NSS Interfaces ) -! */ -! -! #include "globals.h" - #include <string.h> - -! #include <nss.h> -! #include <pk11func.h> -! #include <prinit.h> -! #include <keyhi.h> - - - #include <xmlsec/xmlsec.h> -! #include <xmlsec/keys.h> - #include <xmlsec/keysmngr.h> -+ #include <xmlsec/transforms.h> -+ #include <xmlsec/xmltree.h> -+ #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> - #include <xmlsec/nss/keysstore.h> -! #include <xmlsec/nss/tokens.h> -! #include <xmlsec/nss/ciphers.h> - #include <xmlsec/nss/pkikeys.h> - -! /** -! * Internal NSS key store context - * -! * This context is located after xmlSecKeyStore -! */ -! typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; -! typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; -! -! struct _xmlSecNssKeysStoreCtx { -! xmlSecPtrListPtr keyList ; -! xmlSecPtrListPtr slotList ; -! } ; -! -! #define xmlSecNssKeysStoreSize \ -! ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) -! -! #define xmlSecNssKeysStoreGetCtx( data ) \ -! ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) -! -! int xmlSecNssKeysStoreAdoptKeySlot( -! xmlSecKeyStorePtr store , -! xmlSecNssKeySlotPtr keySlot -! ) { -! xmlSecNssKeysStoreCtxPtr context = NULL ; -! -! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; -! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; -! -! context = xmlSecNssKeysStoreGetCtx( store ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecNssKeysStoreGetCtx" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( context->slotList == NULL ) { -! if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecPtrListCreate" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! } -! -! if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecPtrListCheckId" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecPtrListAdd" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! return 0 ; -! } -! -! int xmlSecNssKeysStoreAdoptKey( -! xmlSecKeyStorePtr store , -! xmlSecKeyPtr key -! ) { -! xmlSecNssKeysStoreCtxPtr context = NULL ; -! -! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; -! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; -! -! context = xmlSecNssKeysStoreGetCtx( store ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecNssKeysStoreGetCtx" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( context->keyList == NULL ) { -! if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecPtrListCreate" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! } -! -! if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecPtrListCheckId" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecPtrListAdd" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } -! -! return 0 ; -! } -! -! /** -! * xmlSecKeyStoreInitializeMethod: -! * @store: the store. - * -! * Keys store specific initialization method. -! * -! * Returns 0 on success or a negative value if an error occurs. -! */ -! static int -! xmlSecNssKeysStoreInitialize( -! xmlSecKeyStorePtr store -! ) { -! xmlSecNssKeysStoreCtxPtr context = NULL ; -! -! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; -! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; -! -! context = xmlSecNssKeysStoreGetCtx( store ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecNssKeysStoreGetCtx" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } - -! context->keyList = NULL ; -! context->slotList = NULL ; - -! return 0 ; -! } - -! /** -! * xmlSecKeyStoreFinalizeMethod: -! * @store: the store. - * -! * Keys store specific finalization (destroy) method. - */ -! void -! xmlSecNssKeysStoreFinalize( -! xmlSecKeyStorePtr store -! ) { -! xmlSecNssKeysStoreCtxPtr context = NULL ; -! -! xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; -! xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; -! -! context = xmlSecNssKeysStoreGetCtx( store ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecNssKeysStoreGetCtx" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return ; -! } -! -! if( context->keyList != NULL ) { -! xmlSecPtrListDestroy( context->keyList ) ; -! context->keyList = NULL ; -! } -! -! if( context->slotList != NULL ) { -! xmlSecPtrListDestroy( context->slotList ) ; -! context->slotList = NULL ; -! } - } - -! xmlSecKeyPtr -! xmlSecNssKeysStoreFindKeyFromSlot( -! PK11SlotInfo* slot, -! const xmlChar* name, -! xmlSecKeyInfoCtxPtr keyInfoCtx -! ) { -! xmlSecKeyPtr key = NULL ; -! xmlSecKeyDataPtr data = NULL ; -! int length ; -! -! xmlSecAssert2( slot != NULL , NULL ) ; -! xmlSecAssert2( name != NULL , NULL ) ; -! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; -! -! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { -! PK11SymKey* symKey ; -! PK11SymKey* curKey ; -! -! /* Find symmetric key from the slot by name */ -! symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; -! for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { -! /* Check the key request */ -! length = PK11_GetKeyLength( curKey ) ; -! length *= 8 ; -! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && -! ( length > 0 ) && -! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) -! continue ; -! -! /* We find a eligible key */ -! data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; -! if( data == NULL ) { -! /* Do nothing */ -! } -! break ; -! } -! -! /* Destroy the sym key list */ -! for( curKey = symKey ; curKey != NULL ; ) { -! symKey = curKey ; -! curKey = PK11_GetNextSymKey( symKey ) ; -! PK11_FreeSymKey( symKey ) ; -! } -! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { -! SECKEYPublicKeyList* pubKeyList ; -! SECKEYPublicKey* pubKey ; -! SECKEYPublicKeyListNode* curPub ; -! -! /* Find asymmetric key from the slot by name */ -! pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; -! pubKey = NULL ; -! curPub = PUBKEY_LIST_HEAD(pubKeyList); -! for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { -! /* Check the key request */ -! length = SECKEY_PublicKeyStrength( curPub->key ) ; -! length *= 8 ; -! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && -! ( length > 0 ) && -! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) -! continue ; -! -! /* We find a eligible key */ -! pubKey = curPub->key ; -! break ; -! } -! -! if( pubKey != NULL ) { -! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; -! if( data == NULL ) { -! /* Do nothing */ -! } -! } -! -! /* Destroy the public key list */ -! SECKEY_DestroyPublicKeyList( pubKeyList ) ; -! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -! SECKEYPrivateKeyList* priKeyList = NULL ; -! SECKEYPrivateKey* priKey = NULL ; -! SECKEYPrivateKeyListNode* curPri ; -! -! /* Find asymmetric key from the slot by name */ -! priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; -! priKey = NULL ; -! curPri = PRIVKEY_LIST_HEAD(priKeyList); -! for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { -! /* Check the key request */ -! length = PK11_SignatureLen( curPri->key ) ; -! length *= 8 ; -! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && -! ( length > 0 ) && -! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) -! continue ; -! -! /* We find a eligible key */ -! priKey = curPri->key ; -! break ; -! } -! -! if( priKey != NULL ) { -! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; -! if( data == NULL ) { -! /* Do nothing */ -! } -! } -! -! /* Destroy the private key list */ -! SECKEY_DestroyPrivateKeyList( priKeyList ) ; -! } -! -! /* If we have gotten the key value */ -! if( data != NULL ) { -! if( ( key = xmlSecKeyCreate() ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeyCreate" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeyDataDestroy( data ) ; -! return NULL ; -! } -! -! if( xmlSecKeySetValue( key , data ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecKeySetValue" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecKeyDestroy( key ) ; -! xmlSecKeyDataDestroy( data ) ; -! return NULL ; -! } -! } -! -! return(key); -! } -! -! /** -! * xmlSecKeyStoreFindKeyMethod: -! * @store: the store. -! * @name: the desired key name. -! * @keyInfoCtx: the pointer to key info context. - * -! * Keys store specific find method. The caller is responsible for destroying -! * the returned key using #xmlSecKeyDestroy method. -! * -! * Returns the pointer to a key or NULL if key is not found or an error occurs. - */ -! static xmlSecKeyPtr -! xmlSecNssKeysStoreFindKey( -! xmlSecKeyStorePtr store , -! const xmlChar* name , -! xmlSecKeyInfoCtxPtr keyInfoCtx -! ) { -! xmlSecNssKeysStoreCtxPtr context = NULL ; -! xmlSecKeyPtr key = NULL ; -! xmlSecNssKeySlotPtr keySlot = NULL ; -! xmlSecSize pos ; -! xmlSecSize size ; -! -! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; -! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; -! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; -! -! context = xmlSecNssKeysStoreGetCtx( store ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecNssKeysStoreGetCtx" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return NULL ; -! } -! -! /*- -! * Look for key at keyList at first. -! */ -! if( context->keyList != NULL ) { -! size = xmlSecPtrListGetSize( context->keyList ) ; -! for( pos = 0 ; pos < size ; pos ++ ) { -! key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; -! if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { -! return xmlSecKeyDuplicate( key ) ; -! } -! } -! } -! -! /*- -! * Find the key from slotList -! */ -! if( context->slotList != NULL ) { -! PK11SlotInfo* slot = NULL ; -! -! size = xmlSecPtrListGetSize( context->slotList ) ; -! for( pos = 0 ; pos < size ; pos ++ ) { -! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; -! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -! if( slot == NULL ) { -! continue ; -! } else { -! key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; -! if( key == NULL ) { -! continue ; -! } else { -! return( key ) ; -! } -! } -! } -! } -! -! /*- -! * Create a session key if we can not find the key from keyList and slotList -! */ -! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { -! key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; -! if( key == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -! "xmlSecKeySetValue" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return NULL ; -! } -! -! return key ; -! } -! -! /** -! * We have no way to find the key any more. -! */ -! return NULL ; -! } - -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { -! #else -! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { -! #endif -! sizeof( xmlSecKeyStoreKlass ) , -! xmlSecNssKeysStoreSize , -! BAD_CAST "implicit_nss_keys_store" , -! xmlSecNssKeysStoreInitialize , -! xmlSecNssKeysStoreFinalize , -! xmlSecNssKeysStoreFindKey , -! NULL , -! NULL -! } ; - -! /** -! * xmlSecNssKeysStoreGetKlass: -! * -! * The simple list based keys store klass. -! * -! * Returns simple list based keys store klass. -! */ -! xmlSecKeyStoreId -! xmlSecNssKeysStoreGetKlass( void ) { -! return &xmlSecNssKeysStoreKlass ; - } - -+ -+ /************************** -+ * Application routines -+ */ - /** - * xmlSecNssKeysStoreLoad: - * @store: the pointer to Nss keys store. -*************** -*** 125,132 **** - * Returns 0 on success or a negative value if an error occurs. - */ - int -! xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, -! xmlSecKeysMngrPtr keysMngr) { - xmlDocPtr doc; - xmlNodePtr root; - xmlNodePtr cur; ---- 528,538 ---- - * Returns 0 on success or a negative value if an error occurs. - */ - int -! xmlSecNssKeysStoreLoad( -! xmlSecKeyStorePtr store, -! const char *uri, -! xmlSecKeysMngrPtr keysMngr -! ) { - xmlDocPtr doc; - xmlNodePtr root; - xmlNodePtr cur; -*************** -*** 252,505 **** - */ - int - xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { -! xmlSecKeyStorePtr *ss; -! -! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); -! xmlSecAssert2((filename != NULL), -1); -! -! ss = xmlSecNssKeysStoreGetSS(store); -! xmlSecAssert2(((ss != NULL) && (*ss != NULL) && -! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); -! -! return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); -! } -! -! static int -! xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { -! xmlSecKeyStorePtr *ss; -! -! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); - -! ss = xmlSecNssKeysStoreGetSS(store); -! xmlSecAssert2((*ss == NULL), -1); - -! *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); -! if(*ss == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -! "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "xmlSecSimpleKeysStoreId"); -! return(-1); - } -- -- return(0); -- } -- -- static void -- xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { -- xmlSecKeyStorePtr *ss; -- -- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); -- -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert((ss != NULL) && (*ss != NULL)); - -! xmlSecKeyStoreDestroy(*ss); -! } -! -! static xmlSecKeyPtr -! xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, -! xmlSecKeyInfoCtxPtr keyInfoCtx) { -! xmlSecKeyStorePtr* ss; -! xmlSecKeyPtr key = NULL; -! xmlSecKeyPtr retval = NULL; -! xmlSecKeyReqPtr keyReq = NULL; -! CERTCertificate *cert = NULL; -! SECKEYPublicKey *pubkey = NULL; -! SECKEYPrivateKey *privkey = NULL; -! xmlSecKeyDataPtr data = NULL; -! xmlSecKeyDataPtr x509Data = NULL; -! int ret; -! -! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); -! xmlSecAssert2(keyInfoCtx != NULL, NULL); -! -! ss = xmlSecNssKeysStoreGetSS(store); -! xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); -! -! key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); -! if (key != NULL) { -! return (key); -! } - -! /* Try to find the key in the NSS DB, and construct an xmlSecKey. -! * we must have a name to lookup keys in NSS DB. -! */ -! if (name == NULL) { -! goto done; -! } - -! /* what type of key are we looking for? -! * TBD: For now, we'll look only for public/private keys using the -! * name as a cert nickname. Later on, we can attempt to find -! * symmetric keys using PK11_FindFixedKey -! */ -! keyReq = &(keyInfoCtx->keyReq); -! if (keyReq->keyType & -! (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { -! cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); -! if (cert == NULL) { -! goto done; -! } -! -! if (keyReq->keyType & xmlSecKeyDataTypePublic) { -! pubkey = CERT_ExtractPublicKey(cert); -! if (pubkey == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "CERT_ExtractPublicKey", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; - } -- } - -! if (keyReq->keyType & xmlSecKeyDataTypePrivate) { -! privkey = PK11_FindKeyByAnyCert(cert, NULL); -! if (privkey == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PK11_FindKeyByAnyCert", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; - } - } - -! data = xmlSecNssPKIAdoptKey(privkey, pubkey); -! if(data == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssPKIAdoptKey", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! privkey = NULL; -! pubkey = NULL; -! -! key = xmlSecKeyCreate(); -! if (key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -! return (NULL); -! } -! -! x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); -! if(x509Data == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecKeyDataCreate", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "transform=%s", -! xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); -! goto done; -! } -! -! ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); -! if (ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssKeyDataX509AdoptKeyCert", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "data=%s", -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -! goto done; -! } -! cert = CERT_DupCertificate(cert); -! if (cert == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "CERT_DupCertificate", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "data=%s", -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -! goto done; -! } -! -! ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); -! if (ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssKeyDataX509AdoptCert", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "data=%s", -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -! goto done; - } -- cert = NULL; - -! ret = xmlSecKeySetValue(key, data); -! if (ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecKeySetValue", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "data=%s", -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); -! goto done; -! } -! data = NULL; - -! ret = xmlSecKeyAdoptData(key, x509Data); -! if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "data=%s", -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -! goto done; -! } -! x509Data = NULL; -! -! retval = key; -! key = NULL; -! } -! -! done: -! if (cert != NULL) { -! CERT_DestroyCertificate(cert); -! } -! if (pubkey != NULL) { -! SECKEY_DestroyPublicKey(pubkey); -! } -! if (privkey != NULL) { -! SECKEY_DestroyPrivateKey(privkey); -! } -! if (data != NULL) { -! xmlSecKeyDataDestroy(data); -! } -! if (x509Data != NULL) { -! xmlSecKeyDataDestroy(x509Data); -! } -! if (key != NULL) { -! xmlSecKeyDestroy(key); - } -! -! /* now that we have a key, make sure it is valid and let the simple -! * store adopt it */ -! if (retval) { -! if (xmlSecKeyIsValid(retval)) { -! ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval); -! if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -! "xmlSecSimpleKeysStoreAdoptKey", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! xmlSecKeyDestroy(retval); -! retval = NULL; -! } -! } else { -! xmlSecKeyDestroy(retval); -! retval = NULL; -! } -! } -! -! return (retval); - } ---- 658,804 ---- - */ - int - xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { -! xmlSecKeyInfoCtx keyInfoCtx; -! xmlSecNssKeysStoreCtxPtr context ; -! xmlSecPtrListPtr list; -! xmlSecKeyPtr key; -! xmlSecSize i, keysSize; -! xmlDocPtr doc; -! xmlNodePtr cur; -! xmlSecKeyDataPtr data; -! xmlSecPtrListPtr idsList; -! xmlSecKeyDataId dataId; -! xmlSecSize idsSize, j; -! int ret; - -! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ; -! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; -! xmlSecAssert2(filename != NULL, -1); -! -! context = xmlSecNssKeysStoreGetCtx( store ) ; -! xmlSecAssert2( context != NULL, -1 ); -! -! list = context->keyList ; -! xmlSecAssert2( list != NULL, -1 ); -! xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); - -! /* create doc */ -! doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); -! if(doc == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -! "xmlSecCreateTree", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); - } - -! idsList = xmlSecKeyDataIdsGet(); -! xmlSecAssert2(idsList != NULL, -1); -! -! keysSize = xmlSecPtrListGetSize(list); -! idsSize = xmlSecPtrListGetSize(idsList); -! for(i = 0; i < keysSize; ++i) { -! key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); -! xmlSecAssert2(key != NULL, -1); -! -! cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); -! if(cur == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -! "xmlSecAddChild", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "node=%s", -! xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); -! xmlFreeDoc(doc); -! return(-1); -! } - -! /* special data key name */ -! if(xmlSecKeyGetName(key) != NULL) { -! if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -! "xmlSecAddChild", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "node=%s", -! xmlSecErrorsSafeString(xmlSecNodeKeyName)); -! xmlFreeDoc(doc); -! return(-1); -! } -! } -! -! /* create nodes for other keys data */ -! for(j = 0; j < idsSize; ++j) { -! dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); -! xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); - -! if(dataId->dataNodeName == NULL) { -! continue; -! } -! -! data = xmlSecKeyGetData(key, dataId); -! if(data == NULL) { -! continue; - } - -! if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -! "xmlSecAddChild", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "node=%s", -! xmlSecErrorsSafeString(dataId->dataNodeName)); -! xmlFreeDoc(doc); -! return(-1); - } - } - -! ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); -! if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -! "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -! xmlFreeDoc(doc); -! return(-1); - } - -! keyInfoCtx.mode = xmlSecKeyInfoModeWrite; -! keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; -! keyInfoCtx.keyReq.keyType = type; -! keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; - -! /* finally write key in the node */ -! ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); -! if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -! "xmlSecKeyInfoNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! xmlSecKeyInfoCtxFinalize(&keyInfoCtx); -! xmlFreeDoc(doc); -! return(-1); -! } -! xmlSecKeyInfoCtxFinalize(&keyInfoCtx); - } -! -! /* now write result */ -! ret = xmlSaveFormatFile(filename, doc, 1); -! if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -! "xmlSaveFormatFile", -! XMLSEC_ERRORS_R_XML_FAILED, -! "filename=%s", -! xmlSecErrorsSafeString(filename)); -! xmlFreeDoc(doc); -! return(-1); -! } -! -! xmlFreeDoc(doc); -! return(0); - } -+ -*** misc/xmlsec1-1.2.6/src/nss/keytrans.c Fri May 11 14:47:46 2007 ---- misc/build/xmlsec1-1.2.6/src/nss/keytrans.c Fri May 11 14:47:20 2007 -*************** -*** 1 **** -! dummy ---- 1,752 ---- -! /** -! * -! * XMLSec library -! * -! * AES Algorithm support -! * -! * This is free software; see Copyright file in the source -! * distribution for preciese wording. -! * -! * Copyright ................................. -! */ -! #include "globals.h" -! -! #include <stdlib.h> -! #include <stdio.h> -! #include <string.h> -! -! #include <nss.h> -! #include <pk11func.h> -! #include <keyhi.h> -! #include <key.h> -! #include <hasht.h> -! -! #include <xmlsec/xmlsec.h> -! #include <xmlsec/xmltree.h> -! #include <xmlsec/keys.h> -! #include <xmlsec/transforms.h> -! #include <xmlsec/errors.h> -! -! #include <xmlsec/nss/crypto.h> -! #include <xmlsec/nss/pkikeys.h> -! #include <xmlsec/nss/tokens.h> -! -! /********************************************************************* -! * -! * key transform transforms -! * -! ********************************************************************/ -! typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ; -! typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ; -! -! #define xmlSecNssKeyTransportSize \ -! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) -! -! #define xmlSecNssKeyTransportGetCtx( transform ) \ -! ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) -! -! struct _xmlSecNssKeyTransportCtx { -! CK_MECHANISM_TYPE cipher ; -! SECKEYPublicKey* pubkey ; -! SECKEYPrivateKey* prikey ; -! xmlSecKeyDataId keyId ; -! xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ -! } ; -! -! static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform); -! static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform); -! static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, -! xmlSecKeyReqPtr keyReq); -! static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, -! xmlSecKeyPtr key); -! static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, -! int last, -! xmlSecTransformCtxPtr transformCtx); -! static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform); -! -! static int -! xmlSecNssKeyTransportCheckId( -! xmlSecTransformPtr transform -! ) { -! #ifndef XMLSEC_NO_RSA -! if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) || -! xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) { -! -! return(1); -! } -! #endif /* XMLSEC_NO_RSA */ -! -! return(0); -! } -! -! static int -! xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { -! xmlSecNssKeyTransportCtxPtr context ; -! int ret; -! -! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); -! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); -! -! context = xmlSecNssKeyTransportGetCtx( transform ) ; -! xmlSecAssert2( context != NULL , -1 ) ; -! -! #ifndef XMLSEC_NO_RSA -! if( transform->id == xmlSecNssTransformRsaPkcs1Id ) { -! context->cipher = CKM_RSA_PKCS ; -! context->keyId = xmlSecNssKeyDataRsaId ; -! } else if( transform->id == xmlSecNssTransformRsaOaepId ) { -! context->cipher = CKM_RSA_PKCS_OAEP ; -! context->keyId = xmlSecNssKeyDataRsaId ; -! } else -! #endif /* XMLSEC_NO_RSA */ -! -! if( 1 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! NULL , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! context->pubkey = NULL ; -! context->prikey = NULL ; -! context->material = NULL ; -! -! return(0); -! } -! -! static void -! xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) { -! xmlSecNssKeyTransportCtxPtr context ; -! -! xmlSecAssert(xmlSecNssKeyTransportCheckId(transform)); -! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize)); -! -! context = xmlSecNssKeyTransportGetCtx( transform ) ; -! xmlSecAssert( context != NULL ) ; -! -! if( context->pubkey != NULL ) { -! SECKEY_DestroyPublicKey( context->pubkey ) ; -! context->pubkey = NULL ; -! } -! -! if( context->prikey != NULL ) { -! SECKEY_DestroyPrivateKey( context->prikey ) ; -! context->prikey = NULL ; -! } -! -! if( context->material != NULL ) { -! xmlSecBufferDestroy(context->material); -! context->material = NULL ; -! } -! } -! -! static int -! xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { -! xmlSecNssKeyTransportCtxPtr context ; -! xmlSecSize cipherSize = 0 ; -! -! -! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); -! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); -! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -! xmlSecAssert2(keyReq != NULL, -1); -! -! context = xmlSecNssKeyTransportGetCtx( transform ) ; -! xmlSecAssert2( context != NULL , -1 ) ; -! -! keyReq->keyId = context->keyId; -! if(transform->operation == xmlSecTransformOperationEncrypt) { -! keyReq->keyUsage = xmlSecKeyUsageEncrypt; -! keyReq->keyType = xmlSecKeyDataTypePublic; -! } else { -! keyReq->keyUsage = xmlSecKeyUsageDecrypt; -! keyReq->keyType = xmlSecKeyDataTypePrivate; -! } -! -! return(0); -! } -! -! static int -! xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { -! xmlSecNssKeyTransportCtxPtr context = NULL ; -! xmlSecKeyDataPtr keyData = NULL ; -! SECKEYPublicKey* pubkey = NULL ; -! SECKEYPrivateKey* prikey = NULL ; -! -! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); -! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); -! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -! xmlSecAssert2(key != NULL, -1); -! -! context = xmlSecNssKeyTransportGetCtx( transform ) ; -! if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssKeyTransportGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; -! -! keyData = xmlSecKeyGetValue( key ) ; -! if( keyData == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , -! "xmlSecKeyGetValue" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! if(transform->operation == xmlSecTransformOperationEncrypt) { -! if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -! "xmlSecNssPKIKeyDataGetPubKey" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! context->pubkey = pubkey ; -! } else { -! if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -! "xmlSecNssPKIKeyDataGetPrivKey" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! context->prikey = prikey ; -! } -! -! return(0) ; -! } -! -! /** -! * key wrap transform -! */ -! static int -! xmlSecNssKeyTransportCtxInit( -! xmlSecNssKeyTransportCtxPtr ctx , -! xmlSecBufferPtr in , -! xmlSecBufferPtr out , -! int encrypt , -! xmlSecTransformCtxPtr transformCtx -! ) { -! xmlSecSize blockSize ; -! -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( in != NULL , -1 ) ; -! xmlSecAssert2( out != NULL , -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! if( ctx->material != NULL ) { -! xmlSecBufferDestroy( ctx->material ) ; -! ctx->material = NULL ; -! } -! -! if( ctx->pubkey != NULL ) { -! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; -! } else if( ctx->prikey != NULL ) { -! blockSize = PK11_SignatureLen( ctx->prikey ) ; -! } else { -! blockSize = -1 ; -! } -! -! if( blockSize < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! ctx->material = xmlSecBufferCreate( blockSize ) ; -! if( ctx->material == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferCreate" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! /* read raw key material into context */ -! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferSetData" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferRemoveHead" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! return(0); -! } -! -! /** -! * key wrap transform update -! */ -! static int -! xmlSecNssKeyTransportCtxUpdate( -! xmlSecNssKeyTransportCtxPtr ctx , -! xmlSecBufferPtr in , -! xmlSecBufferPtr out , -! int encrypt , -! xmlSecTransformCtxPtr transformCtx -! ) { -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( ctx->material != NULL , -1 ) ; -! xmlSecAssert2( in != NULL , -1 ) ; -! xmlSecAssert2( out != NULL , -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! /* read raw key material and append into context */ -! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferAppend" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferRemoveHead" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! return(0); -! } -! -! /** -! * Block cipher transform final -! */ -! static int -! xmlSecNssKeyTransportCtxFinal( -! xmlSecNssKeyTransportCtxPtr ctx , -! xmlSecBufferPtr in , -! xmlSecBufferPtr out , -! int encrypt , -! xmlSecTransformCtxPtr transformCtx -! ) { -! SECKEYPublicKey* targetKey ; -! PK11SymKey* symKey ; -! PK11SlotInfo* slot ; -! SECItem oriskv ; -! xmlSecSize blockSize ; -! xmlSecBufferPtr result ; -! -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( ctx->material != NULL , -1 ) ; -! xmlSecAssert2( in != NULL , -1 ) ; -! xmlSecAssert2( out != NULL , -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! /* read raw key material and append into context */ -! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferAppend" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferRemoveHead" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! /* Now we get all of the key materail */ -! /* from now on we will wrap or unwrap the key */ -! if( ctx->pubkey != NULL ) { -! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; -! } else if( ctx->prikey != NULL ) { -! blockSize = PK11_SignatureLen( ctx->prikey ) ; -! } else { -! blockSize = -1 ; -! } -! -! if( blockSize < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_GetBlockSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! result = xmlSecBufferCreate( blockSize * 2 ) ; -! if( result == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferCreate" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! oriskv.type = siBuffer ; -! oriskv.data = xmlSecBufferGetData( ctx->material ) ; -! oriskv.len = xmlSecBufferGetSize( ctx->material ) ; -! -! if( encrypt != 0 ) { -! CK_OBJECT_HANDLE id ; -! SECItem wrpskv ; -! -! /* Create template symmetric key from material */ -! if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) { -! slot = xmlSecNssSlotGet( ctx->cipher ) ; -! if( slot == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssSlotGet" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy(result); -! return(-1); -! } -! -! id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; -! if( id == CK_INVALID_HANDLE ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_ImportPublicKey" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy(result); -! PK11_FreeSlot( slot ) ; -! return(-1); -! } -! } -! -! /* pay attention to mechanism */ -! symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; -! if( symKey == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_ImportSymKey" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy(result); -! PK11_FreeSlot( slot ) ; -! return(-1); -! } -! -! wrpskv.type = siBuffer ; -! wrpskv.data = xmlSecBufferGetData( result ) ; -! wrpskv.len = xmlSecBufferGetMaxSize( result ) ; -! -! if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_PubWrapSymKey" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! PK11_FreeSymKey( symKey ) ; -! xmlSecBufferDestroy(result); -! PK11_FreeSlot( slot ) ; -! return(-1); -! } -! -! if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferSetSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! PK11_FreeSymKey( symKey ) ; -! xmlSecBufferDestroy(result); -! PK11_FreeSlot( slot ) ; -! return(-1); -! } -! PK11_FreeSymKey( symKey ) ; -! PK11_FreeSlot( slot ) ; -! } else { -! SECItem* keyItem ; -! CK_OBJECT_HANDLE id1 ; -! -! /* pay attention to mechanism */ -! if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_PubUnwrapSymKey" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy(result); -! return(-1); -! } -! -! /* Extract raw data from symmetric key */ -! if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_ExtractKeyValue" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! PK11_FreeSymKey( symKey ) ; -! xmlSecBufferDestroy(result); -! return(-1); -! } -! -! if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_GetKeyData" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! PK11_FreeSymKey( symKey ) ; -! xmlSecBufferDestroy(result); -! return(-1); -! } -! -! if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_PubUnwrapSymKey" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! PK11_FreeSymKey( symKey ) ; -! xmlSecBufferDestroy(result); -! return(-1); -! } -! PK11_FreeSymKey( symKey ) ; -! } -! -! /* Write output */ -! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferAppend" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy(result); -! return(-1); -! } -! xmlSecBufferDestroy(result); -! -! return(0); -! } -! -! static int -! xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { -! xmlSecNssKeyTransportCtxPtr context = NULL ; -! xmlSecBufferPtr inBuf, outBuf ; -! int operation ; -! int rtv ; -! -! xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; -! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; -! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! context = xmlSecNssKeyTransportGetCtx( transform ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssKeyTransportGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! inBuf = &( transform->inBuf ) ; -! outBuf = &( transform->outBuf ) ; -! -! if( transform->status == xmlSecTransformStatusNone ) { -! transform->status = xmlSecTransformStatusWorking ; -! } -! -! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; -! if( transform->status == xmlSecTransformStatusWorking ) { -! if( context->material == NULL ) { -! rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; -! if( rtv < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssKeyTransportCtxInit" , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! } -! -! if( context->material == NULL && last != 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! NULL , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! "No enough data to intialize transform" ) ; -! return(-1); -! } -! -! if( context->material != NULL ) { -! rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; -! if( rtv < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssKeyTransportCtxUpdate" , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! } -! -! if( last ) { -! rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; -! if( rtv < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssKeyTransportCtxFinal" , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! transform->status = xmlSecTransformStatusFinished ; -! } -! } else if( transform->status == xmlSecTransformStatusFinished ) { -! if( xmlSecBufferGetSize( inBuf ) != 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! NULL , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! "status=%d", transform->status ) ; -! return(-1); -! } -! } else { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! NULL , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! "status=%d", transform->status ) ; -! return(-1); -! } -! -! return(0); -! } -! -! -! #ifndef XMLSEC_NO_RSA -! -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { -! #else -! static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { -! #endif -! /* klass/object sizes */ -! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ -! -! xmlSecNameRsaPkcs1, /* const xmlChar* name; */ -! xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ -! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -! -! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ -! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -! NULL, /* xmlSecTransformNodeReadMethod readNode; */ -! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -! NULL, /* xmlSecTransformValidateMethod validate; */ -! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -! NULL, /* xmlSecTransformPopXmlMethod popXml; */ -! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ -! -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ -! }; -! -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecTransformKlass xmlSecNssRsaOaepKlass = { -! #else -! static xmlSecTransformKlass xmlSecNssRsaOaepKlass = { -! #endif -! /* klass/object sizes */ -! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ -! -! xmlSecNameRsaOaep, /* const xmlChar* name; */ -! xmlSecHrefRsaOaep, /* const xmlChar* href; */ -! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -! -! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ -! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -! NULL, /* xmlSecTransformNodeReadMethod readNode; */ -! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -! NULL, /* xmlSecTransformValidateMethod validate; */ -! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -! NULL, /* xmlSecTransformPopXmlMethod popXml; */ -! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ -! -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ -! }; -! -! /** -! * xmlSecNssTransformRsaPkcs1GetKlass: -! * -! * The RSA-PKCS1 key transport transform klass. -! * -! * Returns RSA-PKCS1 key transport transform klass. -! */ -! xmlSecTransformId -! xmlSecNssTransformRsaPkcs1GetKlass(void) { -! return(&xmlSecNssRsaPkcs1Klass); -! } -! -! /** -! * xmlSecNssTransformRsaOaepGetKlass: -! * -! * The RSA-PKCS1 key transport transform klass. -! * -! * Returns RSA-PKCS1 key transport transform klass. -! */ -! xmlSecTransformId -! xmlSecNssTransformRsaOaepGetKlass(void) { -! return(&xmlSecNssRsaOaepKlass); -! } -! -! #endif /* XMLSEC_NO_RSA */ -! -*** misc/xmlsec1-1.2.6/src/nss/keywrapers.c Fri May 11 14:47:46 2007 ---- misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c Fri May 11 14:47:20 2007 -*************** -*** 1 **** -! dummy ---- 1,1213 ---- -! /** -! * -! * XMLSec library -! * -! * AES Algorithm support -! * -! * This is free software; see Copyright file in the source -! * distribution for preciese wording. -! * -! * Copyright ................................. -! */ -! #include "globals.h" -! -! #include <stdlib.h> -! #include <stdio.h> -! #include <string.h> -! -! #include <nss.h> -! #include <pk11func.h> -! #include <hasht.h> -! -! #include <xmlsec/xmlsec.h> -! #include <xmlsec/xmltree.h> -! #include <xmlsec/keys.h> -! #include <xmlsec/transforms.h> -! #include <xmlsec/errors.h> -! -! #include <xmlsec/nss/crypto.h> -! #include <xmlsec/nss/ciphers.h> -! -! #define XMLSEC_NSS_AES128_KEY_SIZE 16 -! #define XMLSEC_NSS_AES192_KEY_SIZE 24 -! #define XMLSEC_NSS_AES256_KEY_SIZE 32 -! #define XMLSEC_NSS_DES3_KEY_SIZE 24 -! #define XMLSEC_NSS_DES3_KEY_LENGTH 24 -! #define XMLSEC_NSS_DES3_IV_LENGTH 8 -! #define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 -! -! static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { -! 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 -! }; -! -! /********************************************************************* -! * -! * key wrap transforms -! * -! ********************************************************************/ -! typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; -! typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; -! -! #define xmlSecNssKeyWrapSize \ -! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) -! -! #define xmlSecNssKeyWrapGetCtx( transform ) \ -! ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) -! -! struct _xmlSecNssKeyWrapCtx { -! CK_MECHANISM_TYPE cipher ; -! PK11SymKey* symkey ; -! xmlSecKeyDataId keyId ; -! xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ -! } ; -! -! static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); -! static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); -! static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, -! xmlSecKeyReqPtr keyReq); -! static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, -! xmlSecKeyPtr key); -! static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, -! int last, -! xmlSecTransformCtxPtr transformCtx); -! static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); -! -! static int -! xmlSecNssKeyWrapCheckId( -! xmlSecTransformPtr transform -! ) { -! #ifndef XMLSEC_NO_DES -! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { -! return(1); -! } -! #endif /* XMLSEC_NO_DES */ -! -! #ifndef XMLSEC_NO_AES -! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || -! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || -! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { -! -! return(1); -! } -! #endif /* XMLSEC_NO_AES */ -! -! return(0); -! } -! -! static xmlSecSize -! xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { -! #ifndef XMLSEC_NO_DES -! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { -! return(XMLSEC_NSS_DES3_KEY_SIZE); -! } else -! #endif /* XMLSEC_NO_DES */ -! -! #ifndef XMLSEC_NO_AES -! if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { -! return(XMLSEC_NSS_AES128_KEY_SIZE); -! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { -! return(XMLSEC_NSS_AES192_KEY_SIZE); -! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { -! return(XMLSEC_NSS_AES256_KEY_SIZE); -! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { -! return(XMLSEC_NSS_AES256_KEY_SIZE); -! } else -! #endif /* XMLSEC_NO_AES */ -! -! if(1) -! return(0); -! } -! -! -! static int -! xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { -! xmlSecNssKeyWrapCtxPtr context ; -! int ret; -! -! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -! -! context = xmlSecNssKeyWrapGetCtx( transform ) ; -! xmlSecAssert2( context != NULL , -1 ) ; -! -! #ifndef XMLSEC_NO_DES -! if( transform->id == xmlSecNssTransformKWDes3Id ) { -! context->cipher = CKM_DES3_CBC ; -! context->keyId = xmlSecNssKeyDataDesId ; -! } else -! #endif /* XMLSEC_NO_DES */ -! -! #ifndef XMLSEC_NO_AES -! if( transform->id == xmlSecNssTransformKWAes128Id ) { -! /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -! context->cipher = CKM_AES_CBC ; -! context->keyId = xmlSecNssKeyDataAesId ; -! } else -! if( transform->id == xmlSecNssTransformKWAes192Id ) { -! /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -! context->cipher = CKM_AES_CBC ; -! context->keyId = xmlSecNssKeyDataAesId ; -! } else -! if( transform->id == xmlSecNssTransformKWAes256Id ) { -! /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -! context->cipher = CKM_AES_CBC ; -! context->keyId = xmlSecNssKeyDataAesId ; -! } else -! #endif /* XMLSEC_NO_AES */ -! -! -! if( 1 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -! NULL , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! context->symkey = NULL ; -! context->material = NULL ; -! -! return(0); -! } -! -! static void -! xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { -! xmlSecNssKeyWrapCtxPtr context ; -! -! xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); -! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); -! -! context = xmlSecNssKeyWrapGetCtx( transform ) ; -! xmlSecAssert( context != NULL ) ; -! -! if( context->symkey != NULL ) { -! PK11_FreeSymKey( context->symkey ) ; -! context->symkey = NULL ; -! } -! -! if( context->material != NULL ) { -! xmlSecBufferDestroy(context->material); -! context->material = NULL ; -! } -! } -! -! static int -! xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { -! xmlSecNssKeyWrapCtxPtr context ; -! xmlSecSize cipherSize = 0 ; -! -! -! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -! xmlSecAssert2(keyReq != NULL, -1); -! -! context = xmlSecNssKeyWrapGetCtx( transform ) ; -! xmlSecAssert2( context != NULL , -1 ) ; -! -! keyReq->keyId = context->keyId; -! keyReq->keyType = xmlSecKeyDataTypeSymmetric; -! if(transform->operation == xmlSecTransformOperationEncrypt) { -! keyReq->keyUsage = xmlSecKeyUsageEncrypt; -! } else { -! keyReq->keyUsage = xmlSecKeyUsageDecrypt; -! } -! -! keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; -! -! return(0); -! } -! -! static int -! xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { -! xmlSecNssKeyWrapCtxPtr context = NULL ; -! xmlSecKeyDataPtr keyData = NULL ; -! PK11SymKey* symkey = NULL ; -! -! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -! xmlSecAssert2(key != NULL, -1); -! -! context = xmlSecNssKeyWrapGetCtx( transform ) ; -! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssKeyWrapGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; -! -! keyData = xmlSecKeyGetValue( key ) ; -! if( keyData == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , -! "xmlSecKeyGetValue" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -! "xmlSecNssSymKeyDataGetKey" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! context->symkey = symkey ; -! -! return(0) ; -! } -! -! /** -! * key wrap transform -! */ -! static int -! xmlSecNssKeyWrapCtxInit( -! xmlSecNssKeyWrapCtxPtr ctx , -! xmlSecBufferPtr in , -! xmlSecBufferPtr out , -! int encrypt , -! xmlSecTransformCtxPtr transformCtx -! ) { -! xmlSecSize blockSize ; -! -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( in != NULL , -1 ) ; -! xmlSecAssert2( out != NULL , -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! if( ctx->material != NULL ) { -! xmlSecBufferDestroy( ctx->material ) ; -! ctx->material = NULL ; -! } -! -! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_GetBlockSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! ctx->material = xmlSecBufferCreate( blockSize ) ; -! if( ctx->material == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferCreate" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! /* read raw key material into context */ -! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferSetData" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferRemoveHead" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! return(0); -! } -! -! /** -! * key wrap transform update -! */ -! static int -! xmlSecNssKeyWrapCtxUpdate( -! xmlSecNssKeyWrapCtxPtr ctx , -! xmlSecBufferPtr in , -! xmlSecBufferPtr out , -! int encrypt , -! xmlSecTransformCtxPtr transformCtx -! ) { -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( ctx->material != NULL , -1 ) ; -! xmlSecAssert2( in != NULL , -1 ) ; -! xmlSecAssert2( out != NULL , -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! /* read raw key material and append into context */ -! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferAppend" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferRemoveHead" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! return(0); -! } -! -! static int -! xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { -! xmlSecSize s; -! xmlSecSize i; -! xmlSecByte c; -! -! xmlSecAssert2(buf != NULL, -1); -! -! s = size / 2; -! --size; -! for(i = 0; i < s; ++i) { -! c = buf[i]; -! buf[i] = buf[size - i]; -! buf[size - i] = c; -! } -! return(0); -! } -! -! static xmlSecByte * -! xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, -! xmlSecByte *out, xmlSecSize outSize) -! { -! PK11Context *context = NULL; -! SECStatus s; -! xmlSecByte *digest = NULL; -! unsigned int len; -! -! xmlSecAssert2(in != NULL, NULL); -! xmlSecAssert2(out != NULL, NULL); -! xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); -! -! /* Create a context for hashing (digesting) */ -! context = PK11_CreateDigestContext(SEC_OID_SHA1); -! if (context == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PK11_CreateDigestContext", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code = %d", PORT_GetError()); -! goto done; -! } -! -! s = PK11_DigestBegin(context); -! if (s != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PK11_DigestBegin", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code = %d", PORT_GetError()); -! goto done; -! } -! -! s = PK11_DigestOp(context, in, inSize); -! if (s != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PK11_DigestOp", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code = %d", PORT_GetError()); -! goto done; -! } -! -! s = PK11_DigestFinal(context, out, &len, outSize); -! if (s != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PK11_DigestFinal", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code = %d", PORT_GetError()); -! goto done; -! } -! xmlSecAssert2(len == SHA1_LENGTH, NULL); -! -! digest = out; -! -! done: -! if (context != NULL) { -! PK11_DestroyContext(context, PR_TRUE); -! } -! return (digest); -! } -! -! static int -! xmlSecNssKWDes3Encrypt( -! PK11SymKey* symKey , -! CK_MECHANISM_TYPE cipherMech , -! const xmlSecByte* iv , -! xmlSecSize ivSize , -! const xmlSecByte* in , -! xmlSecSize inSize , -! xmlSecByte* out , -! xmlSecSize outSize , -! int enc -! ) { -! PK11Context* EncContext = NULL; -! SECItem ivItem ; -! SECItem* secParam = NULL ; -! int tmp1_outlen; -! unsigned int tmp2_outlen; -! int result_len = -1; -! SECStatus rv; -! -! xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( symKey != NULL , -1 ) ; -! xmlSecAssert2(iv != NULL, -1); -! xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); -! xmlSecAssert2(in != NULL, -1); -! xmlSecAssert2(inSize > 0, -1); -! xmlSecAssert2(out != NULL, -1); -! xmlSecAssert2(outSize >= inSize, -1); -! -! /* Prepare IV */ -! ivItem.data = ( unsigned char* )iv ; -! ivItem.len = ivSize ; -! -! secParam = PK11_ParamFromIV(cipherMech, &ivItem); -! if (secParam == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PK11_ParamFromIV", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "Error code = %d", PORT_GetError()); -! goto done; -! } -! -! EncContext = PK11_CreateContextBySymKey(cipherMech, -! enc ? CKA_ENCRYPT : CKA_DECRYPT, -! symKey, secParam); -! if (EncContext == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PK11_CreateContextBySymKey", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "Error code = %d", PORT_GetError()); -! goto done; -! } -! -! tmp1_outlen = tmp2_outlen = 0; -! rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, -! (unsigned char *)in, inSize); -! if (rv != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PK11_CipherOp", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "Error code = %d", PORT_GetError()); -! goto done; -! } -! -! rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, -! &tmp2_outlen, outSize-tmp1_outlen); -! if (rv != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PK11_DigestFinal", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "Error code = %d", PORT_GetError()); -! goto done; -! } -! -! result_len = tmp1_outlen + tmp2_outlen; -! -! done: -! if (secParam) { -! SECITEM_FreeItem(secParam, PR_TRUE); -! } -! if (EncContext) { -! PK11_DestroyContext(EncContext, PR_TRUE); -! } -! -! return(result_len); -! } -! -! static int -! xmlSecNssKeyWrapDesOp( -! xmlSecNssKeyWrapCtxPtr ctx , -! int encrypt , -! xmlSecBufferPtr result -! ) { -! xmlSecByte sha1[SHA1_LENGTH]; -! xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; -! xmlSecByte* in; -! xmlSecSize inSize; -! xmlSecByte* out; -! xmlSecSize outSize; -! xmlSecSize s; -! int ret; -! SECStatus status; -! -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( ctx->material != NULL , -1 ) ; -! xmlSecAssert2( result != NULL , -1 ) ; -! -! in = xmlSecBufferGetData(ctx->material); -! inSize = xmlSecBufferGetSize(ctx->material) ; -! out = xmlSecBufferGetData(result); -! outSize = xmlSecBufferGetMaxSize(result) ; -! if( encrypt ) { -! /* step 2: calculate sha1 and CMS */ -! if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssComputeSHA1", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! -! /* step 3: construct WKCKS */ -! memcpy(out, in, inSize); -! memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); -! -! /* step 4: generate random iv */ -! status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); -! if(status != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PK11_GenerateRandom", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code = %d", PORT_GetError()); -! return(-1); -! } -! -! /* step 5: first encryption, result is TEMP1 */ -! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -! iv, XMLSEC_NSS_DES3_IV_LENGTH, -! out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, -! out, outSize, 1); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssKWDes3Encrypt", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! -! /* step 6: construct TEMP2=IV || TEMP1 */ -! memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, -! inSize + XMLSEC_NSS_DES3_IV_LENGTH); -! memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); -! s = ret + XMLSEC_NSS_DES3_IV_LENGTH; -! -! /* step 7: reverse octets order, result is TEMP3 */ -! ret = xmlSecNssKWDes3BufferReverse(out, s); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssKWDes3BufferReverse", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! -! /* step 8: second encryption with static IV */ -! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, -! out, s, -! out, outSize, 1); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssKWDes3Encrypt", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! s = ret; -! -! if( xmlSecBufferSetSize( result , s ) < 0 ) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBufferSetSize", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! } else { -! /* step 2: first decryption with static IV, result is TEMP3 */ -! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, -! in, inSize, -! out, outSize, 0); -! if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssKWDes3Encrypt", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! s = ret; -! -! /* step 3: reverse octets order in TEMP3, result is TEMP2 */ -! ret = xmlSecNssKWDes3BufferReverse(out, s); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssKWDes3BufferReverse", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! -! /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ -! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -! out, XMLSEC_NSS_DES3_IV_LENGTH, -! out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, -! out, outSize, 0); -! if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssKWDes3Encrypt", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! s = ret - XMLSEC_NSS_DES3_IV_LENGTH; -! -! /* steps 6 and 7: calculate SHA1 and validate it */ -! if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssComputeSHA1", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! -! if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "SHA1 does not match"); -! return(-1); -! } -! -! if( xmlSecBufferSetSize( result , s ) < 0 ) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBufferSetSize", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! } -! -! return(0); -! } -! -! static int -! xmlSecNssKeyWrapAesOp( -! xmlSecNssKeyWrapCtxPtr ctx , -! int encrypt , -! xmlSecBufferPtr result -! ) { -! PK11Context* cipherCtx = NULL; -! SECItem ivItem ; -! SECItem* secParam = NULL ; -! xmlSecSize inSize ; -! xmlSecSize inBlocks ; -! int blockSize ; -! int midSize ; -! int finSize ; -! xmlSecByte* out ; -! xmlSecSize outSize; -! -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( ctx->material != NULL , -1 ) ; -! xmlSecAssert2( result != NULL , -1 ) ; -! -! /* Do not set any IV */ -! memset(&ivItem, 0, sizeof(ivItem)); -! -! /* Get block size */ -! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_GetBlockSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! inSize = xmlSecBufferGetSize( ctx->material ) ; -! if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferSetMaxSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! /* Get Param for context initialization */ -! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_ParamFromIV" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; -! if( cipherCtx == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_CreateContextBySymKey" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! SECITEM_FreeItem( secParam , PR_TRUE ) ; -! return(-1); -! } -! -! out = xmlSecBufferGetData(result) ; -! outSize = xmlSecBufferGetMaxSize(result) ; -! if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_CipherOp" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_DigestFinal" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferSetSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! return 0 ; -! } -! -! /** -! * Block cipher transform final -! */ -! static int -! xmlSecNssKeyWrapCtxFinal( -! xmlSecNssKeyWrapCtxPtr ctx , -! xmlSecBufferPtr in , -! xmlSecBufferPtr out , -! int encrypt , -! xmlSecTransformCtxPtr transformCtx -! ) { -! PK11SymKey* targetKey ; -! xmlSecSize blockSize ; -! xmlSecBufferPtr result ; -! -! xmlSecAssert2( ctx != NULL , -1 ) ; -! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -! xmlSecAssert2( ctx->material != NULL , -1 ) ; -! xmlSecAssert2( in != NULL , -1 ) ; -! xmlSecAssert2( out != NULL , -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! /* read raw key material and append into context */ -! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferAppend" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferRemoveHead" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! /* Now we get all of the key materail */ -! /* from now on we will wrap or unwrap the key */ -! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "PK11_GetBlockSize" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! result = xmlSecBufferCreate( blockSize ) ; -! if( result == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferCreate" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! switch( ctx->cipher ) { -! case CKM_DES3_CBC : -! if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssKeyWrapDesOp" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy(result); -! return(-1); -! } -! break ; -! /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ -! case CKM_AES_CBC : -! if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecNssKeyWrapAesOp" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy(result); -! return(-1); -! } -! break ; -! } -! -! /* Write output */ -! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! "xmlSecBufferAppend" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecBufferDestroy(result); -! return(-1); -! } -! xmlSecBufferDestroy(result); -! -! return(0); -! } -! -! static int -! xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { -! xmlSecNssKeyWrapCtxPtr context = NULL ; -! xmlSecBufferPtr inBuf, outBuf ; -! int operation ; -! int rtv ; -! -! xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; -! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; -! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -! xmlSecAssert2( transformCtx != NULL , -1 ) ; -! -! context = xmlSecNssKeyWrapGetCtx( transform ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssKeyWrapGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! inBuf = &( transform->inBuf ) ; -! outBuf = &( transform->outBuf ) ; -! -! if( transform->status == xmlSecTransformStatusNone ) { -! transform->status = xmlSecTransformStatusWorking ; -! } -! -! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; -! if( transform->status == xmlSecTransformStatusWorking ) { -! if( context->material == NULL ) { -! rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; -! if( rtv < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssKeyWrapCtxInit" , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! } -! -! if( context->material == NULL && last != 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! NULL , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! "No enough data to intialize transform" ) ; -! return(-1); -! } -! -! if( context->material != NULL ) { -! rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; -! if( rtv < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssKeyWrapCtxUpdate" , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! } -! -! if( last ) { -! rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; -! if( rtv < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! "xmlSecNssKeyWrapCtxFinal" , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! transform->status = xmlSecTransformStatusFinished ; -! } -! } else if( transform->status == xmlSecTransformStatusFinished ) { -! if( xmlSecBufferGetSize( inBuf ) != 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! NULL , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! "status=%d", transform->status ) ; -! return(-1); -! } -! } else { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -! NULL , -! XMLSEC_ERRORS_R_INVALID_STATUS , -! "status=%d", transform->status ) ; -! return(-1); -! } -! -! return(0); -! } -! -! #ifndef XMLSEC_NO_AES -! -! -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { -! #else -! static xmlSecTransformKlass xmlSecNssKWAes128Klass = { -! #endif -! /* klass/object sizes */ -! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -! -! xmlSecNameKWAes128, /* const xmlChar* name; */ -! xmlSecHrefKWAes128, /* const xmlChar* href; */ -! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -! -! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -! NULL, /* xmlSecTransformNodeReadMethod readNode; */ -! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -! NULL, /* xmlSecTransformValidateMethod validate; */ -! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -! NULL, /* xmlSecTransformPopXmlMethod popXml; */ -! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -! -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ -! }; -! -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { -! #else -! static xmlSecTransformKlass xmlSecNssKWAes192Klass = { -! #endif -! /* klass/object sizes */ -! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -! -! xmlSecNameKWAes192, /* const xmlChar* name; */ -! xmlSecHrefKWAes192, /* const xmlChar* href; */ -! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -! -! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -! NULL, /* xmlSecTransformNodeReadMethod readNode; */ -! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -! NULL, /* xmlSecTransformValidateMethod validate; */ -! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -! NULL, /* xmlSecTransformPopXmlMethod popXml; */ -! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -! -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ -! }; -! -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { -! #else -! static xmlSecTransformKlass xmlSecNssKWAes256Klass = { -! #endif -! /* klass/object sizes */ -! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -! -! xmlSecNameKWAes256, /* const xmlChar* name; */ -! xmlSecHrefKWAes256, /* const xmlChar* href; */ -! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -! -! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -! NULL, /* xmlSecTransformNodeReadMethod readNode; */ -! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -! NULL, /* xmlSecTransformValidateMethod validate; */ -! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -! NULL, /* xmlSecTransformPopXmlMethod popXml; */ -! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -! -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ -! }; -! -! /** -! * xmlSecNssTransformKWAes128GetKlass: -! * -! * The AES-128 key wrapper transform klass. -! * -! * Returns AES-128 key wrapper transform klass. -! */ -! xmlSecTransformId -! xmlSecNssTransformKWAes128GetKlass(void) { -! return(&xmlSecNssKWAes128Klass); -! } -! -! /** -! * xmlSecNssTransformKWAes192GetKlass: -! * -! * The AES-192 key wrapper transform klass. -! * -! * Returns AES-192 key wrapper transform klass. -! */ -! xmlSecTransformId -! xmlSecNssTransformKWAes192GetKlass(void) { -! return(&xmlSecNssKWAes192Klass); -! } -! -! /** -! * -! * The AES-256 key wrapper transform klass. -! * -! * Returns AES-256 key wrapper transform klass. -! */ -! xmlSecTransformId -! xmlSecNssTransformKWAes256GetKlass(void) { -! return(&xmlSecNssKWAes256Klass); -! } -! -! #endif /* XMLSEC_NO_AES */ -! -! -! #ifndef XMLSEC_NO_DES -! -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { -! #else -! static xmlSecTransformKlass xmlSecNssKWDes3Klass = { -! #endif -! /* klass/object sizes */ -! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -! -! xmlSecNameKWDes3, /* const xmlChar* name; */ -! xmlSecHrefKWDes3, /* const xmlChar* href; */ -! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -! -! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -! NULL, /* xmlSecTransformNodeReadMethod readNode; */ -! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -! NULL, /* xmlSecTransformValidateMethod validate; */ -! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -! NULL, /* xmlSecTransformPopXmlMethod popXml; */ -! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -! -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ -! }; -! -! /** -! * xmlSecNssTransformKWDes3GetKlass: -! * -! * The Triple DES key wrapper transform klass. -! * -! * Returns Triple DES key wrapper transform klass. -! */ -! xmlSecTransformId -! xmlSecNssTransformKWDes3GetKlass(void) { -! return(&xmlSecNssKWDes3Klass); -! } -! -! #endif /* XMLSEC_NO_DES */ -! -*** misc/xmlsec1-1.2.6/src/nss/pkikeys.c Wed Mar 17 06:06:45 2004 ---- misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c Fri May 11 14:47:20 2007 -*************** -*** 5,10 **** ---- 5,11 ---- - * distribution for preciese wording. - * - * Copyright (c) 2003 America Online, Inc. All rights reserved. -+ * Copyright ........................... - */ - #include "globals.h" - -*************** -*** 24,29 **** ---- 25,31 ---- - #include <xmlsec/nss/crypto.h> - #include <xmlsec/nss/bignum.h> - #include <xmlsec/nss/pkikeys.h> -+ #include <xmlsec/nss/tokens.h> - - /************************************************************************** - * -*************** -*** 98,111 **** - { - xmlSecAssert(ctx != NULL); - if (ctx->privkey != NULL) { -! SECKEY_DestroyPrivateKey(ctx->privkey); -! ctx->privkey = NULL; - } - -! if (ctx->pubkey) -! { -! SECKEY_DestroyPublicKey(ctx->pubkey); -! ctx->pubkey = NULL; - } - - } ---- 100,112 ---- - { - xmlSecAssert(ctx != NULL); - if (ctx->privkey != NULL) { -! SECKEY_DestroyPrivateKey(ctx->privkey); -! ctx->privkey = NULL; - } - -! if (ctx->pubkey) { -! SECKEY_DestroyPublicKey(ctx->pubkey); -! ctx->pubkey = NULL; - } - - } -*************** -*** 115,143 **** - xmlSecNssPKIKeyDataCtxPtr ctxSrc) - { - xmlSecNSSPKIKeyDataCtxFree(ctxDst); - if (ctxSrc->privkey != NULL) { -! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); -! if(ctxDst->privkey == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "SECKEY_CopyPrivateKey", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } - } - - if (ctxSrc->pubkey != NULL) { -! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); -! if(ctxDst->pubkey == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "SECKEY_CopyPublicKey", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } - } - return (0); - } - ---- 116,147 ---- - xmlSecNssPKIKeyDataCtxPtr ctxSrc) - { - xmlSecNSSPKIKeyDataCtxFree(ctxDst); -+ ctxDst->privkey = NULL ; -+ ctxDst->pubkey = NULL ; - if (ctxSrc->privkey != NULL) { -! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); -! if(ctxDst->privkey == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "SECKEY_CopyPrivateKey", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); -! return(-1); -! } - } - - if (ctxSrc->pubkey != NULL) { -! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); -! if(ctxDst->pubkey == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "SECKEY_CopyPublicKey", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); -! return(-1); -! } - } -+ - return (0); - } - -*************** -*** 147,166 **** - SECKEYPublicKey *pubkey) - { - xmlSecNssPKIKeyDataCtxPtr ctx; - - xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); - xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); - - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); - - if (ctx->privkey) { -! SECKEY_DestroyPrivateKey(ctx->privkey); - } - ctx->privkey = privkey; - - if (ctx->pubkey) { -! SECKEY_DestroyPublicKey(ctx->pubkey); - } - ctx->pubkey = pubkey; - ---- 151,191 ---- - SECKEYPublicKey *pubkey) - { - xmlSecNssPKIKeyDataCtxPtr ctx; -+ KeyType pubType = nullKey ; -+ KeyType priType = nullKey ; - - xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); - xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); - -+ if( privkey != NULL ) { -+ priType = SECKEY_GetPrivateKeyType( privkey ) ; -+ } -+ -+ if( pubkey != NULL ) { -+ pubType = SECKEY_GetPublicKeyType( pubkey ) ; -+ } -+ -+ if( priType != nullKey && pubType != nullKey ) { -+ if( pubType != priType ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "different type of private and public key" ) ; -+ return -1 ; -+ } -+ } -+ - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); - - if (ctx->privkey) { -! SECKEY_DestroyPrivateKey(ctx->privkey); - } - ctx->privkey = privkey; - - if (ctx->pubkey) { -! SECKEY_DestroyPublicKey(ctx->pubkey); - } - ctx->pubkey = pubkey; - -*************** -*** 183,243 **** - { - xmlSecKeyDataPtr data = NULL; - int ret; -! KeyType kt; -! -! if (pubkey != NULL) { -! kt = SECKEY_GetPublicKeyType(pubkey); -! } else { -! kt = SECKEY_GetPrivateKeyType(privkey); -! pubkey = SECKEY_ConvertToPublicKey(privkey); -! } - -! switch(kt) { - #ifndef XMLSEC_NO_RSA - case rsaKey: -! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); -! if(data == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecKeyDataCreate", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "xmlSecNssKeyDataRsaId"); -! return(NULL); -! } -! break; - #endif /* XMLSEC_NO_RSA */ - #ifndef XMLSEC_NO_DSA - case dsaKey: -! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); -! if(data == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecKeyDataCreate", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "xmlSecNssKeyDataDsaId"); -! return(NULL); -! } -! break; - #endif /* XMLSEC_NO_DSA */ - default: -! xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, -! "PKI key type %d not supported", kt); -! return(NULL); - } - - xmlSecAssert2(data != NULL, NULL); - ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); - if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -! xmlSecKeyDataDestroy(data); -! return(NULL); - } - return(data); - } ---- 208,282 ---- - { - xmlSecKeyDataPtr data = NULL; - int ret; -! KeyType pubType = nullKey ; -! KeyType priType = nullKey ; - -! if( privkey != NULL ) { -! priType = SECKEY_GetPrivateKeyType( privkey ) ; -! } -! -! if( pubkey != NULL ) { -! pubType = SECKEY_GetPublicKeyType( pubkey ) ; -! } -! -! if( priType != nullKey && pubType != nullKey ) { -! if( pubType != priType ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! "different type of private and public key" ) ; -! return( NULL ) ; -! } -! } -! -! pubType = priType != nullKey ? priType : pubType ; -! switch(pubType) { - #ifndef XMLSEC_NO_RSA - case rsaKey: -! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); -! if(data == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecKeyDataCreate", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "xmlSecNssKeyDataRsaId"); -! return(NULL); -! } -! break; - #endif /* XMLSEC_NO_RSA */ - #ifndef XMLSEC_NO_DSA - case dsaKey: -! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); -! if(data == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecKeyDataCreate", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "xmlSecNssKeyDataDsaId"); -! return(NULL); -! } -! break; - #endif /* XMLSEC_NO_DSA */ - default: -! xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, -! "PKI key type %d not supported", pubType); -! return(NULL); - } - - xmlSecAssert2(data != NULL, NULL); - ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); - if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -! xmlSecKeyDataDestroy(data); -! return(NULL); - } - return(data); - } -*************** -*** 263,269 **** - xmlSecAssert2(ctx != NULL, NULL); - xmlSecAssert2(ctx->pubkey != NULL, NULL); - -! ret = SECKEY_CopyPublicKey(ctx->pubkey); - return(ret); - } - ---- 302,308 ---- - xmlSecAssert2(ctx != NULL, NULL); - xmlSecAssert2(ctx->pubkey != NULL, NULL); - -! ret = SECKEY_CopyPublicKey(ctx->pubkey); - return(ret); - } - -*************** -*** 312,320 **** - xmlSecAssert2(ctx != NULL, nullKey); - - if (ctx->pubkey != NULL) { -! kt = SECKEY_GetPublicKeyType(ctx->pubkey); - } else { -! kt = SECKEY_GetPrivateKeyType(ctx->privkey); - } - return(kt); - } ---- 351,359 ---- - xmlSecAssert2(ctx != NULL, nullKey); - - if (ctx->pubkey != NULL) { -! kt = SECKEY_GetPublicKeyType(ctx->pubkey); - } else { -! kt = SECKEY_GetPrivateKeyType(ctx->privkey); - } - return(kt); - } -*************** -*** 453,459 **** ---- 492,502 ---- - static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data, - FILE* output); - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), - xmlSecNssPKIKeyDataSize, - -*************** -*** 553,565 **** - goto done; - } - -! slot = PK11_GetBestSlot(CKM_DSA, NULL); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - ret = -1; - goto done; - } ---- 596,608 ---- - goto done; - } - -! slot = xmlSecNssSlotGet(CKM_DSA); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - ret = -1; - goto done; - } -*************** -*** 570,576 **** - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - ret = -1; - goto done; - } ---- 613,619 ---- - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - ret = -1; - goto done; - } -*************** -*** 582,588 **** - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - PORT_FreeArena(arena, PR_FALSE); - ret = -1; - goto done; ---- 625,631 ---- - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - PORT_FreeArena(arena, PR_FALSE); - ret = -1; - goto done; -*************** -*** 750,770 **** - goto done; - } - data = NULL; -- - ret = 0; - - done: - if (slot != NULL) { -! PK11_FreeSlot(slot); - } -! if (ret != 0) { -! if (pubkey != NULL) { -! SECKEY_DestroyPublicKey(pubkey); -! } -! if (data != NULL) { -! xmlSecKeyDataDestroy(data); -! } - } - return(ret); - } - ---- 793,813 ---- - goto done; - } - data = NULL; - ret = 0; - - done: - if (slot != NULL) { -! PK11_FreeSlot(slot); - } -! -! if (pubkey != NULL) { -! SECKEY_DestroyPublicKey(pubkey); -! } -! -! if (data != NULL) { -! xmlSecKeyDataDestroy(data); - } -+ - return(ret); - } - -*************** -*** 783,789 **** - - ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); - - if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { - /* we can have only private key or public key */ ---- 826,832 ---- - - ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ - - if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { - /* we can have only private key or public key */ -*************** -*** 905,911 **** - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_ParamGen", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "size=%d", sizeBits); - goto done; - } - ---- 948,955 ---- - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_ParamGen", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "size=%d, error code=%d", sizeBits, PORT_GetError()); -! ret = -1; - goto done; - } - -*************** -*** 915,925 **** - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_VerifyParams", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "size=%d", sizeBits); - goto done; - } - -! slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); - privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, - &pubkey, PR_FALSE, PR_TRUE, NULL); ---- 959,970 ---- - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_VerifyParams", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "size=%d, error code=%d", sizeBits, PORT_GetError()); -! ret = -1; - goto done; - } - -! slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); - privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, - &pubkey, PR_FALSE, PR_TRUE, NULL); -*************** -*** 929,936 **** - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - - goto done; - } - ---- 974,982 ---- - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - -+ ret = -1; - goto done; - } - -*************** -*** 943,971 **** - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } -! - ret = 0; - - done: - if (slot != NULL) { -! PK11_FreeSlot(slot); - } - if (pqgParams != NULL) { -! PK11_PQG_DestroyParams(pqgParams); - } - if (pqgVerify != NULL) { -! PK11_PQG_DestroyVerify(pqgVerify); -! } -! if (ret == 0) { -! return (0); - } - if (pubkey != NULL) { -! SECKEY_DestroyPublicKey(pubkey); - } - if (privkey != NULL) { -! SECKEY_DestroyPrivateKey(privkey); - } -! return(-1); - } - - static xmlSecKeyDataType ---- 989,1020 ---- - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } -! privkey = NULL ; -! pubkey = NULL ; - ret = 0; - - done: - if (slot != NULL) { -! PK11_FreeSlot(slot); - } -+ - if (pqgParams != NULL) { -! PK11_PQG_DestroyParams(pqgParams); - } -+ - if (pqgVerify != NULL) { -! PK11_PQG_DestroyVerify(pqgVerify); - } -+ - if (pubkey != NULL) { -! SECKEY_DestroyPublicKey(pubkey); - } -+ - if (privkey != NULL) { -! SECKEY_DestroyPrivateKey(privkey); - } -! -! return(ret); - } - - static xmlSecKeyDataType -*************** -*** 975,985 **** - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); - if (ctx->privkey != NULL) { -! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); -! } else { -! return(xmlSecKeyDataTypePublic); - } ++#ifndef __XMLSEC_NSS_AKMNGR_H__ ++#define __XMLSEC_NSS_AKMNGR_H__ ++ ++#include <nss.h> ++#include <nspr.h> ++#include <pk11func.h> ++#include <cert.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++ ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr ++xmlSecNssAppliedKeysMngrCreate( ++ PK11SlotInfo** slots, ++ int cSlots, ++ CERTCertDBHandle* handler ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssAppliedKeysMngrSymKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ PK11SymKey* symKey ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssAppliedKeysMngrPubKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ SECKEYPublicKey* pubKey ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssAppliedKeysMngrPriKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ SECKEYPrivateKey* priKey ++) ; ++ ++#ifdef __cplusplus ++} ++#endif /* __cplusplus */ ++ ++#endif /* __XMLSEC_NSS_AKMNGR_H__ */ ++ ++ +--- misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2004-01-12 22:06:14.000000000 +0100 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2008-06-29 23:44:19.000000000 +0200 +@@ -22,6 +22,9 @@ + #include <xmlsec/keysmngr.h> + #include <xmlsec/transforms.h> + ++#include <xmlsec/nss/tokens.h> ++#include <xmlsec/nss/akmngr.h> ++ + /** + * Init/shutdown + */ +@@ -34,6 +37,8 @@ + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, + xmlSecKeyPtr key); ++XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, ++ xmlSecNssKeySlotPtr keySlot); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, + const char* uri); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, +--- misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2008-06-29 23:44:39.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,35 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright .......................... ++ */ ++#ifndef __XMLSEC_NSS_CIPHERS_H__ ++#define __XMLSEC_NSS_CIPHERS_H__ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++ ++ ++XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, ++ PK11SymKey* symkey ) ; ++ ++XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; ++ ++XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); ++ ++ ++#ifdef __cplusplus ++} ++#endif /* __cplusplus */ ++ ++#endif /* __XMLSEC_NSS_CIPHERS_H__ */ ++ ++ +--- misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2004-01-12 22:06:14.000000000 +0100 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2008-06-29 23:44:19.000000000 +0200 +@@ -264,6 +264,15 @@ + xmlSecNssTransformRsaPkcs1GetKlass() + XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void); + ++/** ++ * xmlSecNssTransformRsaOaepId: ++ * ++ * The RSA OAEP key transport transform klass. ++ */ ++#define xmlSecNssTransformRsaOaepId \ ++ xmlSecNssTransformRsaOaepGetKlass() ++XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void); ++ + #endif /* XMLSEC_NO_RSA */ + + +--- misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2003-07-30 04:46:35.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2008-06-29 23:44:19.000000000 +0200 +@@ -16,6 +16,8 @@ + #endif /* __cplusplus */ + + #include <xmlsec/xmlsec.h> ++#include <xmlsec/keysmngr.h> ++#include <xmlsec/nss/tokens.h> + + /**************************************************************************** + * +@@ -31,6 +33,8 @@ + XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); + XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, + xmlSecKeyPtr key); ++XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, ++ xmlSecNssKeySlotPtr keySlot); + XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, + const char *uri, + xmlSecKeysMngrPtr keysMngr); +--- misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2008-06-29 23:44:39.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,182 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. ++ * ++ * Contributor(s): _____________________________ ++ * ++ */ ++#ifndef __XMLSEC_NSS_TOKENS_H__ ++#define __XMLSEC_NSS_TOKENS_H__ ++ ++#include <string.h> ++ ++#include <nss.h> ++#include <pk11func.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/list.h> ++ ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++/** ++ * xmlSecNssKeySlotListId ++ * ++ * The crypto mechanism list klass ++ */ ++#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() ++XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; ++ ++/******************************************* ++ * KeySlot interfaces ++ *******************************************/ ++/** ++ * Internal NSS key slot data ++ * @mechanismList: the mechanisms that the slot bound with. ++ * @slot: the pkcs slot ++ * ++ * This context is located after xmlSecPtrList ++ */ ++typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; ++typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; ++ ++struct _xmlSecNssKeySlot { ++ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ ++ PK11SlotInfo* slot ; ++} ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotSetMechList( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE_PTR mechanismList ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotEnableMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE mechanism ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotDisableMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE mechanism ++) ; ++ ++XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR ++xmlSecNssKeySlotGetMechList( ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotSetSlot( ++ xmlSecNssKeySlotPtr keySlot , ++ PK11SlotInfo* slot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotInitialize( ++ xmlSecNssKeySlotPtr keySlot , ++ PK11SlotInfo* slot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT void ++xmlSecNssKeySlotFinalize( ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT PK11SlotInfo* ++xmlSecNssKeySlotGetSlot( ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr ++xmlSecNssKeySlotCreate() ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotCopy( ++ xmlSecNssKeySlotPtr newKeySlot , ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr ++xmlSecNssKeySlotDuplicate( ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT void ++xmlSecNssKeySlotDestroy( ++ xmlSecNssKeySlotPtr keySlot ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotBindMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE type ++) ; ++ ++XMLSEC_CRYPTO_EXPORT int ++xmlSecNssKeySlotSupportMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE type ++) ; ++ ++ ++/************************************************************************ ++ * PKCS#11 crypto token interfaces ++ * ++ * A PKCS#11 slot repository will be defined internally. From the ++ * repository, a user can specify a particular slot for a certain crypto ++ * mechanism. ++ * ++ * In some situation, some cryptographic operation should act in a user ++ * designated devices. The interfaces defined here provide the way. If ++ * the user do not initialize the repository distinctly, the interfaces ++ * use the default functions provided by NSS itself. ++ * ++ ************************************************************************/ ++/** ++ * Initialize NSS pkcs#11 slot repository ++ * ++ * Returns 0 if success or -1 if an error occurs. ++ */ ++XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; ++ ++/** ++ * Shutdown and destroy NSS pkcs#11 slot repository ++ */ ++XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; ++ ++/** ++ * Get PKCS#11 slot handler ++ * @type the mechanism that the slot must support. ++ * ++ * Returns a pointer to PKCS#11 slot or NULL if an error occurs. ++ * ++ * Notes: The returned handler must be destroied distinctly. ++ */ ++XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; ++ ++/** ++ * Adopt a pkcs#11 slot with a mechanism into the repository ++ * @slot: the pkcs#11 slot. ++ * @mech: the mechanism. ++ * ++ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with ++ * this mechanism only can perform on the @slot. ++ * ++ * Returns 0 if success or -1 if an error occurs. ++ */ ++XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; ++ ++#ifdef __cplusplus ++} ++#endif /* __cplusplus */ ++ ++#endif /* __XMLSEC_NSS_TOKENS_H__ */ ++ +--- misc/xmlsec1-1.2.6/libxml2-config 2008-06-29 23:44:40.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/libxml2-config 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,48 @@ +-dummy ++#! /bin/sh ++ ++if test "$SYSTEM_LIBXML" = "YES" ++then xml2-config "$@"; exit 0 ++fi ++ ++prefix=${SOLARVERSION}/${INPATH} ++includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external ++libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT} ++ ++while test $# -gt 0; do ++ case "$1" in ++ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; ++ *) optarg= ;; ++ esac ++ ++ case "$1" in ++ --prefix=*) ++ prefix=$optarg ++ includedir=$prefix/include ++ libdir=$prefix/lib ++ ;; ++ ++ --prefix) ++ echo $prefix ++ ;; ++ ++ --version) ++ echo 2.5.4 ++ exit 0 ++ ;; ++ ++ --cflags) ++ echo -I${includedir} ++ ;; ++ ++ --libs) ++ echo -L${libdir} ${LIBXML2LIB} ${ZLIB3RDLIB} -lm ++ ;; ++ ++ *) ++ exit 1 ++ ;; ++ esac ++ shift ++done ++ ++exit 0 +--- misc/xmlsec1-1.2.6/ltmain.sh 2004-08-26 08:00:15.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/ltmain.sh 2008-06-29 23:44:19.000000000 +0200 +@@ -1661,6 +1661,11 @@ + fi + ;; + ++ *.lib) ++ deplibs="$deplibs $arg" ++ continue ++ ;; ++ + *.$libext) + # An archive. + deplibs="$deplibs $arg" +@@ -1974,6 +1979,10 @@ + continue + ;; + *.la) lib="$deplib" ;; ++ *.lib) ++ deplibs="$deplib $deplibs" ++ continue ++ ;; + *.$libext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" +@@ -2994,13 +3003,13 @@ + ;; + + freebsd-aout) +- major=".$current" +- versuffix=".$current.$revision"; ++ major=.`expr $current - $age` ++ versuffix="$major.$age.$revision" + ;; + + freebsd-elf) +- major=".$current" +- versuffix=".$current"; ++ major=.`expr $current - $age` ++ versuffix="$major.$age.$revision" + ;; + + irix | nonstopux) +@@ -3564,7 +3573,8 @@ + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" +- dep_rpath="$dep_rpath $flag" ++# what the ... ++# dep_rpath="$dep_rpath $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in +--- misc/xmlsec1-1.2.6/src/bn.c 2004-06-21 20:33:27.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/bn.c 2008-06-29 23:44:19.000000000 +0200 +@@ -170,8 +170,10 @@ + */ + int + xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { +- xmlSecSize i, len; ++ xmlSecSize i, len, size; + xmlSecByte ch; ++ xmlSecByte* data; ++ int positive; + int nn; + int ret; + +@@ -183,7 +185,7 @@ + /* trivial case */ + len = xmlStrlen(str); + if(len == 0) { +- return(0); ++ return(0); + } + + /* The result size could not exceed the input string length +@@ -191,54 +193,131 @@ + * In truth, it would be likely less than 1/2 input string length + * because each byte is represented by 2 chars. If needed, + * buffer size would be increased by Mul/Add functions. ++ * Finally, we can add one byte for 00 or 10 prefix. + */ +- ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1); ++ ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1); + if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecBnRevLookupTable", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", len / 2 + 1); +- return (-1); ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnRevLookupTable", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "size=%d", len / 2 + 1); ++ return (-1); ++ } ++ ++ /* figure out if it is positive or negative number */ ++ positive = 1; ++ i = 0; ++ while(i < len) { ++ ch = str[i++]; ++ ++ /* skip spaces */ ++ if(isspace(ch)) { ++ continue; ++ } ++ ++ /* check if it is + or - */ ++ if(ch == '+') { ++ positive = 1; ++ break; ++ } else if(ch == '-') { ++ positive = 0; ++ break; ++ } ++ ++ /* otherwise, it must be start of the number */ ++ nn = xmlSecBnLookupTable[ch]; ++ if((nn >= 0) && ((xmlSecSize)nn < base)) { ++ xmlSecAssert2(i > 0, -1); ++ ++ /* no sign, positive by default */ ++ positive = 1; ++ --i; /* make sure that we will look at this character in next loop */ ++ break; ++ } else { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ NULL, ++ XMLSEC_ERRORS_R_INVALID_DATA, ++ "char=%c;base=%d", ++ ch, base); ++ return (-1); ++ } ++ } ++ ++ /* now parse the number itself */ ++ while(i < len) { ++ ch = str[i++]; ++ if(isspace(ch)) { ++ continue; ++ } ++ ++ xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); ++ nn = xmlSecBnLookupTable[ch]; ++ if((nn < 0) || ((xmlSecSize)nn > base)) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ NULL, ++ XMLSEC_ERRORS_R_INVALID_DATA, ++ "char=%c;base=%d", ++ ch, base); ++ return (-1); ++ } ++ ++ ret = xmlSecBnMul(bn, base); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnMul", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "base=%d", base); ++ return (-1); ++ } ++ ++ ret = xmlSecBnAdd(bn, nn); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnAdd", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "base=%d", base); ++ return (-1); ++} + } + +- for(i = 0; i < len; i++) { +- ch = str[i]; +- if(isspace(ch)) { +- continue; +- } +- +- xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); +- nn = xmlSecBnLookupTable[ch]; +- if((nn < 0) || ((xmlSecSize)nn > base)) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "char=%c;base=%d", +- ch, base); +- return (-1); +- } +- +- ret = xmlSecBnMul(bn, base); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecBnMul", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "base=%d", base); +- return (-1); +- } +- +- ret = xmlSecBnAdd(bn, nn); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecBnAdd", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "base=%d", base); +- return (-1); +- } ++ /* check if we need to add 00 prefix */ ++ data = xmlSecBufferGetData(bn); ++ size = xmlSecBufferGetSize(bn); ++ if((size > 0 && data[0] > 127)||(size==0)) { ++ ch = 0; ++ ret = xmlSecBufferPrepend(bn, &ch, 1); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBufferPrepend", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "base=%d", base); ++ return (-1); ++ } ++ } ++ ++ /* do 2's compliment and add 1 to represent negative value */ ++ if(positive == 0) { ++ data = xmlSecBufferGetData(bn); ++ size = xmlSecBufferGetSize(bn); ++ for(i = 0; i < size; ++i) { ++ data[i] ^= 0xFF; ++ } ++ ++ ret = xmlSecBnAdd(bn, 1); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnAdd", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "base=%d", base); ++ return (-1); ++ } + } + + return(0); +@@ -256,8 +335,12 @@ + */ + xmlChar* + xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { ++ xmlSecBn bn2; ++ int positive = 1; + xmlChar* res; +- xmlSecSize i, len; ++ xmlSecSize i, len, size; ++ xmlSecByte* data; ++ int ret; + int nn; + xmlChar ch; + +@@ -265,35 +348,86 @@ + xmlSecAssert2(base > 1, NULL); + xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); + ++ ++ /* copy bn */ ++ data = xmlSecBufferGetData(bn); ++ size = xmlSecBufferGetSize(bn); ++ ret = xmlSecBnInitialize(&bn2, size); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "size=%d", size); ++ return (NULL); ++ } ++ ++ ret = xmlSecBnSetData(&bn2, data, size); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnSetData", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "size=%d", size); ++ xmlSecBnFinalize(&bn2); ++ return (NULL); ++ } ++ ++ /* check if it is a negative number or not */ ++ data = xmlSecBufferGetData(&bn2); ++ size = xmlSecBufferGetSize(&bn2); ++ if((size > 0) && (data[0] > 127)) { ++ /* subtract 1 and do 2's compliment */ ++ ret = xmlSecBnAdd(&bn2, -1); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnAdd", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "size=%d", size); ++ xmlSecBnFinalize(&bn2); ++ return (NULL); ++ } ++ for(i = 0; i < size; ++i) { ++ data[i] ^= 0xFF; ++ } ++ ++ positive = 0; ++ } else { ++ positive = 1; ++ } ++ + /* Result string len is + * len = log base (256) * <bn size> + * Since the smallest base == 2 then we can get away with + * len = 8 * <bn size> + */ +- len = 8 * xmlSecBufferGetSize(bn) + 1; ++ len = 8 * size + 1 + 1; + res = (xmlChar*)xmlMalloc(len + 1); + if(res == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_MALLOC_FAILED, +- "len=%d", len); +- return (NULL); ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ NULL, ++ XMLSEC_ERRORS_R_MALLOC_FAILED, ++ "len=%d", len); ++ xmlSecBnFinalize(&bn2); ++ return (NULL); + } + memset(res, 0, len + 1); + +- for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) { +- if(xmlSecBnDiv(bn, base, &nn) < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecBnDiv", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "base=%d", base); +- xmlFree(res); +- return (NULL); +- } +- xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); +- res[i] = xmlSecBnRevLookupTable[nn]; ++ for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) { ++ if(xmlSecBnDiv(&bn2, base, &nn) < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnDiv", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "base=%d", base); ++ xmlFree(res); ++ xmlSecBnFinalize(&bn2); ++ return (NULL); ++ } ++ xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); ++ res[i] = xmlSecBnRevLookupTable[nn]; + } + xmlSecAssert2(i < len, NULL); + +@@ -301,13 +435,20 @@ + for(len = i; (len > 1) && (res[len - 1] == '0'); len--); + res[len] = '\0'; + ++ /* add "-" for negative numbers */ ++ if(positive == 0) { ++ res[len] = '-'; ++ res[++len] = '\0'; ++ } ++ + /* swap the string because we wrote it in reverse order */ + for(i = 0; i < len / 2; i++) { +- ch = res[i]; +- res[i] = res[len - i - 1]; +- res[len - i - 1] = ch; ++ ch = res[i]; ++ res[i] = res[len - i - 1]; ++ res[len - i - 1] = ch; + } + ++ xmlSecBnFinalize(&bn2); + return(res); + } + +@@ -392,7 +533,9 @@ + } + + data = xmlSecBufferGetData(bn); +- for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) { ++ i = xmlSecBufferGetSize(bn); ++ over = 0; ++ while(i > 0) { + xmlSecAssert2(data != NULL, -1); + + over = over + multiplier * data[--i]; +@@ -487,43 +630,57 @@ + */ + int + xmlSecBnAdd(xmlSecBnPtr bn, int delta) { +- int over; ++ int over, tmp; + xmlSecByte* data; + xmlSecSize i; + xmlSecByte ch; + int ret; + + xmlSecAssert2(bn != NULL, -1); +- xmlSecAssert2(delta >= 0, -1); + + if(delta == 0) { +- return(0); ++ return(0); + } + + data = xmlSecBufferGetData(bn); +- for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) { +- xmlSecAssert2(data != NULL, -1); ++ if(delta > 0) { ++ for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) { ++ xmlSecAssert2(data != NULL, -1); + +- over += data[--i]; +- data[i] = over % 256; +- over = over / 256; +- } ++ tmp = data[--i]; ++ over += tmp; ++ data[i] = over % 256; ++ over = over / 256; ++ } + +- while(over > 0) { +- ch = over % 256; +- over = over / 256; ++ while(over > 0) { ++ ch = over % 256; ++ over = over / 256; + +- ret = xmlSecBufferPrepend(bn, &ch, 1); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecBufferPrepend", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=1"); +- return (-1); +- } ++ ret = xmlSecBufferPrepend(bn, &ch, 1); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBufferPrepend", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "size=1"); ++ return (-1); ++ } ++ } ++ } else { ++ for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) { ++ xmlSecAssert2(data != NULL, -1); ++ ++ tmp = data[--i]; ++ if(tmp < over) { ++ data[i] = 0; ++ over = (over - tmp) / 256; ++ } else { ++ data[i] = tmp - over; ++ over = 0; ++ } ++ } + } +- + return(0); + } + +@@ -787,7 +944,7 @@ + } + + if(addLineBreaks) { +- xmlNodeAddContent(cur, BAD_CAST "\n"); ++ xmlNodeAddContent(cur, xmlSecStringCR); + } + + switch(format) { +@@ -833,7 +990,7 @@ + } + + if(addLineBreaks) { +- xmlNodeAddContent(cur, BAD_CAST "\n"); ++ xmlNodeAddContent(cur, xmlSecStringCR); + } + + return(0); +--- misc/xmlsec1-1.2.6/src/dl.c 2003-10-29 16:57:20.000000000 +0100 ++++ misc/build/xmlsec1-1.2.6/src/dl.c 2008-06-29 23:44:19.000000000 +0200 +@@ -329,6 +329,10 @@ + xmlSecCryptoDLInit(void) { + int ret; + ++ /* use xmlMalloc/xmlFree */ ++ xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; ++ xmlsec_lt_dlfree = xmlSecCryptoDLFree; ++ + ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass()); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -350,9 +354,6 @@ + } + /* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */ + +- /* use xmlMalloc/xmlFree */ +- xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; +- xmlsec_lt_dlfree = xmlSecCryptoDLFree; + return(0); + } + +--- misc/xmlsec1-1.2.6/src/mscrypto/Makefile.in 2008-06-29 23:44:40.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/Makefile.in 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,178 @@ +-dummy ++# Makefile.in generated by automake 1.8.3 from Makefile.am. ++# @configure_input@ ++ ++# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, ++# 2003, 2004 Free Software Foundation, Inc. ++# This Makefile.in is free software; the Free Software Foundation ++# gives unlimited permission to copy and/or distribute it, ++# with or without modifications, as long as this notice is preserved. ++ ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY, to the extent permitted by law; without ++# even the implied warranty of MERCHANTABILITY or FITNESS FOR A ++# PARTICULAR PURPOSE. ++ ++@SET_MAKE@ ++ ++srcdir = @srcdir@ ++top_srcdir = @top_srcdir@ ++top_builddir = ../.. ++LTLIBRARIES = $(lib_LTLIBRARIES) ++am__DEPENDENCIES_1 = ++libxmlsec1_mscrypto_la_DEPENDENCIES = ../libxmlsec1.la \ ++ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ ++ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) ++am__objects_1 = ++am_libxmlsec1_mscrypto_la_OBJECTS = akmngr.lo app.lo certkeys.lo ciphers.lo crypto.lo \ ++ digests.lo keysstore.lo kt_rsa.lo signatures.lo symkeys.lo \ ++ x509.lo x509vfy.lo $(am__objects_1) ++libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS) ++DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) ++depcomp = $(SHELL) $(top_srcdir)/depcomp ++@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/certkeys.Plo \ ++@AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ ++@AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/keysstore.Plo \ ++@AMDEP_TRUE@ ./$(DEPDIR)/kt_rsa.Plo ./$(DEPDIR)/signatures.Plo \ ++@AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ ++@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo ++COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ ++ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++CCLD = $(CC) ++LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++CC = @CC@ ++CCDEPMODE = @CCDEPMODE@ ++CFLAGS = @CFLAGS@ ++CPPFLAGS = @CPPFLAGS@ ++CYGPATH_W = @CYGPATH_W@ ++DEFS = @DEFS@ ++DEPDIR = @DEPDIR@ ++LDFLAGS = @LDFLAGS@ ++LIBS = @LIBS@ ++LIBTOOL = @LIBTOOL@ ++LIBXML_CFLAGS = @LIBXML_CFLAGS@ ++LIBXML_LIBS = @LIBXML_LIBS@ ++MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@ ++MSCRYPTO_LIBS = @MSCRYPTO_LIBS@ ++OBJEXT = @OBJEXT@ ++SHELL = @SHELL@ ++XMLSEC_DEFINES = @XMLSEC_DEFINES@ ++exec_prefix = @exec_prefix@ ++libdir = @libdir@ ++prefix = @prefix@ ++NULL = ++ ++INCLUDES = \ ++ -DPACKAGE=\"@PACKAGE@\" \ ++ -I$(top_srcdir) \ ++ -I$(top_srcdir)/include \ ++ $(XMLSEC_DEFINES) \ ++ $(MSCRYPTO_CFLAGS) \ ++ $(LIBXSLT_CFLAGS) \ ++ $(LIBXML_CFLAGS) \ ++ $(NULL) ++ ++lib_LTLIBRARIES = \ ++ libxmlsec1-mscrypto.la \ ++ $(NULL) ++ ++libxmlsec1_mscrypto_la_LIBADD = \ ++ ../libxmlsec1.la \ ++ $(MSCRYPTO_LIBS) \ ++ $(LIBXSLT_LIBS) \ ++ $(LIBXML_LIBS) \ ++ $(NULL) ++ ++libxmlsec1_mscrypto_la_LDFLAGS = \ ++ -version-info @XMLSEC_VERSION_INFO@ \ ++ $(NULL) ++ ++all: all-am ++ ++.SUFFIXES: ++.SUFFIXES: .c .lo .o .obj ++ ++clean-libLTLIBRARIES: ++ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) ++ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ ++ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ ++ test "$$dir" = "$$p" && dir=.; \ ++ echo "rm -f \"$${dir}/so_locations\""; \ ++ rm -f "$${dir}/so_locations"; \ ++ done ++libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES) ++ $(LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_LDFLAGS) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS) ++ ++mostlyclean-compile: ++ -rm -f *.$(OBJEXT) ++ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certkeys.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509vfy.Plo@am__quote@ ++ ++.c.o: ++@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ ++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++ ++.c.obj: ++@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ ++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++ ++.c.lo: ++@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ ++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++ ++mostlyclean-libtool: ++ -rm -f *.lo ++ ++clean-libtool: ++ -rm -rf .libs _libs ++ ++all-am: Makefile $(LTLIBRARIES) ++ ++mostlyclean-generic: ++ ++clean-generic: ++ ++clean: clean-am ++ ++clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ ++ mostlyclean-am ++ ++mostlyclean: mostlyclean-am ++ ++mostlyclean-am: mostlyclean-compile mostlyclean-generic \ ++ mostlyclean-libtool ++ ++.PHONY: all all-am clean clean-generic \ ++ clean-libLTLIBRARIES clean-libtool \ ++ maintainer-clean-generic mostlyclean mostlyclean-compile \ ++ mostlyclean-generic mostlyclean-libtool ++ ++# Tell versions [3.59,3.63) of GNU make to not export all variables. ++# Otherwise a system limit (for SysV at least) may be exceeded. ++.NOEXPORT: +--- misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2008-06-29 23:44:39.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,235 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright......................... ++ */ ++#include "globals.h" ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++#include <xmlsec/errors.h> ++ ++#include <xmlsec/mscrypto/crypto.h> ++#include <xmlsec/mscrypto/keysstore.h> ++#include <xmlsec/mscrypto/akmngr.h> ++#include <xmlsec/mscrypto/x509.h> ++ ++/** ++ * xmlSecMSCryptoAppliedKeysMngrCreate: ++ * @hKeyStore: the pointer to key store. ++ * @hCertStore: the pointer to certificate database. ++ * ++ * Create and load key store and certificate database into keys manager ++ * ++ * Returns keys manager pointer on success or NULL otherwise. ++ */ ++xmlSecKeysMngrPtr ++xmlSecMSCryptoAppliedKeysMngrCreate( ++ HCERTSTORE hKeyStore , ++ HCERTSTORE hCertStore ++) { ++ xmlSecKeyDataStorePtr certStore = NULL ; ++ xmlSecKeysMngrPtr keyMngr = NULL ; ++ xmlSecKeyStorePtr keyStore = NULL ; ++ ++ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; ++ if( keyStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyStoreCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * At present, MS Crypto engine do not provide a way to setup a key store. ++ */ ++ if( keyStore != NULL ) { ++ /*TODO: binding key store.*/ ++ } ++ ++ keyMngr = xmlSecKeysMngrCreate() ; ++ if( keyMngr == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Add key store to manager, from now on keys manager destroys the store if ++ * needed ++ */ ++ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecKeysMngrAdoptKeyStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Initialize crypto library specific data in keys manager ++ */ ++ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecMSCryptoKeysMngrInit" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Set certificate databse to X509 key data store ++ */ ++ /*- ++ * At present, MS Crypto engine do not provide a way to setup a cert store. ++ */ ++ ++ /*- ++ * Set the getKey callback ++ */ ++ keyMngr->getKey = xmlSecKeysMngrGetKey ; ++ ++ return keyMngr ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY symKey ++) { ++ /*TODO: import the key into keys manager.*/ ++ return(0) ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY pubKey ++) { ++ /*TODO: import the key into keys manager.*/ ++ return(0) ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ HCRYPTKEY priKey ++) { ++ /*TODO: import the key into keys manager.*/ ++ return(0) ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE keyStore ++) { ++ xmlSecKeyDataStorePtr x509Store ; ++ ++ xmlSecAssert2( mngr != NULL, -1 ) ; ++ xmlSecAssert2( keyStore != NULL, -1 ) ; ++ ++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ++ if( x509Store == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetDataStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ++ "xmlSecMSCryptoX509StoreAdoptKeyStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ return( 0 ) ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE trustedStore ++) { ++ xmlSecKeyDataStorePtr x509Store ; ++ ++ xmlSecAssert2( mngr != NULL, -1 ) ; ++ xmlSecAssert2( trustedStore != NULL, -1 ) ; ++ ++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ++ if( x509Store == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetDataStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ++ "xmlSecMSCryptoX509StoreAdoptKeyStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ return( 0 ) ; ++} ++ ++int ++xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( ++ xmlSecKeysMngrPtr mngr , ++ HCERTSTORE untrustedStore ++) { ++ xmlSecKeyDataStorePtr x509Store ; ++ ++ xmlSecAssert2( mngr != NULL, -1 ) ; ++ xmlSecAssert2( untrustedStore != NULL, -1 ) ; ++ ++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ++ if( x509Store == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetDataStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ++ "xmlSecMSCryptoX509StoreAdoptKeyStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ) ; ++ } ++ ++ return( 0 ) ; ++} ++ +--- misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2004-03-17 06:06:43.000000000 +0100 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2008-06-29 23:44:19.000000000 +0200 +@@ -41,6 +41,7 @@ + * a public key from xml document is provided, we need HCRYPTKEY.... The focus + * now is however directed to certificates. Wouter + */ ++/** replaced by a wrapper style for WINNT 4.0 + struct _xmlSecMSCryptoKeyDataCtx { + HCRYPTPROV hProv; + BOOL fCallerFreeProv; +@@ -51,6 +52,124 @@ + HCRYPTKEY hKey; + xmlSecKeyDataType type; + }; ++*/ ++/*- ++ * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is ++ * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support ++ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 ++ */ ++struct _mscrypt_key { ++ HCRYPTKEY hKey ; ++ int refcnt ; ++} ; ++ ++/*- ++ * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is ++ * the same as CryptContextAddRef. Because the CryptContextAddRef is not support ++ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 ++ */ ++struct _mscrypt_prov { ++ HCRYPTPROV hProv ; ++ BOOL freeprov ; ++ int refcnt ; ++} ; ++ ++struct _xmlSecMSCryptoKeyDataCtx { ++ struct _mscrypt_prov* p_prov ; ++ LPCTSTR providerName; ++ DWORD providerType; ++ PCCERT_CONTEXT pCert; ++ DWORD dwKeySpec; ++ struct _mscrypt_key* p_key ; ++ xmlSecKeyDataType type; ++}; ++ ++struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) { ++ struct _mscrypt_key* pkey ; ++ ++ pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ; ++ if( pkey == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ "mscrypt_create_key" , ++ NULL , ++ XMLSEC_ERRORS_R_MALLOC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ++ ) ; ++ } ++ ++ pkey->hKey = key ; ++ pkey->refcnt = 1 ; ++ ++ return pkey ; ++} ++ ++struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) { ++ if( key ) ++ key->refcnt ++ ; ++ ++ return key ; ++} ++ ++int mscrypt_release_key( struct _mscrypt_key* key ) { ++ if( key ) { ++ key->refcnt -- ; ++ if( !key->refcnt ) { ++ if( key->hKey ) { ++ CryptDestroyKey( key->hKey ) ; ++ key->hKey = 0 ; ++ } ++ xmlFree( key ) ; ++ } else { ++ return key->refcnt ; ++ } ++ } ++ ++ return 0 ; ++} ++ ++struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) { ++ struct _mscrypt_prov* pprov ; ++ ++ pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ; ++ if( pprov == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ "mscrypt_create_prov" , ++ NULL , ++ XMLSEC_ERRORS_R_MALLOC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ++ ) ; ++ } ++ ++ pprov->hProv = prov ; ++ pprov->freeprov = callerFree ; ++ pprov->refcnt = 1 ; ++ ++ return pprov ; ++} ++ ++struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) { ++ if( prov ) ++ prov->refcnt ++ ; ++ ++ return prov ; ++} ++ ++int mscrypt_release_prov( struct _mscrypt_prov* prov ) { ++ if( prov ) { ++ prov->refcnt -- ; ++ if( !prov->refcnt ) { ++ if( prov->hProv && prov->freeprov ) { ++ CryptReleaseContext( prov->hProv, 0 ) ; ++ prov->hProv = 0 ; ++ } ++ xmlFree( prov ) ; ++ } else { ++ return prov->refcnt ; ++ } ++ } ++ ++ return 0 ; ++} + + /****************************************************************************** + * +@@ -88,24 +207,20 @@ + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + +- if (ctx->hKey != 0) { +- CryptDestroyKey(ctx->hKey); +- ctx->hKey = 0; +- } ++ if( ctx->p_key != 0 ) { ++ mscrypt_release_key( ctx->p_key ) ; ++ } ++ ctx->p_key = mscrypt_create_key( 0 ) ; + + if(ctx->pCert != NULL) { + CertFreeCertificateContext(ctx->pCert); + ctx->pCert = NULL; + } + +- if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) { +- CryptReleaseContext(ctx->hProv, 0); +- ctx->hProv = 0; +- ctx->fCallerFreeProv = FALSE; +- } else { +- ctx->hProv = 0; +- ctx->fCallerFreeProv = FALSE; +- } ++ if( ( ctx->p_prov ) ) { ++ mscrypt_release_prov( ctx->p_prov ) ; ++ } ++ ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ; + + ctx->type = type; + +@@ -116,9 +231,9 @@ + if (!CryptAcquireCertificatePrivateKey(pCert, + CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, + NULL, +- &(ctx->hProv), ++ &(ctx->p_prov->hProv), + &(ctx->dwKeySpec), +- &(ctx->fCallerFreeProv))) { ++ &(ctx->p_prov->freeprov))) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptAcquireCertificatePrivateKey", +@@ -127,46 +242,39 @@ + return(-1); + } + } else if((type & xmlSecKeyDataTypePublic) != 0){ +- if (!CryptAcquireContext(&(ctx->hProv), ++ if (!CryptAcquireContext(&(ctx->p_prov->hProv), + NULL, +- ctx->providerName, ++ NULL, /*AF: replaces "ctx->providerName" with "NULL" */ + ctx->providerType, + CRYPT_VERIFYCONTEXT)) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CryptAcquireContext", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- ctx->dwKeySpec = 0; +- ctx->fCallerFreeProv = TRUE; ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "CryptAcquireContext", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ctx->dwKeySpec = 0; ++ ctx->p_prov->freeprov = TRUE; ++ ++ if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv, ++ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ++ &(pCert->pCertInfo->SubjectPublicKeyInfo), ++ &(ctx->p_key->hKey) ) ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "CryptImportPublicKeyInfo", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } + } else { +- xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "Unsupported keytype"); +- return(-1); +- } +- +- /* CryptImportPublicKeyInfo is only needed when a real key handle +- * is needed. The key handle is needed for de/encrypting and for +- * verifying of a signature, *not* for signing. We could call +- * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead +- * so no unnessecary calls to CryptImportPublicKeyInfo are being +- * made. WK +- */ +- if(!CryptImportPublicKeyInfo(ctx->hProv, +- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, +- &(pCert->pCertInfo->SubjectPublicKeyInfo), +- &(ctx->hKey))) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CryptImportPublicKeyInfo", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); ++ return(-1); + } + ctx->pCert = pCert; + +@@ -190,29 +298,26 @@ + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + +- if(ctx->hKey != 0) { +- CryptDestroyKey(ctx->hKey); +- ctx->hKey = 0; +- } ++ if( ctx->p_key != 0 ) { ++ mscrypt_release_key( ctx->p_key ) ; ++ ctx->p_key = NULL ; ++ } + + if(ctx->pCert != NULL) { + CertFreeCertificateContext(ctx->pCert); + ctx->pCert = NULL; + } + +- if((ctx->hProv != 0) && ctx->fCallerFreeProv) { +- CryptReleaseContext(ctx->hProv, 0); +- ctx->hProv = 0; +- ctx->fCallerFreeProv = FALSE; +- } else { +- ctx->hProv = 0; +- ctx->fCallerFreeProv = FALSE; +- } ++ if( ( ctx->p_prov ) ) { ++ mscrypt_release_prov( ctx->p_prov ) ; ++ ctx->p_prov = NULL ; ++ } else { ++ ctx->p_prov = NULL ; ++ } + +- ctx->hProv = hProv; +- ctx->fCallerFreeProv = fCallerFreeProv; ++ ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ; + ctx->dwKeySpec = dwKeySpec; +- ctx->hKey = hKey; ++ ctx->p_key = mscrypt_create_key( hKey ) ; + ctx->type = type; + + return(0); +@@ -238,7 +343,7 @@ + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, 0); + +- return(ctx->hKey); ++ return( ctx->p_key ? ctx->p_key->hKey : 0 ); + } + + /** +@@ -273,7 +378,7 @@ + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, 0); + +- return(ctx->hProv); ++ return( ctx->p_prov ? ctx->p_prov->hProv : 0 ); + } + + DWORD +@@ -316,25 +421,36 @@ + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } +- } +- +- if (ctxSrc->hKey != 0) { +- if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), +- "CryptDuplicateKey", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } + } +- if(ctxSrc->hProv != 0) { +- CryptContextAddRef(ctxSrc->hProv, NULL, 0); +- ctxDst->hProv = ctxSrc->hProv; +- ctxDst->fCallerFreeProv = TRUE; +- } else { +- ctxDst->hProv = 0; +- ctxDst->fCallerFreeProv = FALSE; ++ ++ if( ctxSrc->p_key ) { ++ if( ctxDst->p_key ) ++ mscrypt_release_key( ctxDst->p_key ) ; ++ ++ ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ; ++ if( !ctxDst->p_key ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), ++ "mscrypt_acquire_key", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ } ++ ++ if( ctxSrc->p_prov ) { ++ if( ctxDst->p_prov ) ++ mscrypt_release_prov( ctxDst->p_prov ) ; ++ ++ ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ; ++ if( !ctxDst->p_prov ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), ++ "mscrypt_acquire_prov", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } + } + + ctxDst->dwKeySpec = ctxSrc->dwKeySpec; +@@ -355,16 +471,16 @@ + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert(ctx != NULL); + +- if (ctx->hKey != 0) { +- CryptDestroyKey(ctx->hKey); ++ if( ctx->p_key ) { ++ mscrypt_release_key( ctx->p_key ) ; + } + + if(ctx->pCert != NULL) { + CertFreeCertificateContext(ctx->pCert); + } + +- if ((ctx->hProv != 0) && ctx->fCallerFreeProv) { +- CryptReleaseContext(ctx->hProv, 0); ++ if( ctx->p_prov ) { ++ mscrypt_release_prov( ctx->p_prov ) ; + } + + memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); +@@ -384,14 +500,14 @@ + xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); + return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); +- } else if (ctx->hKey != 0) { ++ } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) { + DWORD length = 0; + DWORD lenlen = sizeof(DWORD); +- +- if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { ++ ++ if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +- "CertDuplicateCertificateContext", ++ "CryptGetKeyParam", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(0); +@@ -581,7 +697,11 @@ + static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output); + static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecMSCryptoKeyDataSize, + +@@ -938,9 +1058,10 @@ + + ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->hKey != 0, -1); ++ xmlSecAssert2(ctx->p_key != 0, -1); ++ xmlSecAssert2(ctx->p_key->hKey != 0, -1); + +- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { ++ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +@@ -960,7 +1081,7 @@ + } + + blob = xmlSecBufferGetData(&buf); +- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { ++ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +@@ -1295,7 +1416,11 @@ + static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecMSCryptoKeyDataSize, + +@@ -1797,9 +1922,10 @@ + + ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->hKey != 0, -1); ++ xmlSecAssert2(ctx->p_key != 0, -1); ++ xmlSecAssert2(ctx->p_key->hKey != 0, -1); + +- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { ++ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +@@ -1819,7 +1945,7 @@ + } + + blob = xmlSecBufferGetData(&buf); +- if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { ++ if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +@@ -2010,7 +2136,6 @@ + HCRYPTKEY hKey = 0; + DWORD dwKeySpec; + DWORD dwSize; +- int res = -1; + int ret; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown); +@@ -2043,12 +2168,14 @@ + dwKeySpec = AT_SIGNATURE; + dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); + if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { +- xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CryptGenKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +- goto done; ++ if (hProv != 0) ++ CryptReleaseContext(hProv, 0); ++ return -1 ; + } + + ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, +@@ -2059,24 +2186,17 @@ + "xmlSecMSCryptoKeyDataAdoptKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- hProv = 0; +- hKey = 0; ++ if( hKey != 0 ) ++ CryptDestroyKey( hKey ) ; ++ if( hProv != 0 ) ++ CryptReleaseContext( hProv, 0 ) ; + +- /* success */ +- res = 0; +- +-done: +- if (hProv != 0) { +- CryptReleaseContext(ctx->hProv, 0); ++ return -1 ; + } ++ hProv = 0 ; ++ hKey = 0 ; + +- if (hKey != 0) { +- CryptDestroyKey(hKey); +- } +- +- return(res); ++ return 0 ; + } + + static xmlSecKeyDataType +--- misc/xmlsec1-1.2.6/src/mscrypto/ciphers.c 2003-09-26 08:12:51.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/ciphers.c 2008-06-29 23:44:19.000000000 +0200 +@@ -785,7 +785,11 @@ + * AES CBC cipher transforms + * + ********************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ +@@ -824,7 +828,11 @@ + return(&xmlSecMSCryptoAes128CbcKlass); + } + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ +@@ -863,7 +871,11 @@ + return(&xmlSecMSCryptoAes192CbcKlass); + } + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ +@@ -906,7 +918,11 @@ + + + #ifndef XMLSEC_NO_DES ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCryptoBlockCipherSize, /* size_t objSize */ +--- misc/xmlsec1-1.2.6/src/mscrypto/crypto.c 2003-11-12 03:38:51.000000000 +0100 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c 2008-06-29 23:44:19.000000000 +0200 +@@ -330,13 +330,15 @@ + BYTE* + xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { + BYTE* str = NULL; +- ++ LPCTSTR ppszError = NULL; ++ + xmlSecAssert2(pszX500 != NULL, NULL); + xmlSecAssert2(len != NULL, NULL); + + if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, +- NULL, NULL, len, NULL)) { ++ NULL, NULL, len, &ppszError)) { + /* this might not be an error, string might just not exist */ ++ DWORD dw = GetLastError(); + return(NULL); + } + +--- misc/xmlsec1-1.2.6/src/mscrypto/digests.c 2003-09-30 04:09:51.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/digests.c 2008-06-29 23:44:19.000000000 +0200 +@@ -96,12 +96,15 @@ + + /* TODO: Check what provider is best suited here.... */ + if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- NULL, +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); ++ //#i57942# This is also committed in rev 1.4 of this file in the xmlsec project ++ if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ++ NULL, ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ } ++ return(0); + } + + return(0); +@@ -298,7 +301,11 @@ + * SHA1 + * + *****************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCryptoDigestSize, /* size_t objSize */ +--- misc/xmlsec1-1.2.6/src/mscrypto/keysstore.c 2003-09-27 05:12:22.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/keysstore.c 2008-06-29 23:44:19.000000000 +0200 +@@ -62,7 +62,11 @@ + const xmlChar* name, + xmlSecKeyInfoCtxPtr keyInfoCtx); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { ++#else + static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { ++#endif + sizeof(xmlSecKeyStoreKlass), + xmlSecMSCryptoKeysStoreSize, + +--- misc/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c 2003-09-26 22:29:25.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c 2008-06-29 23:44:19.000000000 +0200 +@@ -66,7 +66,11 @@ + static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform, + xmlSecTransformCtxPtr transformCtx); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.6/src/mscrypto/signatures.c 2003-09-26 22:29:25.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/signatures.c 2008-06-29 23:44:19.000000000 +0200 +@@ -483,7 +483,11 @@ + * RSA-SHA1 signature transform + * + ***************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ +@@ -531,7 +535,11 @@ + * + ***************************************************************************/ + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.6/src/mscrypto/symkeys.c 2003-09-26 02:58:13.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/symkeys.c 2008-06-29 23:44:19.000000000 +0200 +@@ -72,7 +72,11 @@ + * <xmlsec:AESKeyValue> processing + * + *************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecKeyDataBinarySize, + +@@ -153,7 +157,11 @@ + * <xmlsec:DESKeyValue> processing + * + *************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecKeyDataBinarySize, + +--- misc/xmlsec1-1.2.6/src/mscrypto/x509.c 2003-09-26 02:58:13.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c 2008-06-29 23:44:19.000000000 +0200 +@@ -240,7 +240,11 @@ + + + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecMSCryptoX509DataSize, + +@@ -1572,6 +1576,7 @@ + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecMSCryptoX509DataCtxPtr ctx; + xmlSecKeyDataStorePtr x509Store; ++ PCCERT_CONTEXT pCert ; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1); +@@ -1610,6 +1615,53 @@ + return(-1); + } + ++ /* ++ * I'll search key according to KeyReq. ++ */ ++ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; ++ if( pCert == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "CertDuplicateCertificateContext", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ ++ return(-1); ++ } ++ ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ++ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; ++ if(keyValue == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "xmlSecMSCryptoCertAdopt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ ++ CertFreeCertificateContext( pCert ) ; ++ return(-1); ++ } ++ pCert = NULL ; ++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { ++ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; ++ if(keyValue == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "xmlSecMSCryptoCertAdopt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ ++ CertFreeCertificateContext( pCert ) ; ++ return(-1); ++ } ++ pCert = NULL ; ++ } ++ ++ ++ ++ /*- ++ * Get Public key from cert, which does not always work for sign action. ++ * + keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert); + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -1619,6 +1671,51 @@ + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } ++ */ ++ ++ /*- ++ * I'll search key according to KeyReq. ++ */ ++ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; ++ if( pCert == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "CertDuplicateCertificateContext", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ ++ return(-1); ++ } ++ ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ++ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; ++ if(keyValue == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "xmlSecMSCryptoCertAdopt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ ++ CertFreeCertificateContext( pCert ) ; ++ return(-1); ++ } ++ pCert = NULL ; ++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { ++ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; ++ if(keyValue == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "xmlSecMSCryptoCertAdopt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ ++ CertFreeCertificateContext( pCert ) ; ++ return(-1); ++ } ++ pCert = NULL ; ++ } ++ ++ + + /* verify that the key matches our expectations */ + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { +@@ -1882,7 +1979,7 @@ + xmlSecAssert2(nm->pbData != NULL, NULL); + xmlSecAssert2(nm->cbData > 0, NULL); + +- csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0); ++ csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0); + str = (char *)xmlMalloc(csz); + if (NULL == str) { + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -1893,7 +1990,7 @@ + return (NULL); + } + +- csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz); ++ csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz); + if (csz < 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +@@ -1904,17 +2001,37 @@ + return(NULL); + } + +- res = xmlStrdup(BAD_CAST str); +- if(res == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlStrdup", +- XMLSEC_ERRORS_R_MALLOC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- xmlFree(str); +- return(NULL); ++ /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead. ++ * don't ask me how is it possible not to read something you wrote yourself but also ++ * see comment in the xmlSecMSCryptoX509FindCert function. ++ */ ++ if(strncmp(str, "E=", 2) == 0) { ++ res = xmlMalloc(strlen(str) + 13 + 1); ++ if(res == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlMalloc", ++ XMLSEC_ERRORS_R_MALLOC_FAILED, ++ "size=%d", ++ strlen(str) + 13 + 1); ++ xmlFree(str); ++ return(NULL); ++ } ++ ++ memcpy(res, "emailAddress=", 13); ++ strcpy(res + 13, BAD_CAST (str + 2)); ++ } else { ++ res = xmlStrdup(BAD_CAST str); ++ if(res == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlStrdup", ++ XMLSEC_ERRORS_R_MALLOC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlFree(str); ++ return(NULL); ++ } + } +- + xmlFree(str); + return(res); + } +@@ -2153,7 +2270,11 @@ + xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { ++#else + static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + sizeof(xmlSecKeyData), + +--- misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2003-09-27 05:12:22.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2008-06-29 23:44:19.000000000 +0200 +@@ -70,7 +70,11 @@ + static xmlSecByte * xmlSecMSCryptoX509NameRead (xmlSecByte *str, + int len); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { ++#else + static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { ++#endif + sizeof(xmlSecKeyDataStoreKlass), + xmlSecMSCryptoX509StoreSize, + +@@ -125,6 +129,7 @@ + xmlChar *issuerName, xmlChar *issuerSerial, + xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { + xmlSecMSCryptoX509StoreCtxPtr ctx; ++ PCCERT_CONTEXT pCert ; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); +@@ -132,10 +137,17 @@ + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, NULL); + xmlSecAssert2(ctx->untrusted != NULL, NULL); ++ xmlSecAssert2(ctx->trusted != NULL, NULL); + +- return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski)); +-} ++ pCert = NULL ; ++ if( ctx->untrusted != NULL ) ++ pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ; ++ ++ if( ctx->trusted != NULL && pCert == NULL ) ++ pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ; + ++ return( pCert ) ; ++} + + static void + xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { +@@ -252,17 +264,22 @@ + } + + static BOOL +-xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs, +- xmlSecKeyInfoCtx* keyInfoCtx) { ++xmlSecMSCryptoX509StoreConstructCertsChain( ++ xmlSecKeyDataStorePtr store , ++ PCCERT_CONTEXT cert , ++ HCERTSTORE certStore , ++ xmlSecKeyInfoCtx* keyInfoCtx ++) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + PCCERT_CONTEXT issuerCert = NULL; + FILETIME fTime; + DWORD flags; ++ BOOL selfSigned ; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); + xmlSecAssert2(cert != NULL, FALSE); + xmlSecAssert2(cert->pCertInfo != NULL, FALSE); +- xmlSecAssert2(certs != NULL, FALSE); ++ xmlSecAssert2(certStore != NULL, FALSE); + xmlSecAssert2(keyInfoCtx != NULL, FALSE); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); +@@ -283,60 +300,85 @@ + return(FALSE); + } + +- if (!xmlSecMSCryptoCheckRevocation(certs, cert)) { ++ if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) { + return(FALSE); + } + +- /* try the untrusted certs in the chain */ +- issuerCert = CertFindCertificateInStore(certs, ++ /*- ++ * Firstly try to find the cert in the trusted cert store. We will trust ++ * the certificate in the trusted store. ++ */ ++ issuerCert = CertFindCertificateInStore(ctx->trusted, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_NAME, +- &(cert->pCertInfo->Issuer), ++ &(cert->pCertInfo->Subject), + NULL); +- if(issuerCert == cert) { +- /* self signed cert, forget it */ +- CertFreeCertificateContext(issuerCert); +- } else if(issuerCert != NULL) { +- flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; +- if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { +- xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); +- CertFreeCertificateContext(issuerCert); +- return(FALSE); +- } +- if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { +- xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); +- CertFreeCertificateContext(issuerCert); +- return(FALSE); +- } +- CertFreeCertificateContext(issuerCert); +- return(TRUE); ++ if( issuerCert != NULL ) { ++ /* We have found the trusted cert, so return true */ ++ CertFreeCertificateContext( issuerCert ) ; ++ return( TRUE ) ; + } + +- /* try the untrusted certs in the store */ +- issuerCert = CertFindCertificateInStore(ctx->untrusted, ++ /* Check whether the certificate is self signed certificate */ ++ selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ; ++ ++ /* try the untrusted certs in the chain */ ++ if( !selfSigned ) { ++ issuerCert = CertFindCertificateInStore(certStore, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_NAME, + &(cert->pCertInfo->Issuer), + NULL); +- if(issuerCert == cert) { +- /* self signed cert, forget it */ +- CertFreeCertificateContext(issuerCert); +- } else if(issuerCert != NULL) { +- flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; +- if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { +- xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); +- CertFreeCertificateContext(issuerCert); +- return(FALSE); +- } +- if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { +- CertFreeCertificateContext(issuerCert); +- return(FALSE); ++ if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { ++ /* self signed cert, forget it */ ++ CertFreeCertificateContext(issuerCert); ++ } else if(issuerCert != NULL) { ++ flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; ++ if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { ++ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ++ CertFreeCertificateContext(issuerCert); ++ return(FALSE); ++ } ++ if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { ++ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ++ CertFreeCertificateContext(issuerCert); ++ return(FALSE); ++ } ++ ++ CertFreeCertificateContext(issuerCert); ++ return(TRUE); ++ } ++ } ++ ++ /* try the untrusted certs in the store */ ++ if( !selfSigned ) { ++ issuerCert = CertFindCertificateInStore(ctx->untrusted, ++ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ++ 0, ++ CERT_FIND_SUBJECT_NAME, ++ &(cert->pCertInfo->Issuer), ++ NULL); ++ if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { ++ /* self signed cert, forget it */ ++ CertFreeCertificateContext(issuerCert); ++ } else if(issuerCert != NULL) { ++ flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; ++ if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { ++ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ++ CertFreeCertificateContext(issuerCert); ++ return(FALSE); ++ } ++ if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { ++ CertFreeCertificateContext(issuerCert); ++ return(FALSE); ++ } ++ ++ CertFreeCertificateContext(issuerCert); ++ return(TRUE); ++ } + } +- CertFreeCertificateContext(issuerCert); +- return(TRUE); +- } + + /* try to find issuer cert in the trusted cert in the store */ + issuerCert = CertFindCertificateInStore(ctx->trusted, +@@ -379,26 +421,61 @@ + xmlSecAssert2(certs != NULL, NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); + +- while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){ +- PCCERT_CONTEXT nextCert = NULL; ++ while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) { ++ PCCERT_CONTEXT nextCert ; ++ unsigned char selected ; + +- xmlSecAssert2(cert->pCertInfo != NULL, NULL); ++ xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ; + +- /* if cert is the issuer of any other cert in the list, then it is +- * to be skipped */ +- nextCert = CertFindCertificateInStore(certs, ++ /* if cert is the issuer of any other cert in the list, then it is ++ * to be skipped except that the cert list only have one self-signed ++ * certificate. ++ */ ++ for( selected = 0, nextCert = NULL ; ; ) { ++ nextCert = CertFindCertificateInStore( certs, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_ISSUER_NAME, + &(cert->pCertInfo->Subject), +- NULL); +- if(nextCert != NULL) { +- CertFreeCertificateContext(nextCert); +- continue; +- } +- if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { +- return(cert); +- } ++ nextCert ) ; ++ if( nextCert != NULL ) { ++ if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) { ++ selected = 1 ; ++ continue ; ++ } else { ++ selected = 0 ; ++ break ; ++ } ++ } else { ++ selected = 1 ; ++ break ; ++ } ++ } ++ ++ if( nextCert != NULL ) ++ CertFreeCertificateContext( nextCert ) ; ++ ++ if( !selected ) { ++ continue ; ++ } ++ ++ /* JL: OpenOffice.org implements its own certificate verification routine. ++ The goal is to seperate validation of the signature ++ and the certificate. For example, OOo could show that the document signature is valid, ++ but the certificate could not be verified. If we do not prevent the verification of ++ the certificate by libxmlsec and the verification fails, then the XML signature will not be ++ verified. This would happen, for example, if the root certificate is not installed. ++ ++ In the store schould only be the certificate from the X509Certificate element ++ and the X509IssuerSerial element. The latter is only there ++ if the certificate is installed. Both certificates must be the same! ++ In case of writing the signature, the store contains only the certificate that ++ was created based on the information from the X509IssuerSerial element. */ ++ return cert; ++ ++/* if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) { ++ return( cert ) ; ++ } */ + } + + return (NULL); +@@ -458,9 +535,126 @@ + return(0); + } + ++int ++xmlSecMSCryptoX509StoreAdoptKeyStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE keyStore ++) { ++ xmlSecMSCryptoX509StoreCtxPtr ctx; ++ int ret; ++ ++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); ++ xmlSecAssert2( keyStore != NULL, -1); ++ ++ ctx = xmlSecMSCryptoX509StoreGetCtx(store); ++ xmlSecAssert2(ctx != NULL, -1); ++ xmlSecAssert2(ctx->trusted != NULL, -1); ++ ++ if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertAddStoreToCollection", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ { ++ PCCERT_CONTEXT ptCert ; ++ ++ ptCert = NULL ; ++ while( 1 ) { ++ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; ++ if( ptCert == NULL ) ++ break ; ++ } ++ } ++ ++ return(0); ++} ++ ++int ++xmlSecMSCryptoX509StoreAdoptTrustedStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE trustedStore ++) { ++ xmlSecMSCryptoX509StoreCtxPtr ctx; ++ int ret; ++ ++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); ++ xmlSecAssert2( trustedStore != NULL, -1); ++ ++ ctx = xmlSecMSCryptoX509StoreGetCtx(store); ++ xmlSecAssert2(ctx != NULL, -1); ++ xmlSecAssert2(ctx->trusted != NULL, -1); ++ ++ if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertAddStoreToCollection", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ { ++ PCCERT_CONTEXT ptCert ; ++ ++ ptCert = NULL ; ++ while( 1 ) { ++ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; ++ if( ptCert == NULL ) ++ break ; ++ } ++ } ++ ++ return(0); ++} ++ ++int ++xmlSecMSCryptoX509StoreAdoptUntrustedStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE untrustedStore ++) { ++ xmlSecMSCryptoX509StoreCtxPtr ctx; ++ int ret; ++ ++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); ++ xmlSecAssert2( untrustedStore != NULL, -1); ++ ++ ctx = xmlSecMSCryptoX509StoreGetCtx(store); ++ xmlSecAssert2(ctx != NULL, -1); ++ xmlSecAssert2(ctx->untrusted != NULL, -1); ++ ++ if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertAddStoreToCollection", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ { ++ PCCERT_CONTEXT ptCert ; ++ ++ ptCert = NULL ; ++ while( 1 ) { ++ ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ; ++ if( ptCert == NULL ) ++ break ; ++ } ++ } ++ ++ return(0); ++} ++ + static int + xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { + xmlSecMSCryptoX509StoreCtxPtr ctx; ++ HCERTSTORE hTrustedMemStore ; ++ HCERTSTORE hUntrustedMemStore ; ++ + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); +@@ -468,36 +662,104 @@ + + memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); + ++ /* create trusted certs store collection */ ++ ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, ++ 0, ++ NULL, ++ 0, ++ NULL); ++ if(ctx->trusted == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertOpenStore", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ + /* create trusted certs store */ +- ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY, ++ hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_STORE_CREATE_NEW_FLAG, + NULL); +- if(ctx->trusted == NULL) { ++ if(hTrustedMemStore == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertOpenStore", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); ++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ ctx->trusted = NULL ; + return(-1); + } + +- /* create trusted certs store */ +- ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY, ++ /* add the memory trusted certs store to trusted certs store collection */ ++ if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertAddStoreToCollection", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ++ ctx->trusted = NULL ; ++ return(-1); ++ } ++ CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ++ ++ /* create untrusted certs store collection */ ++ ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, ++ 0, ++ NULL, ++ 0, ++ NULL); ++ if(ctx->untrusted == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertOpenStore", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ ctx->trusted = NULL ; ++ return(-1); ++ } ++ ++ /* create untrusted certs store */ ++ hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_STORE_CREATE_NEW_FLAG, + NULL); +- if(ctx->untrusted == NULL) { ++ if(hUntrustedMemStore == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertOpenStore", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); ++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ ctx->trusted = NULL ; ++ ctx->untrusted = NULL ; + return(-1); + } + ++ /* add the memory trusted certs store to untrusted certs store collection */ ++ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertAddStoreToCollection", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ++ ctx->trusted = NULL ; ++ ctx->untrusted = NULL ; ++ return(-1); ++ } ++ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ++ + return(0); + } + +@@ -567,10 +829,41 @@ + + if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) { + xmlSecBn issuerSerialBn; ++ xmlChar * p; + CERT_NAME_BLOB cnb; ++ CRYPT_INTEGER_BLOB cib; + BYTE *cName = NULL; + DWORD cNameLen = 0; ++ ++ /* aleksey: for some unknown to me reasons, mscrypto wants Email ++ * instead of emailAddress. This code is not bullet proof and may ++ * produce incorrect results if someone has "emailAddress=" string ++ * in one of the fields, but it is best I can suggest to fix this problem. ++ * Also see xmlSecMSCryptoX509NameWrite function. ++ */ ++ while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) { ++ memcpy(p, " Email=", 13); ++ } ++ ++ ++ ++ /* get issuer name */ ++ cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ++ issuerName, ++ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ++ &cNameLen); ++ if(cName == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecMSCryptoCertStrToName", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return (NULL); ++ } ++ cnb.pbData = cName; ++ cnb.cbData = cNameLen; + ++ /* get serial number */ + ret = xmlSecBnInitialize(&issuerSerialBn, 0); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -578,6 +871,7 @@ + "xmlSecBnInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); ++ xmlFree(cName); + return(NULL); + } + +@@ -589,26 +883,30 @@ + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBnFinalize(&issuerSerialBn); +- return(NULL); ++ xmlFree(cName); ++ return(NULL); + } + +- cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, +- issuerName, +- CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, +- &cNameLen); +- if(cName == NULL) { ++ /* I have no clue why at a sudden a swap is needed to ++ * convert from lsb... This code is purely based upon ++ * trial and error :( WK ++ */ ++ ret = xmlSecBnReverse(&issuerSerialBn); ++ if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +- "xmlSecMSCryptoCertStrToName", ++ "xmlSecBnReverse", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBnFinalize(&issuerSerialBn); +- return (NULL); ++ xmlFree(cName); ++ return(NULL); + } + +- cnb.pbData = cName; +- cnb.cbData = cNameLen; +- while((pCert = CertFindCertificateInStore(store, ++ cib.pbData = xmlSecBufferGetData(&issuerSerialBn); ++ cib.cbData = xmlSecBufferGetSize(&issuerSerialBn); ++ ++ while((pCert = CertFindCertificateInStore(store, + PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, + 0, + CERT_FIND_ISSUER_NAME, +@@ -622,10 +920,9 @@ + if((pCert->pCertInfo != NULL) && + (pCert->pCertInfo->SerialNumber.pbData != NULL) && + (pCert->pCertInfo->SerialNumber.cbData > 0) && +- (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData, +- pCert->pCertInfo->SerialNumber.cbData))) { +- +- break; ++ (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE) ++ ) { ++ break; + } + } + xmlFree(cName); +--- misc/xmlsec1-1.2.6/src/nss/Makefile.am 2003-09-16 11:43:03.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/Makefile.am 2008-06-29 23:44:19.000000000 +0200 +@@ -20,21 +20,22 @@ + $(NULL) + + libxmlsec1_nss_la_SOURCES =\ ++ akmngr.c \ + app.c \ + bignum.c \ + ciphers.c \ + crypto.c \ + digests.c \ + hmac.c \ ++ keysstore.c \ ++ keytrans.c \ ++ keywrapers.c \ + pkikeys.c \ + signatures.c \ + symkeys.c \ ++ tokens.c \ + x509.c \ + x509vfy.c \ +- keysstore.c \ +- kt_rsa.c \ +- kw_des.c \ +- kw_aes.c \ + $(NULL) + + libxmlsec1_nss_la_LIBADD = \ +--- misc/xmlsec1-1.2.6/src/nss/Makefile.in 2004-08-26 08:00:32.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/Makefile.in 2008-06-29 23:44:19.000000000 +0200 +@@ -54,9 +54,9 @@ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + am__objects_1 = +-am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \ ++am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \ + digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ +- x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \ ++ x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \ + $(am__objects_1) + libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) + DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +@@ -65,11 +65,11 @@ + @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ +-@AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \ +-@AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \ ++@AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \ ++@AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ +-@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ++@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) + LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ +@@ -321,21 +321,22 @@ + $(NULL) + + libxmlsec1_nss_la_SOURCES = \ ++ akmngr.c \ + app.c \ + bignum.c \ + ciphers.c \ + crypto.c \ + digests.c \ + hmac.c \ ++ keysstore.c \ ++ keytrans.c \ ++ keywrappers.c \ + pkikeys.c \ + signatures.c \ + symkeys.c \ ++ tokens.c \ + x509.c \ + x509vfy.c \ +- keysstore.c \ +- kt_rsa.c \ +- kw_des.c \ +- kw_aes.c \ + $(NULL) + + libxmlsec1_nss_la_LIBADD = \ +@@ -418,6 +419,7 @@ + distclean-compile: + -rm -f *.tab.c + ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ +@@ -425,9 +427,9 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ +--- misc/xmlsec1-1.2.6/src/nss/akmngr.c 2008-06-29 23:44:39.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/akmngr.c 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,384 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright......................... ++ */ ++#include "globals.h" ++ ++#include <nspr.h> ++#include <nss.h> ++#include <pk11func.h> ++#include <cert.h> ++#include <keyhi.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++#include <xmlsec/errors.h> ++ ++#include <xmlsec/nss/crypto.h> ++#include <xmlsec/nss/tokens.h> ++#include <xmlsec/nss/akmngr.h> ++#include <xmlsec/nss/pkikeys.h> ++#include <xmlsec/nss/ciphers.h> ++#include <xmlsec/nss/keysstore.h> ++ ++/** ++ * xmlSecNssAppliedKeysMngrCreate: ++ * @slot: array of pointers to NSS PKCS#11 slot infomation. ++ * @cSlots: number of slots in the array ++ * @handler: the pointer to NSS certificate database. ++ * ++ * Create and load NSS crypto slot and certificate database into keys manager ++ * ++ * Returns keys manager pointer on success or NULL otherwise. ++ */ ++xmlSecKeysMngrPtr ++xmlSecNssAppliedKeysMngrCreate( ++ PK11SlotInfo** slots, ++ int cSlots, ++ CERTCertDBHandle* handler ++) { ++ xmlSecKeyDataStorePtr certStore = NULL ; ++ xmlSecKeysMngrPtr keyMngr = NULL ; ++ xmlSecKeyStorePtr keyStore = NULL ; ++ int islot = 0; ++ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; ++ if( keyStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyStoreCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return NULL ; ++ } ++ ++ for (islot = 0; islot < cSlots; islot++) ++ { ++ xmlSecNssKeySlotPtr keySlot ; ++ ++ /* Create a key slot */ ++ keySlot = xmlSecNssKeySlotCreate() ; ++ if( keySlot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecNssKeySlotCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ return NULL ; ++ } ++ ++ /* Set slot */ ++ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecNssKeySlotSetSlot" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ xmlSecNssKeySlotDestroy( keySlot ) ; ++ return NULL ; ++ } ++ ++ /* Adopt keySlot */ ++ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecNssKeysStoreAdoptKeySlot" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ xmlSecNssKeySlotDestroy( keySlot ) ; ++ return NULL ; ++ } ++ } ++ ++ keyMngr = xmlSecKeysMngrCreate() ; ++ if( keyMngr == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Add key store to manager, from now on keys manager destroys the store if ++ * needed ++ */ ++ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecKeysMngrAdoptKeyStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyStoreDestroy( keyStore ) ; ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Initialize crypto library specific data in keys manager ++ */ ++ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Set certificate databse to X509 key data store ++ */ ++ /** ++ * Because Tej's implementation of certDB use the default DB, so I ignore ++ * the certDB handler at present. I'll modify the cert store sources to ++ * accept particular certDB instead of default ones. ++ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; ++ if( certStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecKeysMngrGetDataStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ ++ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ++ "xmlSecNssKeyDataStoreX509SetCertDb" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeysMngrDestroy( keyMngr ) ; ++ return NULL ; ++ } ++ */ ++ ++ /*- ++ * Set the getKey callback ++ */ ++ keyMngr->getKey = xmlSecKeysMngrGetKey ; ++ ++ return keyMngr ; ++} ++ ++int ++xmlSecNssAppliedKeysMngrSymKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ PK11SymKey* symKey ++) { ++ xmlSecKeyPtr key ; ++ xmlSecKeyDataPtr data ; ++ xmlSecKeyStorePtr keyStore ; ++ ++ xmlSecAssert2( mngr != NULL , -1 ) ; ++ xmlSecAssert2( symKey != NULL , -1 ) ; ++ ++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ++ if( keyStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetKeysStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ++ ++ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ ++ key = xmlSecKeyCreate() ; ++ if( key == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecKeySetValue( key , data ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDestroy( key ) ; ++ return(-1) ; ++ } ++ ++ return(0) ; ++} ++ ++int ++xmlSecNssAppliedKeysMngrPubKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ SECKEYPublicKey* pubKey ++) { ++ xmlSecKeyPtr key ; ++ xmlSecKeyDataPtr data ; ++ xmlSecKeyStorePtr keyStore ; ++ ++ xmlSecAssert2( mngr != NULL , -1 ) ; ++ xmlSecAssert2( pubKey != NULL , -1 ) ; ++ ++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ++ if( keyStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetKeysStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ++ ++ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssPKIAdoptKey" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ ++ key = xmlSecKeyCreate() ; ++ if( key == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecKeySetValue( key , data ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDestroy( key ) ; ++ return(-1) ; ++ } ++ ++ return(0) ; ++} ++ ++int ++xmlSecNssAppliedKeysMngrPriKeyLoad( ++ xmlSecKeysMngrPtr mngr , ++ SECKEYPrivateKey* priKey ++) { ++ xmlSecKeyPtr key ; ++ xmlSecKeyDataPtr data ; ++ xmlSecKeyStorePtr keyStore ; ++ ++ xmlSecAssert2( mngr != NULL , -1 ) ; ++ xmlSecAssert2( priKey != NULL , -1 ) ; ++ ++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ++ if( keyStore == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeysMngrGetKeysStore" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ++ ++ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssPKIAdoptKey" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ ++ key = xmlSecKeyCreate() ; ++ if( key == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecKeySetValue( key , data ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataKeyAdopt" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDestroy( key ) ; ++ return(-1) ; ++ } ++ ++ return(0) ; ++} ++ +--- misc/xmlsec1-1.2.6/src/nss/ciphers.c 2003-09-26 02:58:15.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/ciphers.c 2008-06-29 23:44:19.000000000 +0200 +@@ -1,838 +1,967 @@ +-/** +- * XMLSec library +- * +- * This is free software; see Copyright file in the source +- * distribution for preciese wording. +- * +- * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> +- * Copyright (c) 2003 America Online, Inc. All rights reserved. +- */ ++/* -- C Source File -- **/ + #include "globals.h" + ++#include <stdlib.h> + #include <string.h> + +-#include <nspr.h> + #include <nss.h> +-#include <secoid.h> + #include <pk11func.h> + + #include <xmlsec/xmlsec.h> ++#include <xmlsec/xmltree.h> ++#include <xmlsec/base64.h> + #include <xmlsec/keys.h> ++#include <xmlsec/keyinfo.h> + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> ++#include <xmlsec/nss/ciphers.h> + +-#define XMLSEC_NSS_MAX_KEY_SIZE 32 +-#define XMLSEC_NSS_MAX_IV_SIZE 32 +-#define XMLSEC_NSS_MAX_BLOCK_SIZE 32 +- +-/************************************************************************** +- * +- * Internal Nss Block cipher CTX ++/** ++ * Internal Nss Block Cipher Context + * +- *****************************************************************************/ +-typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, +- *xmlSecNssBlockCipherCtxPtr; ++ * This context is designed for repositing a block cipher for transform ++ */ ++typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; ++typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; ++ + struct _xmlSecNssBlockCipherCtx { +- CK_MECHANISM_TYPE cipher; +- PK11Context* cipherCtx; +- xmlSecKeyDataId keyId; +- int keyInitialized; +- int ctxInitialized; +- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; +- xmlSecSize keySize; +- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; +- xmlSecSize ivSize; +-}; +-static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, +- xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx); +-static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, +- xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx); +-static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, +- xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx); +-static int +-xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx) { +- SECItem keyItem; +- SECItem ivItem; +- PK11SlotInfo* slot; +- PK11SymKey* symKey; +- int ivLen; +- SECStatus rv; +- int ret; +- +- xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->cipher != 0, -1); +- xmlSecAssert2(ctx->cipherCtx == NULL, -1); +- xmlSecAssert2(ctx->keyInitialized != 0, -1); +- xmlSecAssert2(ctx->ctxInitialized == 0, -1); +- xmlSecAssert2(in != NULL, -1); +- xmlSecAssert2(out != NULL, -1); +- xmlSecAssert2(transformCtx != NULL, -1); +- +- ivLen = PK11_GetIVLength(ctx->cipher); +- xmlSecAssert2(ivLen > 0, -1); +- xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); +- +- if(encrypt) { +- /* generate random iv */ +- rv = PK11_GenerateRandom(ctx->iv, ivLen); +- if(rv != SECSuccess) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "PK11_GenerateRandom", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", ivLen); +- return(-1); +- } +- +- /* write iv to the output */ +- ret = xmlSecBufferAppend(out, ctx->iv, ivLen); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferAppend", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", ivLen); +- return(-1); +- } +- +- } else { +- /* if we don't have enough data, exit and hope that +- * we'll have iv next time */ +- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { +- return(0); +- } +- +- /* copy iv to our buffer*/ +- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); +- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); +- +- /* and remove from input */ +- ret = xmlSecBufferRemoveHead(in, ivLen); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferRemoveHead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", ivLen); +- return(-1); ++ CK_MECHANISM_TYPE cipher ; ++ PK11SymKey* symkey ; ++ PK11Context* cipherCtx ; ++ xmlSecKeyDataId keyId ; ++} ; ++ ++#define xmlSecNssBlockCipherSize \ ++ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) ++ ++#define xmlSecNssBlockCipherGetCtx( transform ) \ ++ ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ++ ++static int ++xmlSecNssBlockCipherCheckId( ++ xmlSecTransformPtr transform ++) { ++ #ifndef XMLSEC_NO_DES ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) { ++ return 1 ; + } +- } ++ #endif /* XMLSEC_NO_DES */ + +- memset(&keyItem, 0, sizeof(keyItem)); +- keyItem.data = ctx->key; +- keyItem.len = ctx->keySize; +- memset(&ivItem, 0, sizeof(ivItem)); +- ivItem.data = ctx->iv; +- ivItem.len = ctx->ivSize; +- +- slot = PK11_GetBestSlot(ctx->cipher, NULL); +- if(slot == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "PK11_GetBestSlot", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, +- CKA_SIGN, &keyItem, NULL); +- if(symKey == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "PK11_ImportSymKey", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- PK11_FreeSlot(slot); +- return(-1); +- } ++ #ifndef XMLSEC_NO_AES ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) || ++ xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) || ++ xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) { + +- ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, +- (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, +- symKey, &ivItem); +- if(ctx->cipherCtx == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "PK11_CreateContextBySymKey", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- PK11_FreeSymKey(symKey); +- PK11_FreeSlot(slot); +- return(-1); ++ return 1 ; + } +- +- ctx->ctxInitialized = 1; +- PK11_FreeSymKey(symKey); +- PK11_FreeSlot(slot); +- return(0); ++ #endif /* XMLSEC_NO_AES */ ++ ++ return 0 ; + } + +-static int +-xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx) { +- xmlSecSize inSize, inBlocks, outSize; +- int blockLen; +- int outLen = 0; +- xmlSecByte* outBuf; +- SECStatus rv; +- int ret; +- +- xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->cipher != 0, -1); +- xmlSecAssert2(ctx->cipherCtx != NULL, -1); +- xmlSecAssert2(ctx->ctxInitialized != 0, -1); +- xmlSecAssert2(in != NULL, -1); +- xmlSecAssert2(out != NULL, -1); +- xmlSecAssert2(transformCtx != NULL, -1); ++static int ++xmlSecNssBlockCipherFetchCtx( ++ xmlSecNssBlockCipherCtxPtr context , ++ xmlSecTransformId id ++) { ++ xmlSecAssert2( context != NULL, -1 ) ; ++ ++ #ifndef XMLSEC_NO_DES ++ if( id == xmlSecNssTransformDes3CbcId ) { ++ context->cipher = CKM_DES3_CBC ; ++ context->keyId = xmlSecNssKeyDataDesId ; ++ } else ++ #endif /* XMLSEC_NO_DES */ ++ ++ #ifndef XMLSEC_NO_AES ++ if( id == xmlSecNssTransformAes128CbcId ) { ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ if( id == xmlSecNssTransformAes192CbcId ) { ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ if( id == xmlSecNssTransformAes256CbcId ) { ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ #endif /* XMLSEC_NO_AES */ ++ ++ if( 1 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } + +- blockLen = PK11_GetBlockSize(ctx->cipher, NULL); +- xmlSecAssert2(blockLen > 0, -1); ++ return 0 ; ++} + +- inSize = xmlSecBufferGetSize(in); +- outSize = xmlSecBufferGetSize(out); +- +- if(inSize < (xmlSecSize)blockLen) { +- return(0); +- } ++/** ++ * xmlSecTransformInitializeMethod: ++ * @transform: the pointer to transform object. ++ * ++ * The transform specific initialization method. ++ * ++ * Returns 0 on success or a negative value otherwise. ++ */ ++static int ++xmlSecNssBlockCipherInitialize( ++ xmlSecTransformPtr transform ++) { ++ xmlSecNssBlockCipherCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ++ ++ context = xmlSecNssBlockCipherGetCtx( transform ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherFetchCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } + +- if(encrypt) { +- inBlocks = inSize / ((xmlSecSize)blockLen); +- } else { +- /* we want to have the last block in the input buffer +- * for padding check */ +- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); +- } +- inSize = inBlocks * ((xmlSecSize)blockLen); ++ context->symkey = NULL ; ++ context->cipherCtx = NULL ; + +- /* we write out the input size plus may be one block */ +- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferSetMaxSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + inSize + blockLen); +- return(-1); +- } +- outBuf = xmlSecBufferGetData(out) + outSize; +- +- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, +- xmlSecBufferGetData(in), inSize); +- if(rv != SECSuccess) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "PK11_CipherOp", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- xmlSecAssert2((xmlSecSize)outLen == inSize, -1); +- +- /* set correct output buffer size */ +- ret = xmlSecBufferSetSize(out, outSize + outLen); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferSetSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + outLen); +- return(-1); +- } +- +- /* remove the processed block from input */ +- ret = xmlSecBufferRemoveHead(in, inSize); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferRemoveHead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", inSize); +- return(-1); +- } +- return(0); ++ return 0 ; + } + +-static int +-xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, +- xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx) { +- xmlSecSize inSize, outSize; +- int blockLen, outLen = 0; +- xmlSecByte* inBuf; +- xmlSecByte* outBuf; +- SECStatus rv; +- int ret; +- +- xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->cipher != 0, -1); +- xmlSecAssert2(ctx->cipherCtx != NULL, -1); +- xmlSecAssert2(ctx->ctxInitialized != 0, -1); +- xmlSecAssert2(in != NULL, -1); +- xmlSecAssert2(out != NULL, -1); +- xmlSecAssert2(transformCtx != NULL, -1); +- +- blockLen = PK11_GetBlockSize(ctx->cipher, NULL); +- xmlSecAssert2(blockLen > 0, -1); ++/** ++ * xmlSecTransformFinalizeMethod: ++ * @transform: the pointer to transform object. ++ * ++ * The transform specific destroy method. ++ */ ++static void ++xmlSecNssBlockCipherFinalize( ++ xmlSecTransformPtr transform ++) { ++ xmlSecNssBlockCipherCtxPtr context = NULL ; + +- inSize = xmlSecBufferGetSize(in); +- outSize = xmlSecBufferGetSize(out); ++ xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ; ++ xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ; + +- if(encrypt != 0) { +- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); +- +- /* create padding */ +- ret = xmlSecBufferSetMaxSize(in, blockLen); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferSetMaxSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", blockLen); +- return(-1); +- } +- inBuf = xmlSecBufferGetData(in); +- +- /* generate random padding */ +- if((xmlSecSize)blockLen > (inSize + 1)) { +- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); +- if(rv != SECSuccess) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "PK11_GenerateRandom", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", blockLen - inSize - 1); +- return(-1); +- } +- } +- inBuf[blockLen - 1] = blockLen - inSize; +- inSize = blockLen; +- } else { +- if(inSize != (xmlSecSize)blockLen) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "data=%d;block=%d", inSize, blockLen); +- return(-1); ++ context = xmlSecNssBlockCipherGetCtx( transform ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return ; + } +- } +- +- /* process last block */ +- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferSetMaxSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + 2 * blockLen); +- return(-1); +- } +- outBuf = xmlSecBufferGetData(out) + outSize; + +- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, +- xmlSecBufferGetData(in), inSize); +- if(rv != SECSuccess) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "PK11_CipherOp", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- xmlSecAssert2((xmlSecSize)outLen == inSize, -1); +- +- if(encrypt == 0) { +- /* check padding */ +- if(outLen < outBuf[blockLen - 1]) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "padding=%d;buffer=%d", +- outBuf[blockLen - 1], outLen); +- return(-1); +- } +- outLen -= outBuf[blockLen - 1]; +- } +- +- /* set correct output buffer size */ +- ret = xmlSecBufferSetSize(out, outSize + outLen); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferSetSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + outLen); +- return(-1); +- } ++ if( context->cipherCtx != NULL ) { ++ PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ; ++ context->cipherCtx = NULL ; ++ } + +- /* remove the processed block from input */ +- ret = xmlSecBufferRemoveHead(in, inSize); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferRemoveHead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", inSize); +- return(-1); +- } ++ if( context->symkey != NULL ) { ++ PK11_FreeSymKey( context->symkey ) ; ++ context->symkey = NULL ; ++ } + +- return(0); ++ context->cipher = CKM_INVALID_MECHANISM ; ++ context->keyId = NULL ; + } + +- +-/****************************************************************************** +- * +- * EVP Block Cipher transforms ++/** ++ * xmlSecTransformSetKeyRequirementsMethod: ++ * @transform: the pointer to transform object. ++ * @keyReq: the pointer to key requirements structure. + * +- * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure ++ * Transform specific method to set transform's key requirements. + * +- *****************************************************************************/ +-#define xmlSecNssBlockCipherSize \ +- (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) +-#define xmlSecNssBlockCipherGetCtx(transform) \ +- ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) +- +-static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); +-static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); +-static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, +- xmlSecKeyReqPtr keyReq); +-static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, +- xmlSecKeyPtr key); +-static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, +- int last, +- xmlSecTransformCtxPtr transformCtx); +-static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); +- +- ++ * Returns 0 on success or a negative value otherwise. ++ */ ++static int ++xmlSecNssBlockCipherSetKeyReq( ++ xmlSecTransformPtr transform , ++ xmlSecKeyReqPtr keyReq ++) { ++ xmlSecNssBlockCipherCtxPtr context = NULL ; ++ xmlSecSize cipherSize = 0 ; ++ ++ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ++ xmlSecAssert2( keyReq != NULL , -1 ) ; ++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ++ ++ context = xmlSecNssBlockCipherGetCtx( transform ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ keyReq->keyId = context->keyId ; ++ keyReq->keyType = xmlSecKeyDataTypeSymmetric ; ++ ++ if( transform->operation == xmlSecTransformOperationEncrypt ) { ++ keyReq->keyUsage = xmlSecKeyUsageEncrypt ; ++ } else { ++ keyReq->keyUsage = xmlSecKeyUsageDecrypt ; ++ } ++ ++ /* ++ if( context->symkey != NULL ) ++ cipherSize = PK11_GetKeyLength( context->symkey ) ; + +-static int +-xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { +-#ifndef XMLSEC_NO_DES +- if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { +- return(1); +- } +-#endif /* XMLSEC_NO_DES */ ++ keyReq->keyBitsSize = cipherSize * 8 ; ++ */ + +-#ifndef XMLSEC_NO_AES +- if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || +- xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || +- xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { +- +- return(1); +- } +-#endif /* XMLSEC_NO_AES */ +- +- return(0); ++ return 0 ; + } + +-static int +-xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { +- xmlSecNssBlockCipherCtxPtr ctx; +- +- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); ++/** ++ * xmlSecTransformSetKeyMethod: ++ * @transform: the pointer to transform object. ++ * @key: the pointer to key. ++ * ++ * The transform specific method to set the key for use. ++ * ++ * Returns 0 on success or a negative value otherwise. ++ */ ++static int ++xmlSecNssBlockCipherSetKey( ++ xmlSecTransformPtr transform , ++ xmlSecKeyPtr key ++) { ++ xmlSecNssBlockCipherCtxPtr context = NULL ; ++ xmlSecKeyDataPtr keyData = NULL ; ++ PK11SymKey* symkey = NULL ; ++ CK_ATTRIBUTE_TYPE operation ; ++ int ivLen ; ++ ++ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ++ xmlSecAssert2( key != NULL , -1 ) ; ++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ++ ++ context = xmlSecNssBlockCipherGetCtx( transform ) ; ++ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ++ ++ keyData = xmlSecKeyGetValue( key ) ; ++ if( keyData == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ++ "xmlSecKeyGetValue" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ++ "xmlSecNssSymKeyDataGetKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } + +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert2(ctx != NULL, -1); +- +- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); ++ context->symkey = symkey ; + +-#ifndef XMLSEC_NO_DES +- if(transform->id == xmlSecNssTransformDes3CbcId) { +- ctx->cipher = CKM_DES3_CBC; +- ctx->keyId = xmlSecNssKeyDataDesId; +- ctx->keySize = 24; +- } else +-#endif /* XMLSEC_NO_DES */ +- +-#ifndef XMLSEC_NO_AES +- if(transform->id == xmlSecNssTransformAes128CbcId) { +- ctx->cipher = CKM_AES_CBC; +- ctx->keyId = xmlSecNssKeyDataAesId; +- ctx->keySize = 16; +- } else if(transform->id == xmlSecNssTransformAes192CbcId) { +- ctx->cipher = CKM_AES_CBC; +- ctx->keyId = xmlSecNssKeyDataAesId; +- ctx->keySize = 24; +- } else if(transform->id == xmlSecNssTransformAes256CbcId) { +- ctx->cipher = CKM_AES_CBC; +- ctx->keyId = xmlSecNssKeyDataAesId; +- ctx->keySize = 32; +- } else +-#endif /* XMLSEC_NO_AES */ +- +- if(1) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- NULL, +- XMLSEC_ERRORS_R_INVALID_TRANSFORM, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- return(0); ++ return 0 ; + } + +-static void +-xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { +- xmlSecNssBlockCipherCtxPtr ctx; +- +- xmlSecAssert(xmlSecNssBlockCipherCheckId(transform)); +- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize)); ++/** ++ * Block cipher transform init ++ */ ++static int ++xmlSecNssBlockCipherCtxInit( ++ xmlSecNssBlockCipherCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ const xmlChar* cipherName , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ SECItem ivItem ; ++ SECItem* secParam = NULL ; ++ xmlSecBufferPtr ivBuf = NULL ; ++ int ivLen ; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ ivLen = PK11_GetIVLength( ctx->cipher ) ; ++ if( ivLen < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_GetIVLength" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( encrypt ) { ++ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_GenerateRandom" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; ++ return -1 ; ++ } ++ if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferSetSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferAppend" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; ++ return -1 ; ++ } ++ } else { ++ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferSetData" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; ++ return -1 ; ++ } ++ } ++ ++ ivItem.data = xmlSecBufferGetData( ivBuf ) ; ++ ivItem.len = xmlSecBufferGetSize( ivBuf ) ; ++ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_ParamFromIV" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; ++ return -1 ; ++ } ++ ++ ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; ++ if( ctx->cipherCtx == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ SECITEM_FreeItem( secParam , PR_TRUE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; ++ return -1 ; ++ } + +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert(ctx != NULL); ++ SECITEM_FreeItem( secParam , PR_TRUE ) ; ++ xmlSecBufferDestroy( ivBuf ) ; + +- if(ctx->cipherCtx != NULL) { +- PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); +- } +- +- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); ++ return 0 ; + } + +-static int +-xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { +- xmlSecNssBlockCipherCtxPtr ctx; +- +- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +- xmlSecAssert2(keyReq != NULL, -1); +- +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->keyId != NULL, -1); +- +- keyReq->keyId = ctx->keyId; +- keyReq->keyType = xmlSecKeyDataTypeSymmetric; +- if(transform->operation == xmlSecTransformOperationEncrypt) { +- keyReq->keyUsage = xmlSecKeyUsageEncrypt; +- } else { +- keyReq->keyUsage = xmlSecKeyUsageDecrypt; +- } +- keyReq->keyBitsSize = 8 * ctx->keySize; +- return(0); +-} ++/** ++ * Block cipher transform update ++ */ ++static int ++xmlSecNssBlockCipherCtxUpdate( ++ xmlSecNssBlockCipherCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ const xmlChar* cipherName , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ xmlSecSize inSize ; ++ xmlSecSize outSize ; ++ xmlSecSize inBlocks ; ++ int blockSize ; ++ int outLen ; ++ xmlSecByte* outBuf ; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ inSize = xmlSecBufferGetSize( in ) ; ++ outSize = xmlSecBufferGetSize( out ) ; ++ ++ inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; ++ inSize = inBlocks * blockSize ; ++ ++ if( inSize < blockSize ) { ++ return 0 ; ++ } ++ ++ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferSetMaxSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ outBuf = xmlSecBufferGetData( out ) + outSize ; ++ ++ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_CipherOp" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferSetSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } + +-static int +-xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { +- xmlSecNssBlockCipherCtxPtr ctx; +- xmlSecBufferPtr buffer; +- +- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +- xmlSecAssert2(key != NULL, -1); +- +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->cipher != 0, -1); +- xmlSecAssert2(ctx->keyInitialized == 0, -1); +- xmlSecAssert2(ctx->keyId != NULL, -1); +- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); +- +- xmlSecAssert2(ctx->keySize > 0, -1); +- xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); +- +- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); +- xmlSecAssert2(buffer != NULL, -1); +- +- if(xmlSecBufferGetSize(buffer) < ctx->keySize) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- NULL, +- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, +- "keySize=%d;expected=%d", +- xmlSecBufferGetSize(buffer), ctx->keySize); +- return(-1); +- } +- +- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); +- memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); +- +- ctx->keyInitialized = 1; +- return(0); ++ return 0 ; + } + ++/** ++ * Block cipher transform final ++ */ + static int +-xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { +- xmlSecNssBlockCipherCtxPtr ctx; +- xmlSecBufferPtr in, out; +- int ret; +- +- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +- xmlSecAssert2(transformCtx != NULL, -1); +- +- in = &(transform->inBuf); +- out = &(transform->outBuf); +- +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert2(ctx != NULL, -1); ++xmlSecNssBlockCipherCtxFinal( ++ xmlSecNssBlockCipherCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ const xmlChar* cipherName , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ xmlSecSize inSize ; ++ xmlSecSize outSize ; ++ int blockSize ; ++ int outLen ; ++ xmlSecByte* inBuf ; ++ xmlSecByte* outBuf ; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ inSize = xmlSecBufferGetSize( in ) ; ++ outSize = xmlSecBufferGetSize( out ) ; ++ ++ /******************************************************************/ ++ if( encrypt != 0 ) { ++ xmlSecAssert2( inSize < blockSize, -1 ) ; ++ ++ /* create padding */ ++ if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferSetMaxSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ inBuf = xmlSecBufferGetData( in ) ; ++ ++ /* generate random */ ++ if( blockSize > ( inSize + 1 ) ) { ++ if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_GenerateRandom" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ inBuf[blockSize-1] = blockSize - inSize ; ++ inSize = blockSize ; ++ } else { ++ if( inSize != blockSize ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ /* process the last block */ ++ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferSetMaxSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ outBuf = xmlSecBufferGetData( out ) + outSize ; ++ ++ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_CipherOp" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( encrypt == 0 ) { ++ /* check padding */ ++ if( outLen < outBuf[blockSize-1] ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ outLen -= outBuf[blockSize-1] ; ++ } ++ /******************************************************************/ ++ ++ /****************************************************************** ++ if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferSetMaxSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ outBuf = xmlSecBufferGetData( out ) + outSize ; ++ ++ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_DigestFinal" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ******************************************************************/ ++ ++ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferSetSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++/* PK11_Finalize( ctx->cipherCtx ) ;*/ ++ PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ; ++ ctx->cipherCtx = NULL ; + +- if(transform->status == xmlSecTransformStatusNone) { +- transform->status = xmlSecTransformStatusWorking; +- } +- +- if(transform->status == xmlSecTransformStatusWorking) { +- if(ctx->ctxInitialized == 0) { +- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, +- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +- xmlSecTransformGetName(transform), transformCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- "xmlSecNssBlockCipherCtxInit", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- } +- if((ctx->ctxInitialized == 0) && (last != 0)) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "not enough data to initialize transform"); +- return(-1); +- } +- +- if(ctx->ctxInitialized != 0) { +- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, +- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +- xmlSecTransformGetName(transform), transformCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- "xmlSecNssBlockCipherCtxUpdate", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- } +- +- if(last) { +- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, +- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +- xmlSecTransformGetName(transform), transformCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- "xmlSecNssBlockCipherCtxFinal", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- transform->status = xmlSecTransformStatusFinished; +- } +- } else if(transform->status == xmlSecTransformStatusFinished) { +- /* the only way we can get here is if there is no input */ +- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); +- } else if(transform->status == xmlSecTransformStatusNone) { +- /* the only way we can get here is if there is no enough data in the input */ +- xmlSecAssert2(last == 0, -1); +- } else { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- NULL, +- XMLSEC_ERRORS_R_INVALID_STATUS, +- "status=%d", transform->status); +- return(-1); +- } +- +- return(0); ++ return 0 ; + } + + +-#ifndef XMLSEC_NO_AES +-/********************************************************************* ++ ++/** ++ * xmlSecTransformExecuteMethod: ++ * @transform: the pointer to transform object. ++ * @last: the flag: if set to 1 then it's the last data chunk. ++ * @transformCtx: the pointer to transform context object. + * +- * AES CBC cipher transforms ++ * Transform specific method to process a chunk of data. + * +- ********************************************************************/ ++ * Returns 0 on success or a negative value otherwise. ++ */ ++static int ++xmlSecNssBlockCipherExecute( ++ xmlSecTransformPtr transform , ++ int last , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ xmlSecNssBlockCipherCtxPtr context = NULL ; ++ xmlSecBufferPtr inBuf = NULL ; ++ xmlSecBufferPtr outBuf = NULL ; ++ const xmlChar* cipherName ; ++ int operation ; ++ int rtv ; ++ ++ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ context = xmlSecNssBlockCipherGetCtx( transform ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ inBuf = &( transform->inBuf ) ; ++ outBuf = &( transform->outBuf ) ; ++ ++ if( transform->status == xmlSecTransformStatusNone ) { ++ transform->status = xmlSecTransformStatusWorking ; ++ } ++ ++ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ++ cipherName = xmlSecTransformGetName( transform ) ; ++ ++ if( transform->status == xmlSecTransformStatusWorking ) { ++ if( context->cipherCtx == NULL ) { ++ rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherCtxInit" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ if( context->cipherCtx == NULL && last != 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "No enough data to intialize transform" ) ; ++ return -1 ; ++ } ++ ++ if( context->cipherCtx != NULL ) { ++ rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherCtxUpdate" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ if( last ) { ++ rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssBlockCipherCtxFinal" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ transform->status = xmlSecTransformStatusFinished ; ++ } ++ } else if( transform->status == xmlSecTransformStatusFinished ) { ++ if( xmlSecBufferGetSize( inBuf ) != 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "status=%d", transform->status ) ; ++ return -1 ; ++ } ++ } else { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "status=%d", transform->status ) ; ++ return -1 ; ++ } ++ ++ return 0 ; ++} ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssAes128CbcKlass = { ++#else + static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { +- /* klass/object sizes */ +- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +- +- xmlSecNameAes128Cbc, /* const xmlChar* name; */ +- xmlSecHrefAes128Cbc, /* const xmlChar* href; */ +- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +- +- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ +- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +- NULL, /* xmlSecTransformNodeReadMethod readNode; */ +- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +- NULL, /* xmlSecTransformValidateMethod validate; */ +- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +- NULL, /* xmlSecTransformPopXmlMethod popXml; */ +- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ +- +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ +-}; ++#endif ++ sizeof( xmlSecTransformKlass ) , ++ xmlSecNssBlockCipherSize , ++ ++ xmlSecNameAes128Cbc , ++ xmlSecHrefAes128Cbc , ++ xmlSecTransformUsageEncryptionMethod , ++ ++ xmlSecNssBlockCipherInitialize , ++ xmlSecNssBlockCipherFinalize , ++ NULL , ++ NULL , ++ ++ xmlSecNssBlockCipherSetKeyReq , ++ xmlSecNssBlockCipherSetKey , ++ NULL , ++ xmlSecTransformDefaultGetDataType , ++ ++ xmlSecTransformDefaultPushBin , ++ xmlSecTransformDefaultPopBin , ++ NULL , ++ NULL , ++ xmlSecNssBlockCipherExecute , ++ ++ NULL , ++ NULL ++} ; ++ ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssAes192CbcKlass = { ++#else ++static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { ++#endif ++ sizeof( xmlSecTransformKlass ) , ++ xmlSecNssBlockCipherSize , ++ ++ xmlSecNameAes192Cbc , ++ xmlSecHrefAes192Cbc , ++ xmlSecTransformUsageEncryptionMethod , ++ ++ xmlSecNssBlockCipherInitialize , ++ xmlSecNssBlockCipherFinalize , ++ NULL , ++ NULL , ++ ++ xmlSecNssBlockCipherSetKeyReq , ++ xmlSecNssBlockCipherSetKey , ++ NULL , ++ xmlSecTransformDefaultGetDataType , ++ ++ xmlSecTransformDefaultPushBin , ++ xmlSecTransformDefaultPopBin , ++ NULL , ++ NULL , ++ xmlSecNssBlockCipherExecute , ++ ++ NULL , ++ NULL ++} ; ++ ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssAes256CbcKlass = { ++#else ++static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { ++#endif ++ sizeof( xmlSecTransformKlass ) , ++ xmlSecNssBlockCipherSize , ++ ++ xmlSecNameAes256Cbc , ++ xmlSecHrefAes256Cbc , ++ xmlSecTransformUsageEncryptionMethod , ++ ++ xmlSecNssBlockCipherInitialize , ++ xmlSecNssBlockCipherFinalize , ++ NULL , ++ NULL , ++ ++ xmlSecNssBlockCipherSetKeyReq , ++ xmlSecNssBlockCipherSetKey , ++ NULL , ++ xmlSecTransformDefaultGetDataType , ++ ++ xmlSecTransformDefaultPushBin , ++ xmlSecTransformDefaultPopBin , ++ NULL , ++ NULL , ++ xmlSecNssBlockCipherExecute , ++ ++ NULL , ++ NULL ++} ; ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssDes3CbcKlass = { ++#else ++static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { ++#endif ++ sizeof( xmlSecTransformKlass ) , ++ xmlSecNssBlockCipherSize , ++ ++ xmlSecNameDes3Cbc , ++ xmlSecHrefDes3Cbc , ++ xmlSecTransformUsageEncryptionMethod , ++ ++ xmlSecNssBlockCipherInitialize , ++ xmlSecNssBlockCipherFinalize , ++ NULL , ++ NULL , ++ ++ xmlSecNssBlockCipherSetKeyReq , ++ xmlSecNssBlockCipherSetKey , ++ NULL , ++ xmlSecTransformDefaultGetDataType , ++ ++ xmlSecTransformDefaultPushBin , ++ xmlSecTransformDefaultPopBin , ++ NULL , ++ NULL , ++ xmlSecNssBlockCipherExecute , ++ ++ NULL , ++ NULL ++} ; + + /** +- * xmlSecNssTransformAes128CbcGetKlass: +- * +- * AES 128 CBC encryption transform klass. +- * +- * Returns pointer to AES 128 CBC encryption transform. +- */ +-xmlSecTransformId +-xmlSecNssTransformAes128CbcGetKlass(void) { +- return(&xmlSecNssAes128CbcKlass); ++ * xmlSecNssTransformAes128CbcGetKlass ++ * ++ * Get the AES128_CBC transform klass ++ * ++ * Return AES128_CBC transform klass ++ */ ++xmlSecTransformId ++xmlSecNssTransformAes128CbcGetKlass( void ) { ++ return ( &xmlSecNssAes128CbcKlass ) ; + } + +-static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { +- /* klass/object sizes */ +- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +- +- xmlSecNameAes192Cbc, /* const xmlChar* name; */ +- xmlSecHrefAes192Cbc, /* const xmlChar* href; */ +- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +- +- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ +- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +- NULL, /* xmlSecTransformNodeReadMethod readNode; */ +- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +- NULL, /* xmlSecTransformValidateMethod validate; */ +- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +- NULL, /* xmlSecTransformPopXmlMethod popXml; */ +- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ +- +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ +-}; +- + /** +- * xmlSecNssTransformAes192CbcGetKlass: +- * +- * AES 192 CBC encryption transform klass. +- * +- * Returns pointer to AES 192 CBC encryption transform. +- */ +-xmlSecTransformId +-xmlSecNssTransformAes192CbcGetKlass(void) { +- return(&xmlSecNssAes192CbcKlass); ++ * xmlSecNssTransformAes192CbcGetKlass ++ * ++ * Get the AES192_CBC transform klass ++ * ++ * Return AES192_CBC transform klass ++ */ ++xmlSecTransformId ++xmlSecNssTransformAes192CbcGetKlass( void ) { ++ return ( &xmlSecNssAes192CbcKlass ) ; + } + +-static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { +- /* klass/object sizes */ +- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +- +- xmlSecNameAes256Cbc, /* const xmlChar* name; */ +- xmlSecHrefAes256Cbc, /* const xmlChar* href; */ +- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +- +- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ +- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +- NULL, /* xmlSecTransformNodeReadMethod readNode; */ +- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +- NULL, /* xmlSecTransformValidateMethod validate; */ +- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +- NULL, /* xmlSecTransformPopXmlMethod popXml; */ +- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ +- +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ +-}; +- + /** +- * xmlSecNssTransformAes256CbcGetKlass: +- * +- * AES 256 CBC encryption transform klass. +- * +- * Returns pointer to AES 256 CBC encryption transform. +- */ +-xmlSecTransformId +-xmlSecNssTransformAes256CbcGetKlass(void) { +- return(&xmlSecNssAes256CbcKlass); ++ * xmlSecNssTransformAes256CbcGetKlass ++ * ++ * Get the AES256_CBC transform klass ++ * ++ * Return AES256_CBC transform klass ++ */ ++xmlSecTransformId ++xmlSecNssTransformAes256CbcGetKlass( void ) { ++ return ( &xmlSecNssAes256CbcKlass ) ; + } + +-#endif /* XMLSEC_NO_AES */ +- +-#ifndef XMLSEC_NO_DES +-static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { +- /* klass/object sizes */ +- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +- +- xmlSecNameDes3Cbc, /* const xmlChar* name; */ +- xmlSecHrefDes3Cbc, /* const xmlChar* href; */ +- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +- +- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ +- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +- NULL, /* xmlSecTransformNodeReadMethod readNode; */ +- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +- NULL, /* xmlSecTransformValidateMethod validate; */ +- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +- NULL, /* xmlSecTransformPopXmlMethod popXml; */ +- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ +- +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ +-}; +- +-/** +- * xmlSecNssTransformDes3CbcGetKlass: ++/** ++ * xmlSecNssTransformDes3CbcGetKlass + * +- * Triple DES CBC encryption transform klass. +- * +- * Returns pointer to Triple DES encryption transform. ++ * Get the DES3_CBC transform klass ++ * ++ * Return DES3_CBC transform klass + */ +-xmlSecTransformId +-xmlSecNssTransformDes3CbcGetKlass(void) { +- return(&xmlSecNssDes3CbcKlass); ++xmlSecTransformId ++xmlSecNssTransformDes3CbcGetKlass( void ) { ++ return ( &xmlSecNssDes3CbcKlass ) ; + } +-#endif /* XMLSEC_NO_DES */ ++ + +--- misc/xmlsec1-1.2.6/src/nss/crypto.c 2003-10-29 16:57:25.000000000 +0100 ++++ misc/build/xmlsec1-1.2.6/src/nss/crypto.c 2008-06-29 23:44:19.000000000 +0200 +@@ -130,6 +130,7 @@ + /** + * High level routines form xmlsec command line utility + */ ++/* + gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit; + gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit; +@@ -143,10 +144,29 @@ + gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; + gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; + gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; +-#endif /* XMLSEC_NO_X509 */ ++#endif + gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; + gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; + gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; ++*/ ++ ++ gXmlSecNssFunctions->cryptoAppInit = NULL ; ++ gXmlSecNssFunctions->cryptoAppShutdown = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ; ++#ifndef XMLSEC_NO_X509 ++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ; ++ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ; ++ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ; ++#endif /* XMLSEC_NO_X509 */ ++ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ; + + return(gXmlSecNssFunctions); + } +--- misc/xmlsec1-1.2.6/src/nss/digests.c 2003-09-26 02:58:15.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/digests.c 2008-06-29 23:44:19.000000000 +0200 +@@ -21,7 +21,6 @@ + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + +-#include <xmlsec/nss/app.h> + #include <xmlsec/nss/crypto.h> + + #define XMLSEC_NSS_MAX_DIGEST_SIZE 32 +@@ -107,7 +106,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SECOID_FindOIDByTag", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + +@@ -117,7 +116,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_CreateDigestContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + +@@ -208,7 +207,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestBegin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + transform->status = xmlSecTransformStatusWorking; +@@ -225,7 +224,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + +@@ -246,7 +245,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + xmlSecAssert2(ctx->dgstSize > 0, -1); +@@ -285,7 +284,11 @@ + * SHA1 Digest transforms + * + *****************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecNssSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssDigestSize, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.6/src/nss/hmac.c 2003-09-26 02:58:15.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2008-06-29 23:44:19.000000000 +0200 +@@ -23,8 +23,8 @@ + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + +-#include <xmlsec/nss/app.h> + #include <xmlsec/nss/crypto.h> ++#include <xmlsec/nss/tokens.h> + + #define XMLSEC_NSS_MAX_HMAC_SIZE 128 + +@@ -241,13 +241,13 @@ + keyItem.data = xmlSecBufferGetData(buffer); + keyItem.len = xmlSecBufferGetSize(buffer); + +- slot = PK11_GetBestSlot(ctx->digestType, NULL); ++ slot = xmlSecNssSlotGet(ctx->digestType); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- "PK11_GetBestSlot", ++ "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + +@@ -258,7 +258,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_ImportSymKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + PK11_FreeSlot(slot); + return(-1); + } +@@ -269,7 +269,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_CreateContextBySymKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + PK11_FreeSymKey(symKey); + PK11_FreeSlot(slot); + return(-1); +@@ -368,7 +368,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestBegin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + transform->status = xmlSecTransformStatusWorking; +@@ -385,7 +385,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + +@@ -408,7 +408,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + xmlSecAssert2(dgstSize > 0, -1); +@@ -459,7 +459,11 @@ + /** + * HMAC SHA1 + */ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssHmacSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecNssHmacSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssHmacSize, /* xmlSecSize objSize */ +@@ -501,7 +505,11 @@ + /** + * HMAC Ripemd160 + */ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { ++#else + static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssHmacSize, /* xmlSecSize objSize */ +@@ -543,7 +551,11 @@ + /** + * HMAC Md5 + */ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssHmacMd5Klass = { ++#else + static xmlSecTransformKlass xmlSecNssHmacMd5Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssHmacSize, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.6/src/nss/keysstore.c 2003-09-26 02:58:15.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/keysstore.c 2008-06-29 23:44:19.000000000 +0200 +@@ -1,119 +1,522 @@ + /** + * XMLSec library + * +- * Nss keys store that uses Simple Keys Store under the hood. Uses the +- * Nss DB as a backing store for the finding keys, but the NSS DB is +- * not written to by the keys store. +- * So, if store->findkey is done and the key is not found in the simple +- * keys store, the NSS DB is looked up. +- * If store is called to adopt a key, that key is not written to the NSS +- * DB. +- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate +- * source of keys for xmlsec +- * + * This is free software; see Copyright file in the source + * distribution for precise wording. + * +- * Copyright (c) 2003 America Online, Inc. All rights reserved. ++ * Copyright................................ + */ +-#include "globals.h" + +-#include <stdlib.h> ++/** ++ * NSS key store uses a key list and a slot list as the key repository. NSS slot ++ * list is a backup repository for the finding keys. If a key is not found from ++ * the key list, the NSS slot list is looked up. ++ * ++ * Any key in the key list will not save to pkcs11 slot. When a store to called ++ * to adopt a key, the key is resident in the key list; While a store to called ++ * to set a is resident in the key list; While a store to called to set a slot ++ * list, which means that the keys in the listed slot can be used for xml sign- ++ * nature or encryption. ++ * ++ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. ++ * ++ * The framework will decrease the user interfaces to administrate xmlSec crypto ++ * engine. He can only focus on NSS layer functions. For examples, after the ++ * user set up a slot list handler to the keys store, he do not need to do any ++ * other work atop xmlSec interfaces, his action on the slot list handler, such ++ * as add a token to, delete a token from the list, will directly effect the key ++ * store behaviors. ++ * ++ * For example, a scenariio: ++ * 0. Create a slot list;( NSS interfaces ) ++ * 1. Create a keys store;( xmlSec interfaces ) ++ * 2. Set slot list with the keys store;( xmlSec Interfaces ) ++ * 3. Add a slot to the slot list;( NSS interfaces ) ++ * 4. Perform xml signature; ( xmlSec Interfaces ) ++ * 5. Deleter a slot from the slot list;( NSS interfaces ) ++ * 6. Perform xml encryption; ( xmlSec Interfaces ) ++ * 7. Perform xml signature;( xmlSec Interfaces ) ++ * 8. Destroy the keys store;( xmlSec Interfaces ) ++ * 8. Destroy the slot list.( NSS Interfaces ) ++ */ ++ ++#include "globals.h" + #include <string.h> + +-#include <nss.h> +-#include <cert.h> +-#include <pk11func.h> +-#include <keyhi.h> ++#include <nss.h> ++#include <pk11func.h> ++#include <prinit.h> ++#include <keyhi.h> + +-#include <libxml/tree.h> + + #include <xmlsec/xmlsec.h> +-#include <xmlsec/buffer.h> +-#include <xmlsec/base64.h> +-#include <xmlsec/errors.h> +-#include <xmlsec/xmltree.h> +- ++#include <xmlsec/keys.h> + #include <xmlsec/keysmngr.h> ++#include <xmlsec/transforms.h> ++#include <xmlsec/xmltree.h> ++#include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> + #include <xmlsec/nss/keysstore.h> +-#include <xmlsec/nss/x509.h> ++#include <xmlsec/nss/tokens.h> ++#include <xmlsec/nss/ciphers.h> + #include <xmlsec/nss/pkikeys.h> + +-/**************************************************************************** ++/** ++ * Internal NSS key store context + * +- * Nss Keys Store. Uses Simple Keys Store under the hood +- * +- * Simple Keys Store ptr is located after xmlSecKeyStore ++ * This context is located after xmlSecKeyStore ++ */ ++typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; ++typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; ++ ++struct _xmlSecNssKeysStoreCtx { ++ xmlSecPtrListPtr keyList ; ++ xmlSecPtrListPtr slotList ; ++} ; ++ ++#define xmlSecNssKeysStoreSize \ ++ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) ++ ++#define xmlSecNssKeysStoreGetCtx( data ) \ ++ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) ++ ++int xmlSecNssKeysStoreAdoptKeySlot( ++ xmlSecKeyStorePtr store , ++ xmlSecNssKeySlotPtr keySlot ++) { ++ xmlSecNssKeysStoreCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ++ ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecNssKeysStoreGetCtx" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( context->slotList == NULL ) { ++ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListCheckId" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListAdd" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ return 0 ; ++} ++ ++int xmlSecNssKeysStoreAdoptKey( ++ xmlSecKeyStorePtr store , ++ xmlSecKeyPtr key ++) { ++ xmlSecNssKeysStoreCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ++ ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecNssKeysStoreGetCtx" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( context->keyList == NULL ) { ++ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListCheckId" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecPtrListAdd" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ ++ return 0 ; ++} ++ ++/** ++ * xmlSecKeyStoreInitializeMethod: ++ * @store: the store. + * +- ***************************************************************************/ +-#define xmlSecNssKeysStoreSize \ +- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) +- +-#define xmlSecNssKeysStoreGetSS(store) \ +- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ +- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ +- (xmlSecKeyStorePtr*)NULL) +- +-static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); +-static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); +-static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, +- const xmlChar* name, +- xmlSecKeyInfoCtxPtr keyInfoCtx); ++ * Keys store specific initialization method. ++ * ++ * Returns 0 on success or a negative value if an error occurs. ++ */ ++static int ++xmlSecNssKeysStoreInitialize( ++ xmlSecKeyStorePtr store ++) { ++ xmlSecNssKeysStoreCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ++ ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecNssKeysStoreGetCtx" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } + +-static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { +- sizeof(xmlSecKeyStoreKlass), +- xmlSecNssKeysStoreSize, ++ context->keyList = NULL ; ++ context->slotList = NULL ; + +- /* data */ +- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ +- +- /* constructors/destructor */ +- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ +- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ +- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ +- +- /* reserved for the future */ +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ +-}; ++ return 0 ; ++} + +-/** +- * xmlSecNssKeysStoreGetKlass: +- * +- * The Nss list based keys store klass. ++/** ++ * xmlSecKeyStoreFinalizeMethod: ++ * @store: the store. + * +- * Returns Nss list based keys store klass. ++ * Keys store specific finalization (destroy) method. + */ +-xmlSecKeyStoreId +-xmlSecNssKeysStoreGetKlass(void) { +- return(&xmlSecNssKeysStoreKlass); ++void ++xmlSecNssKeysStoreFinalize( ++ xmlSecKeyStorePtr store ++) { ++ xmlSecNssKeysStoreCtxPtr context = NULL ; ++ ++ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; ++ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; ++ ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecNssKeysStoreGetCtx" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return ; ++ } ++ ++ if( context->keyList != NULL ) { ++ xmlSecPtrListDestroy( context->keyList ) ; ++ context->keyList = NULL ; ++ } ++ ++ if( context->slotList != NULL ) { ++ xmlSecPtrListDestroy( context->slotList ) ; ++ context->slotList = NULL ; ++ } + } + +-/** +- * xmlSecNssKeysStoreAdoptKey: +- * @store: the pointer to Nss keys store. +- * @key: the pointer to key. +- * +- * Adds @key to the @store. ++xmlSecKeyPtr ++xmlSecNssKeysStoreFindKeyFromSlot( ++ PK11SlotInfo* slot, ++ const xmlChar* name, ++ xmlSecKeyInfoCtxPtr keyInfoCtx ++) { ++ xmlSecKeyPtr key = NULL ; ++ xmlSecKeyDataPtr data = NULL ; ++ int length ; ++ ++ xmlSecAssert2( slot != NULL , NULL ) ; ++ xmlSecAssert2( name != NULL , NULL ) ; ++ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; ++ ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { ++ PK11SymKey* symKey ; ++ PK11SymKey* curKey ; ++ ++ /* Find symmetric key from the slot by name */ ++ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; ++ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { ++ /* Check the key request */ ++ length = PK11_GetKeyLength( curKey ) ; ++ length *= 8 ; ++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ++ ( length > 0 ) && ++ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ++ continue ; ++ ++ /* We find a eligible key */ ++ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; ++ if( data == NULL ) { ++ /* Do nothing */ ++ } ++ break ; ++ } ++ ++ /* Destroy the sym key list */ ++ for( curKey = symKey ; curKey != NULL ; ) { ++ symKey = curKey ; ++ curKey = PK11_GetNextSymKey( symKey ) ; ++ PK11_FreeSymKey( symKey ) ; ++ } ++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { ++ SECKEYPublicKeyList* pubKeyList ; ++ SECKEYPublicKey* pubKey ; ++ SECKEYPublicKeyListNode* curPub ; ++ ++ /* Find asymmetric key from the slot by name */ ++ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; ++ pubKey = NULL ; ++ curPub = PUBKEY_LIST_HEAD(pubKeyList); ++ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { ++ /* Check the key request */ ++ length = SECKEY_PublicKeyStrength( curPub->key ) ; ++ length *= 8 ; ++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ++ ( length > 0 ) && ++ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ++ continue ; ++ ++ /* We find a eligible key */ ++ pubKey = curPub->key ; ++ break ; ++ } ++ ++ if( pubKey != NULL ) { ++ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; ++ if( data == NULL ) { ++ /* Do nothing */ ++ } ++ } ++ ++ /* Destroy the public key list */ ++ SECKEY_DestroyPublicKeyList( pubKeyList ) ; ++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ++ SECKEYPrivateKeyList* priKeyList = NULL ; ++ SECKEYPrivateKey* priKey = NULL ; ++ SECKEYPrivateKeyListNode* curPri ; ++ ++ /* Find asymmetric key from the slot by name */ ++ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; ++ priKey = NULL ; ++ curPri = PRIVKEY_LIST_HEAD(priKeyList); ++ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { ++ /* Check the key request */ ++ length = PK11_SignatureLen( curPri->key ) ; ++ length *= 8 ; ++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ++ ( length > 0 ) && ++ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ++ continue ; ++ ++ /* We find a eligible key */ ++ priKey = curPri->key ; ++ break ; ++ } ++ ++ if( priKey != NULL ) { ++ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; ++ if( data == NULL ) { ++ /* Do nothing */ ++ } ++ } ++ ++ /* Destroy the private key list */ ++ SECKEY_DestroyPrivateKeyList( priKeyList ) ; ++ } ++ ++ /* If we have gotten the key value */ ++ if( data != NULL ) { ++ if( ( key = xmlSecKeyCreate() ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyDataDestroy( data ) ; ++ return NULL ; ++ } ++ ++ if( xmlSecKeySetValue( key , data ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeySetValue" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyDestroy( key ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return NULL ; ++ } ++ } ++ ++ return(key); ++} ++ ++/** ++ * xmlSecKeyStoreFindKeyMethod: ++ * @store: the store. ++ * @name: the desired key name. ++ * @keyInfoCtx: the pointer to key info context. + * +- * Returns 0 on success or a negative value if an error occurs. ++ * Keys store specific find method. The caller is responsible for destroying ++ * the returned key using #xmlSecKeyDestroy method. ++ * ++ * Returns the pointer to a key or NULL if key is not found or an error occurs. + */ +-int +-xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { +- xmlSecKeyStorePtr *ss; +- +- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); +- xmlSecAssert2((key != NULL), -1); ++static xmlSecKeyPtr ++xmlSecNssKeysStoreFindKey( ++ xmlSecKeyStorePtr store , ++ const xmlChar* name , ++ xmlSecKeyInfoCtxPtr keyInfoCtx ++) { ++ xmlSecNssKeysStoreCtxPtr context = NULL ; ++ xmlSecKeyPtr key = NULL ; ++ xmlSecNssKeySlotPtr keySlot = NULL ; ++ xmlSecSize pos ; ++ xmlSecSize size ; ++ ++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; ++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; ++ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; ++ ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecNssKeysStoreGetCtx" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return NULL ; ++ } ++ ++ /*- ++ * Look for key at keyList at first. ++ */ ++ if( context->keyList != NULL ) { ++ size = xmlSecPtrListGetSize( context->keyList ) ; ++ for( pos = 0 ; pos < size ; pos ++ ) { ++ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; ++ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { ++ return xmlSecKeyDuplicate( key ) ; ++ } ++ } ++ } ++ ++ /*- ++ * Find the key from slotList ++ */ ++ if( context->slotList != NULL ) { ++ PK11SlotInfo* slot = NULL ; ++ ++ size = xmlSecPtrListGetSize( context->slotList ) ; ++ for( pos = 0 ; pos < size ; pos ++ ) { ++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; ++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ++ if( slot == NULL ) { ++ continue ; ++ } else { ++ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; ++ if( key == NULL ) { ++ continue ; ++ } else { ++ return( key ) ; ++ } ++ } ++ } ++ } ++ ++ /*- ++ * Create a session key if we can not find the key from keyList and slotList ++ */ ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { ++ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; ++ if( key == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ++ "xmlSecKeySetValue" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return NULL ; ++ } ++ ++ return key ; ++ } ++ ++ /** ++ * We have no way to find the key any more. ++ */ ++ return NULL ; ++} + +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && +- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { ++#else ++static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { ++#endif ++ sizeof( xmlSecKeyStoreKlass ) , ++ xmlSecNssKeysStoreSize , ++ BAD_CAST "implicit_nss_keys_store" , ++ xmlSecNssKeysStoreInitialize , ++ xmlSecNssKeysStoreFinalize , ++ xmlSecNssKeysStoreFindKey , ++ NULL , ++ NULL ++} ; + +- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); ++/** ++ * xmlSecNssKeysStoreGetKlass: ++ * ++ * The simple list based keys store klass. ++ * ++ * Returns simple list based keys store klass. ++ */ ++xmlSecKeyStoreId ++xmlSecNssKeysStoreGetKlass( void ) { ++ return &xmlSecNssKeysStoreKlass ; + } + ++ ++/************************** ++ * Application routines ++ */ + /** + * xmlSecNssKeysStoreLoad: + * @store: the pointer to Nss keys store. +@@ -125,8 +528,11 @@ + * Returns 0 on success or a negative value if an error occurs. + */ + int +-xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, +- xmlSecKeysMngrPtr keysMngr) { ++xmlSecNssKeysStoreLoad( ++ xmlSecKeyStorePtr store, ++ const char *uri, ++ xmlSecKeysMngrPtr keysMngr ++) { + xmlDocPtr doc; + xmlNodePtr root; + xmlNodePtr cur; +@@ -252,254 +658,147 @@ + */ + int + xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { +- xmlSecKeyStorePtr *ss; +- +- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); +- xmlSecAssert2((filename != NULL), -1); +- +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && +- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); +- +- return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); +-} +- +-static int +-xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { +- xmlSecKeyStorePtr *ss; +- +- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); ++ xmlSecKeyInfoCtx keyInfoCtx; ++ xmlSecNssKeysStoreCtxPtr context ; ++ xmlSecPtrListPtr list; ++ xmlSecKeyPtr key; ++ xmlSecSize i, keysSize; ++ xmlDocPtr doc; ++ xmlNodePtr cur; ++ xmlSecKeyDataPtr data; ++ xmlSecPtrListPtr idsList; ++ xmlSecKeyDataId dataId; ++ xmlSecSize idsSize, j; ++ int ret; + +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert2((*ss == NULL), -1); ++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ; ++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; ++ xmlSecAssert2(filename != NULL, -1); ++ ++ context = xmlSecNssKeysStoreGetCtx( store ) ; ++ xmlSecAssert2( context != NULL, -1 ); ++ ++ list = context->keyList ; ++ xmlSecAssert2( list != NULL, -1 ); ++ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); + +- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); +- if(*ss == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, ++ /* create doc */ ++ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); ++ if(doc == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +- "xmlSecKeyStoreCreate", ++ "xmlSecCreateTree", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "xmlSecSimpleKeysStoreId"); +- return(-1); ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); + } +- +- return(0); +-} +- +-static void +-xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { +- xmlSecKeyStorePtr *ss; +- +- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); +- +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert((ss != NULL) && (*ss != NULL)); + +- xmlSecKeyStoreDestroy(*ss); +-} +- +-static xmlSecKeyPtr +-xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, +- xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlSecKeyStorePtr* ss; +- xmlSecKeyPtr key = NULL; +- xmlSecKeyPtr retval = NULL; +- xmlSecKeyReqPtr keyReq = NULL; +- CERTCertificate *cert = NULL; +- SECKEYPublicKey *pubkey = NULL; +- SECKEYPrivateKey *privkey = NULL; +- xmlSecKeyDataPtr data = NULL; +- xmlSecKeyDataPtr x509Data = NULL; +- int ret; +- +- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); +- xmlSecAssert2(keyInfoCtx != NULL, NULL); +- +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); +- +- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); +- if (key != NULL) { +- return (key); +- } ++ idsList = xmlSecKeyDataIdsGet(); ++ xmlSecAssert2(idsList != NULL, -1); ++ ++ keysSize = xmlSecPtrListGetSize(list); ++ idsSize = xmlSecPtrListGetSize(idsList); ++ for(i = 0; i < keysSize; ++i) { ++ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); ++ xmlSecAssert2(key != NULL, -1); ++ ++ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); ++ if(cur == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecAddChild", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "node=%s", ++ xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); ++ xmlFreeDoc(doc); ++ return(-1); ++ } + +- /* Try to find the key in the NSS DB, and construct an xmlSecKey. +- * we must have a name to lookup keys in NSS DB. +- */ +- if (name == NULL) { +- goto done; +- } ++ /* special data key name */ ++ if(xmlSecKeyGetName(key) != NULL) { ++ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecAddChild", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "node=%s", ++ xmlSecErrorsSafeString(xmlSecNodeKeyName)); ++ xmlFreeDoc(doc); ++ return(-1); ++ } ++ } ++ ++ /* create nodes for other keys data */ ++ for(j = 0; j < idsSize; ++j) { ++ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); ++ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); + +- /* what type of key are we looking for? +- * TBD: For now, we'll look only for public/private keys using the +- * name as a cert nickname. Later on, we can attempt to find +- * symmetric keys using PK11_FindFixedKey +- */ +- keyReq = &(keyInfoCtx->keyReq); +- if (keyReq->keyType & +- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { +- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); +- if (cert == NULL) { +- goto done; +- } +- +- if (keyReq->keyType & xmlSecKeyDataTypePublic) { +- pubkey = CERT_ExtractPublicKey(cert); +- if (pubkey == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_ExtractPublicKey", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; ++ if(dataId->dataNodeName == NULL) { ++ continue; ++ } ++ ++ data = xmlSecKeyGetData(key, dataId); ++ if(data == NULL) { ++ continue; + } +- } + +- if (keyReq->keyType & xmlSecKeyDataTypePrivate) { +- privkey = PK11_FindKeyByAnyCert(cert, NULL); +- if (privkey == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "PK11_FindKeyByAnyCert", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; ++ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecAddChild", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "node=%s", ++ xmlSecErrorsSafeString(dataId->dataNodeName)); ++ xmlFreeDoc(doc); ++ return(-1); + } + } + +- data = xmlSecNssPKIAdoptKey(privkey, pubkey); +- if(data == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssPKIAdoptKey", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- privkey = NULL; +- pubkey = NULL; +- +- key = xmlSecKeyCreate(); +- if (key == NULL) { ++ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); ++ if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyCreate", ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecKeyInfoCtxInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +- return (NULL); +- } +- +- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); +- if(x509Data == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyDataCreate", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "transform=%s", +- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); +- goto done; +- } +- +- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); +- if (ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssKeyDataX509AdoptKeyCert", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; +- } +- cert = CERT_DupCertificate(cert); +- if (cert == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_DupCertificate", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; +- } +- +- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); +- if (ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssKeyDataX509AdoptCert", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; ++ xmlFreeDoc(doc); ++ return(-1); + } +- cert = NULL; + +- ret = xmlSecKeySetValue(key, data); +- if (ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeySetValue", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); +- goto done; +- } +- data = NULL; ++ keyInfoCtx.mode = xmlSecKeyInfoModeWrite; ++ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; ++ keyInfoCtx.keyReq.keyType = type; ++ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; + +- ret = xmlSecKeyAdoptData(key, x509Data); +- if (ret < 0) { ++ /* finally write key in the node */ ++ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); ++ if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyAdoptData", ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecKeyInfoNodeWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; +- } +- x509Data = NULL; +- +- retval = key; +- key = NULL; +- } +- +-done: +- if (cert != NULL) { +- CERT_DestroyCertificate(cert); +- } +- if (pubkey != NULL) { +- SECKEY_DestroyPublicKey(pubkey); +- } +- if (privkey != NULL) { +- SECKEY_DestroyPrivateKey(privkey); +- } +- if (data != NULL) { +- xmlSecKeyDataDestroy(data); +- } +- if (x509Data != NULL) { +- xmlSecKeyDataDestroy(x509Data); +- } +- if (key != NULL) { +- xmlSecKeyDestroy(key); ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); ++ xmlFreeDoc(doc); ++ return(-1); ++ } ++ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); + } +- +- /* now that we have a key, make sure it is valid and let the simple +- * store adopt it */ +- if (retval) { +- if (xmlSecKeyIsValid(retval)) { +- ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval); +- if (ret < 0) { ++ ++ /* now write result */ ++ ret = xmlSaveFormatFile(filename, doc, 1); ++ if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +- "xmlSecSimpleKeysStoreAdoptKey", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- xmlSecKeyDestroy(retval); +- retval = NULL; +- } +- } else { +- xmlSecKeyDestroy(retval); +- retval = NULL; +- } +- } +- +- return (retval); ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSaveFormatFile", ++ XMLSEC_ERRORS_R_XML_FAILED, ++ "filename=%s", ++ xmlSecErrorsSafeString(filename)); ++ xmlFreeDoc(doc); ++ return(-1); ++ } ++ ++ xmlFreeDoc(doc); ++ return(0); + } ++ +--- misc/xmlsec1-1.2.6/src/nss/keytrans.c 2008-06-29 23:44:39.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/keytrans.c 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,752 @@ +-dummy ++/** ++ * ++ * XMLSec library ++ * ++ * AES Algorithm support ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright ................................. ++ */ ++#include "globals.h" ++ ++#include <stdlib.h> ++#include <stdio.h> ++#include <string.h> ++ ++#include <nss.h> ++#include <pk11func.h> ++#include <keyhi.h> ++#include <key.h> ++#include <hasht.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/xmltree.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++#include <xmlsec/errors.h> ++ ++#include <xmlsec/nss/crypto.h> ++#include <xmlsec/nss/pkikeys.h> ++#include <xmlsec/nss/tokens.h> ++ ++/********************************************************************* ++ * ++ * key transform transforms ++ * ++ ********************************************************************/ ++typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ; ++typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ; ++ ++#define xmlSecNssKeyTransportSize \ ++ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) ++ ++#define xmlSecNssKeyTransportGetCtx( transform ) \ ++ ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ++ ++struct _xmlSecNssKeyTransportCtx { ++ CK_MECHANISM_TYPE cipher ; ++ SECKEYPublicKey* pubkey ; ++ SECKEYPrivateKey* prikey ; ++ xmlSecKeyDataId keyId ; ++ xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ ++} ; ++ ++static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform); ++static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform); ++static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, ++ xmlSecKeyReqPtr keyReq); ++static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, ++ xmlSecKeyPtr key); ++static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, ++ int last, ++ xmlSecTransformCtxPtr transformCtx); ++static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform); ++ ++static int ++xmlSecNssKeyTransportCheckId( ++ xmlSecTransformPtr transform ++) { ++ #ifndef XMLSEC_NO_RSA ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) || ++ xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) { ++ ++ return(1); ++ } ++ #endif /* XMLSEC_NO_RSA */ ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { ++ xmlSecNssKeyTransportCtxPtr context ; ++ int ret; ++ ++ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); ++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); ++ ++ context = xmlSecNssKeyTransportGetCtx( transform ) ; ++ xmlSecAssert2( context != NULL , -1 ) ; ++ ++ #ifndef XMLSEC_NO_RSA ++ if( transform->id == xmlSecNssTransformRsaPkcs1Id ) { ++ context->cipher = CKM_RSA_PKCS ; ++ context->keyId = xmlSecNssKeyDataRsaId ; ++ } else if( transform->id == xmlSecNssTransformRsaOaepId ) { ++ context->cipher = CKM_RSA_PKCS_OAEP ; ++ context->keyId = xmlSecNssKeyDataRsaId ; ++ } else ++ #endif /* XMLSEC_NO_RSA */ ++ ++ if( 1 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ context->pubkey = NULL ; ++ context->prikey = NULL ; ++ context->material = NULL ; ++ ++ return(0); ++} ++ ++static void ++xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) { ++ xmlSecNssKeyTransportCtxPtr context ; ++ ++ xmlSecAssert(xmlSecNssKeyTransportCheckId(transform)); ++ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize)); ++ ++ context = xmlSecNssKeyTransportGetCtx( transform ) ; ++ xmlSecAssert( context != NULL ) ; ++ ++ if( context->pubkey != NULL ) { ++ SECKEY_DestroyPublicKey( context->pubkey ) ; ++ context->pubkey = NULL ; ++ } ++ ++ if( context->prikey != NULL ) { ++ SECKEY_DestroyPrivateKey( context->prikey ) ; ++ context->prikey = NULL ; ++ } ++ ++ if( context->material != NULL ) { ++ xmlSecBufferDestroy(context->material); ++ context->material = NULL ; ++ } ++} ++ ++static int ++xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { ++ xmlSecNssKeyTransportCtxPtr context ; ++ xmlSecSize cipherSize = 0 ; ++ ++ ++ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); ++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); ++ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ++ xmlSecAssert2(keyReq != NULL, -1); ++ ++ context = xmlSecNssKeyTransportGetCtx( transform ) ; ++ xmlSecAssert2( context != NULL , -1 ) ; ++ ++ keyReq->keyId = context->keyId; ++ if(transform->operation == xmlSecTransformOperationEncrypt) { ++ keyReq->keyUsage = xmlSecKeyUsageEncrypt; ++ keyReq->keyType = xmlSecKeyDataTypePublic; ++ } else { ++ keyReq->keyUsage = xmlSecKeyUsageDecrypt; ++ keyReq->keyType = xmlSecKeyDataTypePrivate; ++ } ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ++ xmlSecNssKeyTransportCtxPtr context = NULL ; ++ xmlSecKeyDataPtr keyData = NULL ; ++ SECKEYPublicKey* pubkey = NULL ; ++ SECKEYPrivateKey* prikey = NULL ; ++ ++ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); ++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); ++ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ++ xmlSecAssert2(key != NULL, -1); ++ ++ context = xmlSecNssKeyTransportGetCtx( transform ) ; ++ if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyTransportGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ++ ++ keyData = xmlSecKeyGetValue( key ) ; ++ if( keyData == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ++ "xmlSecKeyGetValue" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if(transform->operation == xmlSecTransformOperationEncrypt) { ++ if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ++ "xmlSecNssPKIKeyDataGetPubKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ context->pubkey = pubkey ; ++ } else { ++ if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ++ "xmlSecNssPKIKeyDataGetPrivKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ context->prikey = prikey ; ++ } ++ ++ return(0) ; ++} ++ ++/** ++ * key wrap transform ++ */ ++static int ++xmlSecNssKeyTransportCtxInit( ++ xmlSecNssKeyTransportCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ xmlSecSize blockSize ; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ if( ctx->material != NULL ) { ++ xmlSecBufferDestroy( ctx->material ) ; ++ ctx->material = NULL ; ++ } ++ ++ if( ctx->pubkey != NULL ) { ++ blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; ++ } else if( ctx->prikey != NULL ) { ++ blockSize = PK11_SignatureLen( ctx->prikey ) ; ++ } else { ++ blockSize = -1 ; ++ } ++ ++ if( blockSize < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ ctx->material = xmlSecBufferCreate( blockSize ) ; ++ if( ctx->material == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ /* read raw key material into context */ ++ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferSetData" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ return(0); ++} ++ ++/** ++ * key wrap transform update ++ */ ++static int ++xmlSecNssKeyTransportCtxUpdate( ++ xmlSecNssKeyTransportCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( ctx->material != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ /* read raw key material and append into context */ ++ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferAppend" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ return(0); ++} ++ ++/** ++ * Block cipher transform final ++ */ ++static int ++xmlSecNssKeyTransportCtxFinal( ++ xmlSecNssKeyTransportCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ SECKEYPublicKey* targetKey ; ++ PK11SymKey* symKey ; ++ PK11SlotInfo* slot ; ++ SECItem oriskv ; ++ xmlSecSize blockSize ; ++ xmlSecBufferPtr result ; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( ctx->material != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ /* read raw key material and append into context */ ++ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferAppend" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ /* Now we get all of the key materail */ ++ /* from now on we will wrap or unwrap the key */ ++ if( ctx->pubkey != NULL ) { ++ blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; ++ } else if( ctx->prikey != NULL ) { ++ blockSize = PK11_SignatureLen( ctx->prikey ) ; ++ } else { ++ blockSize = -1 ; ++ } ++ ++ if( blockSize < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ result = xmlSecBufferCreate( blockSize * 2 ) ; ++ if( result == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ oriskv.type = siBuffer ; ++ oriskv.data = xmlSecBufferGetData( ctx->material ) ; ++ oriskv.len = xmlSecBufferGetSize( ctx->material ) ; ++ ++ if( encrypt != 0 ) { ++ CK_OBJECT_HANDLE id ; ++ SECItem wrpskv ; ++ ++ /* Create template symmetric key from material */ ++ if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) { ++ slot = xmlSecNssSlotGet( ctx->cipher ) ; ++ if( slot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSlotGet" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ ++ id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; ++ if( id == CK_INVALID_HANDLE ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_ImportPublicKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ PK11_FreeSlot( slot ) ; ++ return(-1); ++ } ++ } ++ ++ /* pay attention to mechanism */ ++ symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; ++ if( symKey == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_ImportSymKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ PK11_FreeSlot( slot ) ; ++ return(-1); ++ } ++ ++ wrpskv.type = siBuffer ; ++ wrpskv.data = xmlSecBufferGetData( result ) ; ++ wrpskv.len = xmlSecBufferGetMaxSize( result ) ; ++ ++ if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_PubWrapSymKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSymKey( symKey ) ; ++ xmlSecBufferDestroy(result); ++ PK11_FreeSlot( slot ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferSetSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSymKey( symKey ) ; ++ xmlSecBufferDestroy(result); ++ PK11_FreeSlot( slot ) ; ++ return(-1); ++ } ++ PK11_FreeSymKey( symKey ) ; ++ PK11_FreeSlot( slot ) ; ++ } else { ++ SECItem* keyItem ; ++ CK_OBJECT_HANDLE id1 ; ++ ++ /* pay attention to mechanism */ ++ if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_PubUnwrapSymKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ ++ /* Extract raw data from symmetric key */ ++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_ExtractKeyValue" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSymKey( symKey ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ ++ if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_GetKeyData" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSymKey( symKey ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ ++ if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_PubUnwrapSymKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSymKey( symKey ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ PK11_FreeSymKey( symKey ) ; ++ } ++ ++ /* Write output */ ++ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferAppend" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ xmlSecBufferDestroy(result); ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { ++ xmlSecNssKeyTransportCtxPtr context = NULL ; ++ xmlSecBufferPtr inBuf, outBuf ; ++ int operation ; ++ int rtv ; ++ ++ xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; ++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; ++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ context = xmlSecNssKeyTransportGetCtx( transform ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyTransportGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ inBuf = &( transform->inBuf ) ; ++ outBuf = &( transform->outBuf ) ; ++ ++ if( transform->status == xmlSecTransformStatusNone ) { ++ transform->status = xmlSecTransformStatusWorking ; ++ } ++ ++ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ++ if( transform->status == xmlSecTransformStatusWorking ) { ++ if( context->material == NULL ) { ++ rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyTransportCtxInit" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ } ++ ++ if( context->material == NULL && last != 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "No enough data to intialize transform" ) ; ++ return(-1); ++ } ++ ++ if( context->material != NULL ) { ++ rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyTransportCtxUpdate" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ } ++ ++ if( last ) { ++ rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyTransportCtxFinal" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ transform->status = xmlSecTransformStatusFinished ; ++ } ++ } else if( transform->status == xmlSecTransformStatusFinished ) { ++ if( xmlSecBufferGetSize( inBuf ) != 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "status=%d", transform->status ) ; ++ return(-1); ++ } ++ } else { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "status=%d", transform->status ) ; ++ return(-1); ++ } ++ ++ return(0); ++} ++ ++ ++#ifndef XMLSEC_NO_RSA ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { ++#else ++static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { ++#endif ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameRsaPkcs1, /* const xmlChar* name; */ ++ xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ ++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ++ ++ xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ++ xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssRsaOaepKlass = { ++#else ++static xmlSecTransformKlass xmlSecNssRsaOaepKlass = { ++#endif ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameRsaOaep, /* const xmlChar* name; */ ++ xmlSecHrefRsaOaep, /* const xmlChar* href; */ ++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ++ ++ xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ++ xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++/** ++ * xmlSecNssTransformRsaPkcs1GetKlass: ++ * ++ * The RSA-PKCS1 key transport transform klass. ++ * ++ * Returns RSA-PKCS1 key transport transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformRsaPkcs1GetKlass(void) { ++ return(&xmlSecNssRsaPkcs1Klass); ++} ++ ++/** ++ * xmlSecNssTransformRsaOaepGetKlass: ++ * ++ * The RSA-PKCS1 key transport transform klass. ++ * ++ * Returns RSA-PKCS1 key transport transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformRsaOaepGetKlass(void) { ++ return(&xmlSecNssRsaOaepKlass); ++} ++ ++#endif /* XMLSEC_NO_RSA */ ++ +--- misc/xmlsec1-1.2.6/src/nss/keywrapers.c 2008-06-29 23:44:40.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,1213 @@ +-dummy ++/** ++ * ++ * XMLSec library ++ * ++ * AES Algorithm support ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright ................................. ++ */ ++#include "globals.h" ++ ++#include <stdlib.h> ++#include <stdio.h> ++#include <string.h> ++ ++#include <nss.h> ++#include <pk11func.h> ++#include <hasht.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/xmltree.h> ++#include <xmlsec/keys.h> ++#include <xmlsec/transforms.h> ++#include <xmlsec/errors.h> ++ ++#include <xmlsec/nss/crypto.h> ++#include <xmlsec/nss/ciphers.h> ++ ++#define XMLSEC_NSS_AES128_KEY_SIZE 16 ++#define XMLSEC_NSS_AES192_KEY_SIZE 24 ++#define XMLSEC_NSS_AES256_KEY_SIZE 32 ++#define XMLSEC_NSS_DES3_KEY_SIZE 24 ++#define XMLSEC_NSS_DES3_KEY_LENGTH 24 ++#define XMLSEC_NSS_DES3_IV_LENGTH 8 ++#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 ++ ++static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { ++ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 ++}; ++ ++/********************************************************************* ++ * ++ * key wrap transforms ++ * ++ ********************************************************************/ ++typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; ++typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; ++ ++#define xmlSecNssKeyWrapSize \ ++ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) ++ ++#define xmlSecNssKeyWrapGetCtx( transform ) \ ++ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ++ ++struct _xmlSecNssKeyWrapCtx { ++ CK_MECHANISM_TYPE cipher ; ++ PK11SymKey* symkey ; ++ xmlSecKeyDataId keyId ; ++ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ ++} ; ++ ++static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); ++static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); ++static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, ++ xmlSecKeyReqPtr keyReq); ++static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, ++ xmlSecKeyPtr key); ++static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, ++ int last, ++ xmlSecTransformCtxPtr transformCtx); ++static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); ++ ++static int ++xmlSecNssKeyWrapCheckId( ++ xmlSecTransformPtr transform ++) { ++ #ifndef XMLSEC_NO_DES ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { ++ return(1); ++ } ++ #endif /* XMLSEC_NO_DES */ ++ ++ #ifndef XMLSEC_NO_AES ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || ++ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || ++ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { ++ ++ return(1); ++ } ++ #endif /* XMLSEC_NO_AES */ ++ ++ return(0); ++} ++ ++static xmlSecSize ++xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { ++#ifndef XMLSEC_NO_DES ++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { ++ return(XMLSEC_NSS_DES3_KEY_SIZE); ++ } else ++#endif /* XMLSEC_NO_DES */ ++ ++#ifndef XMLSEC_NO_AES ++ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { ++ return(XMLSEC_NSS_AES128_KEY_SIZE); ++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { ++ return(XMLSEC_NSS_AES192_KEY_SIZE); ++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { ++ return(XMLSEC_NSS_AES256_KEY_SIZE); ++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { ++ return(XMLSEC_NSS_AES256_KEY_SIZE); ++ } else ++#endif /* XMLSEC_NO_AES */ ++ ++ if(1) ++ return(0); ++} ++ ++ ++static int ++xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { ++ xmlSecNssKeyWrapCtxPtr context ; ++ int ret; ++ ++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ++ ++ context = xmlSecNssKeyWrapGetCtx( transform ) ; ++ xmlSecAssert2( context != NULL , -1 ) ; ++ ++ #ifndef XMLSEC_NO_DES ++ if( transform->id == xmlSecNssTransformKWDes3Id ) { ++ context->cipher = CKM_DES3_CBC ; ++ context->keyId = xmlSecNssKeyDataDesId ; ++ } else ++ #endif /* XMLSEC_NO_DES */ ++ ++ #ifndef XMLSEC_NO_AES ++ if( transform->id == xmlSecNssTransformKWAes128Id ) { ++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ if( transform->id == xmlSecNssTransformKWAes192Id ) { ++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ if( transform->id == xmlSecNssTransformKWAes256Id ) { ++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ++ context->cipher = CKM_AES_CBC ; ++ context->keyId = xmlSecNssKeyDataAesId ; ++ } else ++ #endif /* XMLSEC_NO_AES */ ++ ++ ++ if( 1 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ context->symkey = NULL ; ++ context->material = NULL ; ++ ++ return(0); ++} ++ ++static void ++xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { ++ xmlSecNssKeyWrapCtxPtr context ; ++ ++ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); ++ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); ++ ++ context = xmlSecNssKeyWrapGetCtx( transform ) ; ++ xmlSecAssert( context != NULL ) ; ++ ++ if( context->symkey != NULL ) { ++ PK11_FreeSymKey( context->symkey ) ; ++ context->symkey = NULL ; ++ } ++ ++ if( context->material != NULL ) { ++ xmlSecBufferDestroy(context->material); ++ context->material = NULL ; ++ } ++} ++ ++static int ++xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { ++ xmlSecNssKeyWrapCtxPtr context ; ++ xmlSecSize cipherSize = 0 ; ++ ++ ++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ++ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ++ xmlSecAssert2(keyReq != NULL, -1); ++ ++ context = xmlSecNssKeyWrapGetCtx( transform ) ; ++ xmlSecAssert2( context != NULL , -1 ) ; ++ ++ keyReq->keyId = context->keyId; ++ keyReq->keyType = xmlSecKeyDataTypeSymmetric; ++ if(transform->operation == xmlSecTransformOperationEncrypt) { ++ keyReq->keyUsage = xmlSecKeyUsageEncrypt; ++ } else { ++ keyReq->keyUsage = xmlSecKeyUsageDecrypt; ++ } ++ ++ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ++ xmlSecNssKeyWrapCtxPtr context = NULL ; ++ xmlSecKeyDataPtr keyData = NULL ; ++ PK11SymKey* symkey = NULL ; ++ ++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ++ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ++ xmlSecAssert2(key != NULL, -1); ++ ++ context = xmlSecNssKeyWrapGetCtx( transform ) ; ++ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyWrapGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ++ ++ keyData = xmlSecKeyGetValue( key ) ; ++ if( keyData == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ++ "xmlSecKeyGetValue" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ++ "xmlSecNssSymKeyDataGetKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ context->symkey = symkey ; ++ ++ return(0) ; ++} ++ ++/** ++ * key wrap transform ++ */ ++static int ++xmlSecNssKeyWrapCtxInit( ++ xmlSecNssKeyWrapCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ xmlSecSize blockSize ; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ if( ctx->material != NULL ) { ++ xmlSecBufferDestroy( ctx->material ) ; ++ ctx->material = NULL ; ++ } ++ ++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ ctx->material = xmlSecBufferCreate( blockSize ) ; ++ if( ctx->material == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ /* read raw key material into context */ ++ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferSetData" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ return(0); ++} ++ ++/** ++ * key wrap transform update ++ */ ++static int ++xmlSecNssKeyWrapCtxUpdate( ++ xmlSecNssKeyWrapCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( ctx->material != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ /* read raw key material and append into context */ ++ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferAppend" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { ++ xmlSecSize s; ++ xmlSecSize i; ++ xmlSecByte c; ++ ++ xmlSecAssert2(buf != NULL, -1); ++ ++ s = size / 2; ++ --size; ++ for(i = 0; i < s; ++i) { ++ c = buf[i]; ++ buf[i] = buf[size - i]; ++ buf[size - i] = c; ++ } ++ return(0); ++} ++ ++static xmlSecByte * ++xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, ++ xmlSecByte *out, xmlSecSize outSize) ++{ ++ PK11Context *context = NULL; ++ SECStatus s; ++ xmlSecByte *digest = NULL; ++ unsigned int len; ++ ++ xmlSecAssert2(in != NULL, NULL); ++ xmlSecAssert2(out != NULL, NULL); ++ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); ++ ++ /* Create a context for hashing (digesting) */ ++ context = PK11_CreateDigestContext(SEC_OID_SHA1); ++ if (context == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_CreateDigestContext", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ s = PK11_DigestBegin(context); ++ if (s != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_DigestBegin", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ s = PK11_DigestOp(context, in, inSize); ++ if (s != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_DigestOp", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ s = PK11_DigestFinal(context, out, &len, outSize); ++ if (s != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_DigestFinal", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code = %d", PORT_GetError()); ++ goto done; ++ } ++ xmlSecAssert2(len == SHA1_LENGTH, NULL); ++ ++ digest = out; ++ ++done: ++ if (context != NULL) { ++ PK11_DestroyContext(context, PR_TRUE); ++ } ++ return (digest); ++} ++ ++static int ++xmlSecNssKWDes3Encrypt( ++ PK11SymKey* symKey , ++ CK_MECHANISM_TYPE cipherMech , ++ const xmlSecByte* iv , ++ xmlSecSize ivSize , ++ const xmlSecByte* in , ++ xmlSecSize inSize , ++ xmlSecByte* out , ++ xmlSecSize outSize , ++ int enc ++) { ++ PK11Context* EncContext = NULL; ++ SECItem ivItem ; ++ SECItem* secParam = NULL ; ++ int tmp1_outlen; ++ unsigned int tmp2_outlen; ++ int result_len = -1; ++ SECStatus rv; ++ ++ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( symKey != NULL , -1 ) ; ++ xmlSecAssert2(iv != NULL, -1); ++ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); ++ xmlSecAssert2(in != NULL, -1); ++ xmlSecAssert2(inSize > 0, -1); ++ xmlSecAssert2(out != NULL, -1); ++ xmlSecAssert2(outSize >= inSize, -1); ++ ++ /* Prepare IV */ ++ ivItem.data = ( unsigned char* )iv ; ++ ivItem.len = ivSize ; ++ ++ secParam = PK11_ParamFromIV(cipherMech, &ivItem); ++ if (secParam == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_ParamFromIV", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "Error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ EncContext = PK11_CreateContextBySymKey(cipherMech, ++ enc ? CKA_ENCRYPT : CKA_DECRYPT, ++ symKey, secParam); ++ if (EncContext == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_CreateContextBySymKey", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "Error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ tmp1_outlen = tmp2_outlen = 0; ++ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, ++ (unsigned char *)in, inSize); ++ if (rv != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_CipherOp", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "Error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, ++ &tmp2_outlen, outSize-tmp1_outlen); ++ if (rv != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_DigestFinal", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "Error code = %d", PORT_GetError()); ++ goto done; ++ } ++ ++ result_len = tmp1_outlen + tmp2_outlen; ++ ++done: ++ if (secParam) { ++ SECITEM_FreeItem(secParam, PR_TRUE); ++ } ++ if (EncContext) { ++ PK11_DestroyContext(EncContext, PR_TRUE); ++ } ++ ++ return(result_len); ++} ++ ++static int ++xmlSecNssKeyWrapDesOp( ++ xmlSecNssKeyWrapCtxPtr ctx , ++ int encrypt , ++ xmlSecBufferPtr result ++) { ++ xmlSecByte sha1[SHA1_LENGTH]; ++ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; ++ xmlSecByte* in; ++ xmlSecSize inSize; ++ xmlSecByte* out; ++ xmlSecSize outSize; ++ xmlSecSize s; ++ int ret; ++ SECStatus status; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( ctx->material != NULL , -1 ) ; ++ xmlSecAssert2( result != NULL , -1 ) ; ++ ++ in = xmlSecBufferGetData(ctx->material); ++ inSize = xmlSecBufferGetSize(ctx->material) ; ++ out = xmlSecBufferGetData(result); ++ outSize = xmlSecBufferGetMaxSize(result) ; ++ if( encrypt ) { ++ /* step 2: calculate sha1 and CMS */ ++ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssComputeSHA1", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ /* step 3: construct WKCKS */ ++ memcpy(out, in, inSize); ++ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); ++ ++ /* step 4: generate random iv */ ++ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); ++ if(status != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PK11_GenerateRandom", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code = %d", PORT_GetError()); ++ return(-1); ++ } ++ ++ /* step 5: first encryption, result is TEMP1 */ ++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ++ iv, XMLSEC_NSS_DES3_IV_LENGTH, ++ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, ++ out, outSize, 1); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3Encrypt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ /* step 6: construct TEMP2=IV || TEMP1 */ ++ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, ++ inSize + XMLSEC_NSS_DES3_IV_LENGTH); ++ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); ++ s = ret + XMLSEC_NSS_DES3_IV_LENGTH; ++ ++ /* step 7: reverse octets order, result is TEMP3 */ ++ ret = xmlSecNssKWDes3BufferReverse(out, s); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3BufferReverse", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ /* step 8: second encryption with static IV */ ++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ++ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, ++ out, s, ++ out, outSize, 1); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3Encrypt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ s = ret; ++ ++ if( xmlSecBufferSetSize( result , s ) < 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBufferSetSize", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ } else { ++ /* step 2: first decryption with static IV, result is TEMP3 */ ++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ++ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, ++ in, inSize, ++ out, outSize, 0); ++ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3Encrypt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ s = ret; ++ ++ /* step 3: reverse octets order in TEMP3, result is TEMP2 */ ++ ret = xmlSecNssKWDes3BufferReverse(out, s); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3BufferReverse", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ ++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ++ out, XMLSEC_NSS_DES3_IV_LENGTH, ++ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, ++ out, outSize, 0); ++ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssKWDes3Encrypt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ s = ret - XMLSEC_NSS_DES3_IV_LENGTH; ++ ++ /* steps 6 and 7: calculate SHA1 and validate it */ ++ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecNssComputeSHA1", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ NULL, ++ XMLSEC_ERRORS_R_INVALID_DATA, ++ "SHA1 does not match"); ++ return(-1); ++ } ++ ++ if( xmlSecBufferSetSize( result , s ) < 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBufferSetSize", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ } ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKeyWrapAesOp( ++ xmlSecNssKeyWrapCtxPtr ctx , ++ int encrypt , ++ xmlSecBufferPtr result ++) { ++ PK11Context* cipherCtx = NULL; ++ SECItem ivItem ; ++ SECItem* secParam = NULL ; ++ xmlSecSize inSize ; ++ xmlSecSize inBlocks ; ++ int blockSize ; ++ int midSize ; ++ int finSize ; ++ xmlSecByte* out ; ++ xmlSecSize outSize; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( ctx->material != NULL , -1 ) ; ++ xmlSecAssert2( result != NULL , -1 ) ; ++ ++ /* Do not set any IV */ ++ memset(&ivItem, 0, sizeof(ivItem)); ++ ++ /* Get block size */ ++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ inSize = xmlSecBufferGetSize( ctx->material ) ; ++ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferSetMaxSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ /* Get Param for context initialization */ ++ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_ParamFromIV" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; ++ if( cipherCtx == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_CreateContextBySymKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ SECITEM_FreeItem( secParam , PR_TRUE ) ; ++ return(-1); ++ } ++ ++ out = xmlSecBufferGetData(result) ; ++ outSize = xmlSecBufferGetMaxSize(result) ; ++ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_CipherOp" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_DigestFinal" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferSetSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ return 0 ; ++} ++ ++/** ++ * Block cipher transform final ++ */ ++static int ++xmlSecNssKeyWrapCtxFinal( ++ xmlSecNssKeyWrapCtxPtr ctx , ++ xmlSecBufferPtr in , ++ xmlSecBufferPtr out , ++ int encrypt , ++ xmlSecTransformCtxPtr transformCtx ++) { ++ PK11SymKey* targetKey ; ++ xmlSecSize blockSize ; ++ xmlSecBufferPtr result ; ++ ++ xmlSecAssert2( ctx != NULL , -1 ) ; ++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ++ xmlSecAssert2( ctx->material != NULL , -1 ) ; ++ xmlSecAssert2( in != NULL , -1 ) ; ++ xmlSecAssert2( out != NULL , -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ /* read raw key material and append into context */ ++ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferAppend" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ /* Now we get all of the key materail */ ++ /* from now on we will wrap or unwrap the key */ ++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "PK11_GetBlockSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ result = xmlSecBufferCreate( blockSize ) ; ++ if( result == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ switch( ctx->cipher ) { ++ case CKM_DES3_CBC : ++ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssKeyWrapDesOp" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ break ; ++ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ ++ case CKM_AES_CBC : ++ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssKeyWrapAesOp" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ break ; ++ } ++ ++ /* Write output */ ++ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecBufferAppend" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecBufferDestroy(result); ++ return(-1); ++ } ++ xmlSecBufferDestroy(result); ++ ++ return(0); ++} ++ ++static int ++xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { ++ xmlSecNssKeyWrapCtxPtr context = NULL ; ++ xmlSecBufferPtr inBuf, outBuf ; ++ int operation ; ++ int rtv ; ++ ++ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; ++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; ++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ++ xmlSecAssert2( transformCtx != NULL , -1 ) ; ++ ++ context = xmlSecNssKeyWrapGetCtx( transform ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyWrapGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ inBuf = &( transform->inBuf ) ; ++ outBuf = &( transform->outBuf ) ; ++ ++ if( transform->status == xmlSecTransformStatusNone ) { ++ transform->status = xmlSecTransformStatusWorking ; ++ } ++ ++ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ++ if( transform->status == xmlSecTransformStatusWorking ) { ++ if( context->material == NULL ) { ++ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyWrapCtxInit" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ } ++ ++ if( context->material == NULL && last != 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "No enough data to intialize transform" ) ; ++ return(-1); ++ } ++ ++ if( context->material != NULL ) { ++ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyWrapCtxUpdate" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ } ++ ++ if( last ) { ++ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; ++ if( rtv < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ "xmlSecNssKeyWrapCtxFinal" , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ transform->status = xmlSecTransformStatusFinished ; ++ } ++ } else if( transform->status == xmlSecTransformStatusFinished ) { ++ if( xmlSecBufferGetSize( inBuf ) != 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "status=%d", transform->status ) ; ++ return(-1); ++ } ++ } else { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ++ NULL , ++ XMLSEC_ERRORS_R_INVALID_STATUS , ++ "status=%d", transform->status ) ; ++ return(-1); ++ } ++ ++ return(0); ++} ++ ++#ifndef XMLSEC_NO_AES ++ ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { ++#else ++static xmlSecTransformKlass xmlSecNssKWAes128Klass = { ++#endif ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameKWAes128, /* const xmlChar* name; */ ++ xmlSecHrefKWAes128, /* const xmlChar* href; */ ++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ++ ++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { ++#else ++static xmlSecTransformKlass xmlSecNssKWAes192Klass = { ++#endif ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameKWAes192, /* const xmlChar* name; */ ++ xmlSecHrefKWAes192, /* const xmlChar* href; */ ++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ++ ++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { ++#else ++static xmlSecTransformKlass xmlSecNssKWAes256Klass = { ++#endif ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameKWAes256, /* const xmlChar* name; */ ++ xmlSecHrefKWAes256, /* const xmlChar* href; */ ++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ++ ++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++/** ++ * xmlSecNssTransformKWAes128GetKlass: ++ * ++ * The AES-128 key wrapper transform klass. ++ * ++ * Returns AES-128 key wrapper transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformKWAes128GetKlass(void) { ++ return(&xmlSecNssKWAes128Klass); ++} ++ ++/** ++ * xmlSecNssTransformKWAes192GetKlass: ++ * ++ * The AES-192 key wrapper transform klass. ++ * ++ * Returns AES-192 key wrapper transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformKWAes192GetKlass(void) { ++ return(&xmlSecNssKWAes192Klass); ++} ++ ++/** ++ * ++ * The AES-256 key wrapper transform klass. ++ * ++ * Returns AES-256 key wrapper transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformKWAes256GetKlass(void) { ++ return(&xmlSecNssKWAes256Klass); ++} ++ ++#endif /* XMLSEC_NO_AES */ ++ ++ ++#ifndef XMLSEC_NO_DES ++ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { ++#else ++static xmlSecTransformKlass xmlSecNssKWDes3Klass = { ++#endif ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameKWDes3, /* const xmlChar* name; */ ++ xmlSecHrefKWDes3, /* const xmlChar* href; */ ++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ++ ++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++/** ++ * xmlSecNssTransformKWDes3GetKlass: ++ * ++ * The Triple DES key wrapper transform klass. ++ * ++ * Returns Triple DES key wrapper transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformKWDes3GetKlass(void) { ++ return(&xmlSecNssKWDes3Klass); ++} ++ ++#endif /* XMLSEC_NO_DES */ ++ +--- misc/xmlsec1-1.2.6/src/nss/pkikeys.c 2004-03-17 06:06:45.000000000 +0100 ++++ misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c 2008-06-29 23:44:19.000000000 +0200 +@@ -5,6 +5,7 @@ + * distribution for preciese wording. + * + * Copyright (c) 2003 America Online, Inc. All rights reserved. ++ * Copyright ........................... + */ + #include "globals.h" + +@@ -24,6 +25,7 @@ + #include <xmlsec/nss/crypto.h> + #include <xmlsec/nss/bignum.h> + #include <xmlsec/nss/pkikeys.h> ++#include <xmlsec/nss/tokens.h> + + /************************************************************************** + * +@@ -98,14 +100,13 @@ + { + xmlSecAssert(ctx != NULL); + if (ctx->privkey != NULL) { +- SECKEY_DestroyPrivateKey(ctx->privkey); +- ctx->privkey = NULL; ++ SECKEY_DestroyPrivateKey(ctx->privkey); ++ ctx->privkey = NULL; + } + +- if (ctx->pubkey) +- { +- SECKEY_DestroyPublicKey(ctx->pubkey); +- ctx->pubkey = NULL; ++ if (ctx->pubkey) { ++ SECKEY_DestroyPublicKey(ctx->pubkey); ++ ctx->pubkey = NULL; + } + + } +@@ -115,29 +116,32 @@ + xmlSecNssPKIKeyDataCtxPtr ctxSrc) + { + xmlSecNSSPKIKeyDataCtxFree(ctxDst); ++ ctxDst->privkey = NULL ; ++ ctxDst->pubkey = NULL ; + if (ctxSrc->privkey != NULL) { +- ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); +- if(ctxDst->privkey == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "SECKEY_CopyPrivateKey", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } ++ ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); ++ if(ctxDst->privkey == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "SECKEY_CopyPrivateKey", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code=%d", PORT_GetError()); ++ return(-1); ++ } + } + + if (ctxSrc->pubkey != NULL) { +- ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); +- if(ctxDst->pubkey == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "SECKEY_CopyPublicKey", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } ++ ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); ++ if(ctxDst->pubkey == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "SECKEY_CopyPublicKey", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code=%d", PORT_GetError()); ++ return(-1); ++ } + } ++ + return (0); + } + +@@ -147,20 +151,41 @@ + SECKEYPublicKey *pubkey) + { + xmlSecNssPKIKeyDataCtxPtr ctx; ++ KeyType pubType = nullKey ; ++ KeyType priType = nullKey ; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); + ++ if( privkey != NULL ) { ++ priType = SECKEY_GetPrivateKeyType( privkey ) ; ++ } ++ ++ if( pubkey != NULL ) { ++ pubType = SECKEY_GetPublicKeyType( pubkey ) ; ++ } ++ ++ if( priType != nullKey && pubType != nullKey ) { ++ if( pubType != priType ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "different type of private and public key" ) ; ++ return -1 ; ++ } ++ } ++ + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + if (ctx->privkey) { +- SECKEY_DestroyPrivateKey(ctx->privkey); ++ SECKEY_DestroyPrivateKey(ctx->privkey); + } + ctx->privkey = privkey; + + if (ctx->pubkey) { +- SECKEY_DestroyPublicKey(ctx->pubkey); ++ SECKEY_DestroyPublicKey(ctx->pubkey); + } + ctx->pubkey = pubkey; + +@@ -183,61 +208,75 @@ + { + xmlSecKeyDataPtr data = NULL; + int ret; +- KeyType kt; +- +- if (pubkey != NULL) { +- kt = SECKEY_GetPublicKeyType(pubkey); +- } else { +- kt = SECKEY_GetPrivateKeyType(privkey); +- pubkey = SECKEY_ConvertToPublicKey(privkey); +- } ++ KeyType pubType = nullKey ; ++ KeyType priType = nullKey ; + +- switch(kt) { ++ if( privkey != NULL ) { ++ priType = SECKEY_GetPrivateKeyType( privkey ) ; ++ } ++ ++ if( pubkey != NULL ) { ++ pubType = SECKEY_GetPublicKeyType( pubkey ) ; ++ } ++ ++ if( priType != nullKey && pubType != nullKey ) { ++ if( pubType != priType ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "different type of private and public key" ) ; ++ return( NULL ) ; ++ } ++ } ++ ++ pubType = priType != nullKey ? priType : pubType ; ++ switch(pubType) { + #ifndef XMLSEC_NO_RSA + case rsaKey: +- data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); +- if(data == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyDataCreate", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "xmlSecNssKeyDataRsaId"); +- return(NULL); +- } +- break; ++ data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); ++ if(data == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecKeyDataCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "xmlSecNssKeyDataRsaId"); ++ return(NULL); ++ } ++ break; + #endif /* XMLSEC_NO_RSA */ + #ifndef XMLSEC_NO_DSA + case dsaKey: +- data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); +- if(data == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyDataCreate", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "xmlSecNssKeyDataDsaId"); +- return(NULL); +- } +- break; ++ data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); ++ if(data == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecKeyDataCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "xmlSecNssKeyDataDsaId"); ++ return(NULL); ++ } ++ break; + #endif /* XMLSEC_NO_DSA */ + default: +- xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_TYPE, +- "PKI key type %d not supported", kt); +- return(NULL); ++ "PKI key type %d not supported", pubType); ++ return(NULL); + } + + xmlSecAssert2(data != NULL, NULL); + ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); + if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssPKIKeyDataAdoptKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +- xmlSecKeyDataDestroy(data); +- return(NULL); ++ xmlSecKeyDataDestroy(data); ++ return(NULL); + } + return(data); + } +@@ -263,7 +302,7 @@ + xmlSecAssert2(ctx != NULL, NULL); + xmlSecAssert2(ctx->pubkey != NULL, NULL); + +- ret = SECKEY_CopyPublicKey(ctx->pubkey); ++ ret = SECKEY_CopyPublicKey(ctx->pubkey); + return(ret); + } + +@@ -312,9 +351,9 @@ + xmlSecAssert2(ctx != NULL, nullKey); + + if (ctx->pubkey != NULL) { +- kt = SECKEY_GetPublicKeyType(ctx->pubkey); ++ kt = SECKEY_GetPublicKeyType(ctx->pubkey); + } else { +- kt = SECKEY_GetPrivateKeyType(ctx->privkey); ++ kt = SECKEY_GetPrivateKeyType(ctx->privkey); + } + return(kt); + } +@@ -453,7 +492,11 @@ + static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data, + FILE* output); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecNssPKIKeyDataSize, + +@@ -553,13 +596,13 @@ + goto done; + } + +- slot = PK11_GetBestSlot(CKM_DSA, NULL); ++ slot = xmlSecNssSlotGet(CKM_DSA); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "PK11_GetBestSlot", ++ "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + ret = -1; + goto done; + } +@@ -570,7 +613,7 @@ + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_NewArena", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + ret = -1; + goto done; + } +@@ -582,7 +625,7 @@ + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_ArenaZAlloc", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + PORT_FreeArena(arena, PR_FALSE); + ret = -1; + goto done; +@@ -750,21 +793,21 @@ + goto done; + } + data = NULL; +- + ret = 0; + + done: + if (slot != NULL) { +- PK11_FreeSlot(slot); ++ PK11_FreeSlot(slot); + } +- if (ret != 0) { +- if (pubkey != NULL) { +- SECKEY_DestroyPublicKey(pubkey); +- } +- if (data != NULL) { +- xmlSecKeyDataDestroy(data); +- } ++ ++ if (pubkey != NULL) { ++ SECKEY_DestroyPublicKey(pubkey); ++ } ++ ++ if (data != NULL) { ++ xmlSecKeyDataDestroy(data); + } ++ + return(ret); + } + +@@ -783,7 +826,7 @@ + + ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ + + if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { + /* we can have only private key or public key */ +@@ -905,7 +948,8 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_PQG_ParamGen", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", sizeBits); ++ "size=%d, error code=%d", sizeBits, PORT_GetError()); ++ ret = -1; + goto done; + } + +@@ -915,11 +959,12 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_PQG_VerifyParams", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", sizeBits); ++ "size=%d, error code=%d", sizeBits, PORT_GetError()); ++ ret = -1; + goto done; + } + +- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); ++ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); + PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, + &pubkey, PR_FALSE, PR_TRUE, NULL); +@@ -929,8 +974,9 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_GenerateKeyPair", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); - return(xmlSecKeyDataTypeUnknown); ---- 1024,1034 ---- - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ - if (ctx->privkey != NULL) { -! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); -! } else if( ctx->pubkey != NULL ) { -! return(xmlSecKeyDataTypePublic); - } ++ ret = -1; + goto done; + } + +@@ -943,29 +989,32 @@ + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } +- ++ privkey = NULL ; ++ pubkey = NULL ; + ret = 0; + + done: + if (slot != NULL) { +- PK11_FreeSlot(slot); ++ PK11_FreeSlot(slot); + } ++ + if (pqgParams != NULL) { +- PK11_PQG_DestroyParams(pqgParams); ++ PK11_PQG_DestroyParams(pqgParams); + } ++ + if (pqgVerify != NULL) { +- PK11_PQG_DestroyVerify(pqgVerify); +- } +- if (ret == 0) { +- return (0); ++ PK11_PQG_DestroyVerify(pqgVerify); + } ++ + if (pubkey != NULL) { +- SECKEY_DestroyPublicKey(pubkey); ++ SECKEY_DestroyPublicKey(pubkey); + } ++ + if (privkey != NULL) { +- SECKEY_DestroyPrivateKey(privkey); ++ SECKEY_DestroyPrivateKey(privkey); + } +- return(-1); ++ ++ return(ret); + } + + static xmlSecKeyDataType +@@ -975,11 +1024,11 @@ + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ + if (ctx->privkey != NULL) { +- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); +- } else { +- return(xmlSecKeyDataTypePublic); ++ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); ++ } else if( ctx->pubkey != NULL ) { ++ return(xmlSecKeyDataTypePublic); + } + + return(xmlSecKeyDataTypeUnknown); +@@ -992,7 +1041,7 @@ + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ + + return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); + } +@@ -1084,7 +1133,11 @@ + static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data, + FILE* output); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecNssPKIKeyDataSize, + +@@ -1181,13 +1234,13 @@ + goto done; + } + +- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); ++ slot = xmlSecNssSlotGet(CKM_RSA_PKCS); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "PK11_GetBestSlot", ++ "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + ret = -1; + goto done; + } +@@ -1198,7 +1251,7 @@ + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_NewArena", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + ret = -1; + goto done; + } +@@ -1210,7 +1263,7 @@ + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_ArenaZAlloc", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + PORT_FreeArena(arena, PR_FALSE); + ret = -1; + goto done; +@@ -1349,7 +1402,7 @@ + + ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ + + + if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { +@@ -1420,7 +1473,7 @@ + params.keySizeInBits = sizeBits; + params.pe = 65537; + +- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); ++ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); + PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, + &pubkey, PR_FALSE, PR_TRUE, NULL); +@@ -1430,7 +1483,7 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_GenerateKeyPair", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); - return(xmlSecKeyDataTypeUnknown); -*************** -*** 992,998 **** - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); - - return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); - } ---- 1041,1047 ---- - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ - - return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); - } -*************** -*** 1084,1090 **** ---- 1133,1143 ---- - static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data, - FILE* output); - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), - xmlSecNssPKIKeyDataSize, - -*************** -*** 1181,1193 **** - goto done; - } - -! slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - ret = -1; - goto done; - } ---- 1234,1246 ---- - goto done; - } - -! slot = xmlSecNssSlotGet(CKM_RSA_PKCS); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - ret = -1; - goto done; - } -*************** -*** 1198,1204 **** - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - ret = -1; - goto done; - } ---- 1251,1257 ---- - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - ret = -1; - goto done; - } -*************** -*** 1210,1216 **** - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - PORT_FreeArena(arena, PR_FALSE); - ret = -1; - goto done; ---- 1263,1269 ---- - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - PORT_FreeArena(arena, PR_FALSE); - ret = -1; - goto done; -*************** -*** 1349,1355 **** - - ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); - - - if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { ---- 1402,1408 ---- - - ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ - - - if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { -*************** -*** 1420,1426 **** - params.keySizeInBits = sizeBits; - params.pe = 65537; - -! slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); - privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, - &pubkey, PR_FALSE, PR_TRUE, NULL); ---- 1473,1479 ---- - params.keySizeInBits = sizeBits; - params.pe = 65537; - -! slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); - privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, - &pubkey, PR_FALSE, PR_TRUE, NULL); -*************** -*** 1430,1436 **** - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - - goto done; - } ---- 1483,1489 ---- - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - - goto done; - } -*************** -*** 1472,1478 **** - - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); - if (ctx->privkey != NULL) { - return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); - } else { ---- 1525,1531 ---- - - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ - if (ctx->privkey != NULL) { - return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); - } else { -*************** -*** 1490,1496 **** - - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); - - return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); - } ---- 1543,1549 ---- - - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ - - return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); - } -*** misc/xmlsec1-1.2.6/src/nss/signatures.c Fri Sep 26 02:58:15 2003 ---- misc/build/xmlsec1-1.2.6/src/nss/signatures.c Fri May 11 14:47:20 2007 -*************** -*** 199,205 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_NewContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } else { ---- 199,205 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_NewContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - } else { -*************** -*** 222,228 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_CreateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } ---- 222,228 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_CreateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - } -*************** -*** 282,288 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Update, VFY_End", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - - if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { - xmlSecError(XMLSEC_ERRORS_HERE, ---- 282,288 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Update, VFY_End", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - - if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { - xmlSecError(XMLSEC_ERRORS_HERE, -*************** -*** 341,347 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } else { ---- 341,347 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - } else { -*************** -*** 351,357 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } ---- 351,357 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - } -*************** -*** 368,374 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } else { ---- 368,374 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - } else { -*************** -*** 378,384 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } ---- 378,384 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - } -*************** -*** 404,410 **** - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_End", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ---- 404,410 ---- - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_End", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - -*************** -*** 459,465 **** ---- 459,469 ---- - * - ***************************************************************************/ - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecNssDsaSha1Klass = { -+ #else - static xmlSecTransformKlass xmlSecNssDsaSha1Klass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssSignatureSize, /* xmlSecSize objSize */ -*************** -*** 506,512 **** ---- 510,520 ---- - * RSA-SHA1 signature transform - * - ***************************************************************************/ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecTransformKlass xmlSecNssRsaSha1Klass = { -+ #else - static xmlSecTransformKlass xmlSecNssRsaSha1Klass = { -+ #endif - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssSignatureSize, /* xmlSecSize objSize */ -*** misc/xmlsec1-1.2.6/src/nss/symkeys.c Mon Jul 21 05:12:52 2003 ---- misc/build/xmlsec1-1.2.6/src/nss/symkeys.c Fri May 11 14:47:20 2007 -*************** -*** 15,192 **** - #include <stdio.h> - #include <string.h> - - #include <xmlsec/xmlsec.h> - #include <xmlsec/xmltree.h> - #include <xmlsec/keys.h> - #include <xmlsec/keyinfo.h> - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> - - /***************************************************************************** - * -! * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary - * - ****************************************************************************/ -! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); -! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, -! xmlSecKeyDataPtr src); -! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); -! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, -! xmlSecKeyPtr key, -! xmlNodePtr node, -! xmlSecKeyInfoCtxPtr keyInfoCtx); -! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, -! xmlSecKeyPtr key, -! xmlNodePtr node, -! xmlSecKeyInfoCtxPtr keyInfoCtx); -! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, -! xmlSecKeyPtr key, -! const xmlSecByte* buf, -! xmlSecSize bufSize, -! xmlSecKeyInfoCtxPtr keyInfoCtx); -! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, -! xmlSecKeyPtr key, -! xmlSecByte** buf, -! xmlSecSize* bufSize, -! xmlSecKeyInfoCtxPtr keyInfoCtx); -! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, -! xmlSecSize sizeBits, -! xmlSecKeyDataType type); -! -! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); -! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); -! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, -! FILE* output); -! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, -! FILE* output); -! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); - - #define xmlSecNssSymKeyDataCheckId(data) \ - (xmlSecKeyDataIsValid((data)) && \ - xmlSecNssSymKeyDataKlassCheck((data)->id)) - - static int - xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); -! -! return(xmlSecKeyDataBinaryValueInitialize(data)); - } - - static int - xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); - xmlSecAssert2(dst->id == src->id, -1); -! -! return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); - } - - static void - xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); -! -! xmlSecKeyDataBinaryValueFinalize(data); - } - - static int - xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, -! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); - -! return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); - } - - static int - xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, -! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); - -! return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); - } - - static int - xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, -! const xmlSecByte* buf, xmlSecSize bufSize, -! xmlSecKeyInfoCtxPtr keyInfoCtx) { -! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); - -! return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); - } - - static int - xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, -! xmlSecByte** buf, xmlSecSize* bufSize, -! xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); - -! return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); - } - - static int - xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { -! xmlSecBufferPtr buffer; -! - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); - xmlSecAssert2(sizeBits > 0, -1); - -! buffer = xmlSecKeyDataBinaryValueGetBuffer(data); -! xmlSecAssert2(buffer != NULL, -1); -! -! return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); - } - - static xmlSecKeyDataType - xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { -! xmlSecBufferPtr buffer; - - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); - -! buffer = xmlSecKeyDataBinaryValueGetBuffer(data); -! xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); - -! return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); - } - - static xmlSecSize - xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); -! -! return(xmlSecKeyDataBinaryValueGetSize(data)); - } - - static void - xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - -! xmlSecKeyDataBinaryValueDebugDump(data, output); - } - - static void - xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - -! xmlSecKeyDataBinaryValueDebugXmlDump(data, output); - } - - static int - xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { - #ifndef XMLSEC_NO_DES - if(klass == xmlSecNssKeyDataDesId) { -! return(1); - } - #endif /* XMLSEC_NO_DES */ - - #ifndef XMLSEC_NO_AES - if(klass == xmlSecNssKeyDataAesId) { -! return(1); - } - #endif /* XMLSEC_NO_AES */ - - #ifndef XMLSEC_NO_HMAC - if(klass == xmlSecNssKeyDataHmacId) { -! return(1); - } - #endif /* XMLSEC_NO_HMAC */ - ---- 15,851 ---- - #include <stdio.h> - #include <string.h> - -+ #include <pk11func.h> -+ #include <nss.h> -+ - #include <xmlsec/xmlsec.h> - #include <xmlsec/xmltree.h> -+ #include <xmlsec/base64.h> - #include <xmlsec/keys.h> - #include <xmlsec/keyinfo.h> - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> -+ #include <xmlsec/nss/ciphers.h> -+ #include <xmlsec/nss/tokens.h> - - /***************************************************************************** - * -! * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey - * - ****************************************************************************/ -! typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; -! typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; -! -! struct _xmlSecNssSymKeyDataCtx { -! CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ -! PK11SlotInfo* slot ; /* the key resident slot */ -! PK11SymKey* symkey ; /* the symmetic key */ -! } ; -! -! #define xmlSecNssSymKeyDataSize \ -! ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) -! -! #define xmlSecNssSymKeyDataGetCtx( data ) \ -! ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) -! -! -! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); -! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, -! xmlSecKeyDataPtr src); -! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); -! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, -! xmlSecKeyPtr key, -! xmlNodePtr node, -! xmlSecKeyInfoCtxPtr keyInfoCtx); -! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, -! xmlSecKeyPtr key, -! xmlNodePtr node, -! xmlSecKeyInfoCtxPtr keyInfoCtx); -! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, -! xmlSecKeyPtr key, -! const xmlSecByte* buf, -! xmlSecSize bufSize, -! xmlSecKeyInfoCtxPtr keyInfoCtx); -! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, -! xmlSecKeyPtr key, -! xmlSecByte** buf, -! xmlSecSize* bufSize, -! xmlSecKeyInfoCtxPtr keyInfoCtx); -! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, -! xmlSecSize sizeBits, -! xmlSecKeyDataType type); -! -! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); -! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); -! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, -! FILE* output); -! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, -! FILE* output); -! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); - - #define xmlSecNssSymKeyDataCheckId(data) \ - (xmlSecKeyDataIsValid((data)) && \ - xmlSecNssSymKeyDataKlassCheck((data)->id)) - -+ /** -+ * xmlSecNssSymKeyDataAdoptKey: -+ * @data: the pointer to symmetric key data. -+ * @symkey: the symmetric key -+ * -+ * Set the value of symmetric key data. -+ * -+ * Returns 0 on success or a negative value if an error occurs. -+ */ -+ int -+ xmlSecNssSymKeyDataAdoptKey( -+ xmlSecKeyDataPtr data , -+ PK11SymKey* symkey -+ ) { -+ xmlSecNssSymKeyDataCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; -+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; -+ xmlSecAssert2( symkey != NULL, -1 ) ; -+ -+ context = xmlSecNssSymKeyDataGetCtx( data ) ; -+ xmlSecAssert2(context != NULL, -1); -+ -+ context->cipher = PK11_GetMechanism( symkey ) ; -+ -+ if( context->slot != NULL ) { -+ PK11_FreeSlot( context->slot ) ; -+ context->slot = NULL ; -+ } -+ context->slot = PK11_GetSlotFromKey( symkey ) ; -+ -+ if( context->symkey != NULL ) { -+ PK11_FreeSymKey( context->symkey ) ; -+ context->symkey = NULL ; -+ } -+ context->symkey = PK11_ReferenceSymKey( symkey ) ; -+ -+ return 0 ; -+ } -+ -+ xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( -+ PK11SymKey* symKey -+ ) { -+ xmlSecKeyDataPtr data = NULL ; -+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; -+ -+ xmlSecAssert2( symKey != NULL , NULL ) ; -+ -+ mechanism = PK11_GetMechanism( symKey ) ; -+ switch( mechanism ) { -+ case CKM_DES3_KEY_GEN : -+ case CKM_DES3_CBC : -+ case CKM_DES3_MAC : -+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyDataCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "xmlSecNssKeyDataDesId" ) ; -+ return NULL ; -+ } -+ break ; -+ case CKM_AES_KEY_GEN : -+ case CKM_AES_CBC : -+ case CKM_AES_MAC : -+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyDataCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "xmlSecNssKeyDataDesId" ) ; -+ return NULL ; -+ } -+ break ; -+ default : -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "Unsupported mechanism" ) ; -+ return NULL ; -+ } -+ -+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataAdoptKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyDataDestroy( data ) ; -+ return NULL ; -+ } -+ -+ return data ; -+ } -+ -+ -+ PK11SymKey* -+ xmlSecNssSymKeyDataGetKey( -+ xmlSecKeyDataPtr data -+ ) { -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ PK11SymKey* symkey ; -+ -+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, NULL); -+ -+ if( ctx->symkey != NULL ) { -+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ; -+ } else { -+ symkey = NULL ; -+ } -+ -+ return(symkey); -+ } -+ - static int - xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); -! xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); -! -! ctx = xmlSecNssSymKeyDataGetCtx(data); -! xmlSecAssert2(ctx != NULL, -1); -! -! memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); -! -! /* Set the block cipher mechanism */ -! #ifndef XMLSEC_NO_DES -! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { -! ctx->cipher = CKM_DES3_KEY_GEN; -! } else -! #endif /* XMLSEC_NO_DES */ -! -! #ifndef XMLSEC_NO_AES -! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { -! ctx->cipher = CKM_AES_KEY_GEN; -! } else -! #endif /* XMLSEC_NO_AES */ -! -! if(1) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! "Unsupported block cipher" ) ; -! return(-1) ; -! } -! -! return(0); - } - - static int - xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { -+ xmlSecNssSymKeyDataCtxPtr ctxDst; -+ xmlSecNssSymKeyDataCtxPtr ctxSrc; -+ - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); - xmlSecAssert2(dst->id == src->id, -1); -! -! ctxDst = xmlSecNssSymKeyDataGetCtx(dst); -! xmlSecAssert2(ctxDst != NULL, -1); -! -! ctxSrc = xmlSecNssSymKeyDataGetCtx(src); -! xmlSecAssert2(ctxSrc != NULL, -1); -! -! ctxDst->cipher = ctxSrc->cipher ; -! -! if( ctxSrc->slot != NULL ) { -! if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { -! PK11_FreeSlot( ctxDst->slot ) ; -! ctxDst->slot = NULL ; -! } -! -! if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) -! ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; -! } else { -! if( ctxDst->slot != NULL ) { -! PK11_FreeSlot( ctxDst->slot ) ; -! ctxDst->slot = NULL ; -! } -! } -! -! if( ctxSrc->symkey != NULL ) { -! if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { -! PK11_FreeSymKey( ctxDst->symkey ) ; -! ctxDst->symkey = NULL ; -! } -! -! if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) -! ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; -! } else { -! if( ctxDst->symkey != NULL ) { -! PK11_FreeSymKey( ctxDst->symkey ) ; -! ctxDst->symkey = NULL ; -! } -! } -! -! return(0); - } - - static void - xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); -! xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); -! -! ctx = xmlSecNssSymKeyDataGetCtx(data); -! xmlSecAssert(ctx != NULL); -! -! if( ctx->slot != NULL ) { -! PK11_FreeSlot( ctx->slot ) ; -! ctx->slot = NULL ; -! } -! -! if( ctx->symkey != NULL ) { -! PK11_FreeSymKey( ctx->symkey ) ; -! ctx->symkey = NULL ; -! } -! -! ctx->cipher = CKM_INVALID_MECHANISM ; - } - - static int - xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, -! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -! PK11SymKey* symKey ; -! PK11SlotInfo* slot ; -! xmlSecBufferPtr keyBuf; -! xmlSecSize len; -! xmlSecKeyDataPtr data; -! xmlSecNssSymKeyDataCtxPtr ctx; -! SECItem keyItem ; -! int ret; -! -! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); -! xmlSecAssert2(key != NULL, -1); -! xmlSecAssert2(node != NULL, -1); -! xmlSecAssert2(keyInfoCtx != NULL, -1); -! -! /* Create a new KeyData from a id */ -! data = xmlSecKeyDataCreate(id); -! if(data == NULL ) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecKeyDataCreate", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! -! ctx = xmlSecNssSymKeyDataGetCtx(data); -! xmlSecAssert2(ctx != NULL, -1); -! -! /* Create a buffer for raw symmetric key value */ -! if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecBufferCreate" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! /* Read the raw key value */ -! if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecBufferDestroy( keyBuf ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! /* Get slot */ -! slot = xmlSecNssSlotGet(ctx->cipher); -! if( slot == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssSlotGet" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecBufferDestroy( keyBuf ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! /* Wrap the raw key value SECItem */ -! keyItem.type = siBuffer ; -! keyItem.data = xmlSecBufferGetData( keyBuf ) ; -! keyItem.len = xmlSecBufferGetSize( keyBuf ) ; -! -! /* Import the raw key into slot temporalily and get the key handler*/ -! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; -! if( symKey == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "PK11_ImportSymKey" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! PK11_FreeSlot( slot ) ; -! xmlSecBufferDestroy( keyBuf ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! PK11_FreeSlot( slot ) ; -! -! /* raw key material has been copied into symKey, it isn't used any more */ -! xmlSecBufferDestroy( keyBuf ) ; - -! /* Adopt the symmetric key into key data */ -! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecKeyDataBinaryValueSetBuffer", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! PK11_FreeSymKey( symKey ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1); -! } -! /* symKey has been duplicated into data, it isn't used any more */ -! PK11_FreeSymKey( symKey ) ; -! -! /* Check value */ -! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecKeyReqMatchKeyValue", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! xmlSecKeyDataDestroy( data ) ; -! return(0); -! } -! -! ret = xmlSecKeySetValue(key, data); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecKeySetValue", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! xmlSecKeyDataDestroy( data ) ; -! return(-1); -! } -! -! return(0); - } - - static int - xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, -! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -! PK11SymKey* symKey ; -! - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -+ xmlSecAssert2(key != NULL, -1); -+ xmlSecAssert2(node != NULL, -1); -+ xmlSecAssert2(keyInfoCtx != NULL, -1); -+ -+ /* Get symmetric key from "key" */ -+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); -+ if( symKey != NULL ) { -+ SECItem* keyItem ; -+ xmlSecBufferPtr keyBuf ; -+ -+ /* Extract raw key data from symmetric key */ -+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_ExtractKeyValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ /* Get raw key data from "symKey" */ -+ keyItem = PK11_GetKeyData( symKey ) ; -+ if(keyItem == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_GetKeyData", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ /* Create key data buffer with raw kwy material */ -+ keyBuf = xmlSecBufferCreate(keyItem->len) ; -+ if(keyBuf == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecBufferCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; -+ -+ /* Write raw key material into current xml node */ -+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecBufferBase64NodeContentWrite", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecBufferDestroy(keyBuf); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ xmlSecBufferDestroy(keyBuf); -+ PK11_FreeSymKey( symKey ) ; -+ } - -! return 0 ; - } - - static int - xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, -! const xmlSecByte* buf, xmlSecSize bufSize, -! xmlSecKeyInfoCtxPtr keyInfoCtx) { -! PK11SymKey* symKey ; -! PK11SlotInfo* slot ; -! xmlSecKeyDataPtr data; -! xmlSecNssSymKeyDataCtxPtr ctx; -! SECItem keyItem ; -! int ret; - -! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); -! xmlSecAssert2(key != NULL, -1); -! xmlSecAssert2(buf != NULL, -1); -! xmlSecAssert2(bufSize != 0, -1); -! xmlSecAssert2(keyInfoCtx != NULL, -1); -! -! /* Create a new KeyData from a id */ -! data = xmlSecKeyDataCreate(id); -! if(data == NULL ) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecKeyDataCreate", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! -! ctx = xmlSecNssSymKeyDataGetCtx(data); -! xmlSecAssert2(ctx != NULL, -1); -! -! /* Get slot */ -! slot = xmlSecNssSlotGet(ctx->cipher); -! if( slot == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssSlotGet" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! /* Wrap the raw key value SECItem */ -! keyItem.type = siBuffer ; -! keyItem.data = buf ; -! keyItem.len = bufSize ; -! -! /* Import the raw key into slot temporalily and get the key handler*/ -! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; -! if( symKey == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "PK11_ImportSymKey" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! PK11_FreeSlot( slot ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1) ; -! } -! -! /* Adopt the symmetric key into key data */ -! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecKeyDataBinaryValueSetBuffer", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! PK11_FreeSymKey( symKey ) ; -! PK11_FreeSlot( slot ) ; -! xmlSecKeyDataDestroy( data ) ; -! return(-1); -! } -! /* symKey has been duplicated into data, it isn't used any more */ -! PK11_FreeSymKey( symKey ) ; -! PK11_FreeSlot( slot ) ; -! -! /* Check value */ -! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecKeyReqMatchKeyValue", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! xmlSecKeyDataDestroy( data ) ; -! return(0); -! } -! -! ret = xmlSecKeySetValue(key, data); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecKeySetValue", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! xmlSecKeyDataDestroy( data ) ; -! return(-1); -! } -! -! return(0); - } - - static int - xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, -! xmlSecByte** buf, xmlSecSize* bufSize, -! xmlSecKeyInfoCtxPtr keyInfoCtx) { -! PK11SymKey* symKey ; -! - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -+ xmlSecAssert2(key != NULL, -1); -+ xmlSecAssert2(buf != NULL, -1); -+ xmlSecAssert2(bufSize != 0, -1); -+ xmlSecAssert2(keyInfoCtx != NULL, -1); -+ -+ /* Get symmetric key from "key" */ -+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); -+ if( symKey != NULL ) { -+ SECItem* keyItem ; -+ -+ /* Extract raw key data from symmetric key */ -+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_ExtractKeyValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ /* Get raw key data from "symKey" */ -+ keyItem = PK11_GetKeyData( symKey ) ; -+ if(keyItem == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_GetKeyData", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ *bufSize = keyItem->len; -+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); -+ if( *buf == NULL ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ NULL, -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ memcpy((*buf), keyItem->data, (*bufSize)); -+ PK11_FreeSymKey( symKey ) ; -+ } - -! return 0 ; - } - - static int - xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { -! PK11SymKey* symkey ; -! PK11SlotInfo* slot ; -! xmlSecNssSymKeyDataCtxPtr ctx; -! int ret; -! - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); - xmlSecAssert2(sizeBits > 0, -1); - -! ctx = xmlSecNssSymKeyDataGetCtx(data); -! xmlSecAssert2(ctx != NULL, -1); -! -! if( sizeBits % 8 != 0 ) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! NULL, -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "Symmetric key size must be octuple"); -! return(-1); -! } -! -! /* Get slot */ -! slot = xmlSecNssSlotGet(ctx->cipher); -! if( slot == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! "xmlSecNssSlotGet" , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1) ; -! } -! -! if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -! "PK11_Authenticate" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! PK11_FreeSlot( slot ) ; -! return -1 ; -! } -! -! symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; -! if( symkey == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -! "PK11_KeyGen" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! PK11_FreeSlot( slot ) ; -! return -1 ; -! } -! -! if( ctx->slot != NULL ) { -! PK11_FreeSlot( ctx->slot ) ; -! ctx->slot = NULL ; -! } -! ctx->slot = slot ; -! -! if( ctx->symkey != NULL ) { -! PK11_FreeSymKey( ctx->symkey ) ; -! ctx->symkey = NULL ; -! } -! ctx->symkey = symkey ; -! -! return 0 ; - } - - static xmlSecKeyDataType - xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { -! xmlSecNssSymKeyDataCtxPtr context = NULL ; -! xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; - - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); -+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; - -! context = xmlSecNssSymKeyDataGetCtx( data ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -! "xmlSecNssSymKeyDataGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return xmlSecKeyDataTypeUnknown ; -! } -! -! if( context->symkey != NULL ) { -! type |= xmlSecKeyDataTypeSymmetric ; -! } else { -! type |= xmlSecKeyDataTypeUnknown ; -! } - -! return type ; - } - - static xmlSecSize - xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { -+ xmlSecNssSymKeyDataCtxPtr context ; -+ unsigned int length = 0 ; -+ - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); -! xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; -! -! context = xmlSecNssSymKeyDataGetCtx( data ) ; -! if( context == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -! "xmlSecNssSymKeyDataGetCtx" , -! XMLSEC_ERRORS_R_CRYPTO_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return 0 ; -! } -! -! if( context->symkey != NULL ) { -! length = PK11_GetKeyLength( context->symkey ) ; -! length *= 8 ; -! } -! -! return length ; - } - - static void - xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - -! /* print only size, everything else is sensitive */ -! fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , -! xmlSecKeyDataGetSize(data)) ; - } - - static void - xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - -! /* print only size, everything else is sensitive */ -! fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , -! xmlSecKeyDataGetSize(data)) ; - } - - static int - xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { - #ifndef XMLSEC_NO_DES - if(klass == xmlSecNssKeyDataDesId) { -! return(1); - } - #endif /* XMLSEC_NO_DES */ - - #ifndef XMLSEC_NO_AES - if(klass == xmlSecNssKeyDataAesId) { -! return(1); - } - #endif /* XMLSEC_NO_AES */ - - #ifndef XMLSEC_NO_HMAC - if(klass == xmlSecNssKeyDataHmacId) { -! return(1); - } - #endif /* XMLSEC_NO_HMAC */ - -*************** -*** 199,240 **** - * <xmlsec:AESKeyValue> processing - * - *************************************************************************/ - static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { - sizeof(xmlSecKeyDataKlass), -! xmlSecKeyDataBinarySize, - - /* data */ - xmlSecNameAESKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, -! /* xmlSecKeyDataUsage usage; */ -! xmlSecHrefAESKeyValue, /* const xmlChar* href; */ -! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ -! xmlSecNs, /* const xmlChar* dataNodeNs; */ - - /* constructors/destructor */ -! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - - /* get info */ -! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ - - /* read/write */ -! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ - - /* debug */ -! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ - - /* reserved for the future */ -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ - }; - - /** ---- 858,903 ---- - * <xmlsec:AESKeyValue> processing - * - *************************************************************************/ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), -! xmlSecNssSymKeyDataSize, - - /* data */ - xmlSecNameAESKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, -! /* xmlSecKeyDataUsage usage; */ -! xmlSecHrefAESKeyValue, /* const xmlChar* href; */ -! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ -! xmlSecNs, /* const xmlChar* dataNodeNs; */ - - /* constructors/destructor */ -! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - - /* get info */ -! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ - - /* read/write */ -! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ - - /* debug */ -! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ - - /* reserved for the future */ -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ - }; - - /** -*************** -*** 251,259 **** - - /** - * xmlSecNssKeyDataAesSet: -! * @data: the pointer to AES key data. -! * @buf: the pointer to key value. -! * @bufSize: the key value size (in bytes). - * - * Sets the value of AES key data. - * ---- 914,922 ---- - - /** - * xmlSecNssKeyDataAesSet: -! * @data: the pointer to AES key data. -! * @buf: the pointer to key value. -! * @bufSize: the key value size (in bytes). - * - * Sets the value of AES key data. - * -*************** -*** 280,321 **** - * <xmlsec:DESKeyValue> processing - * - *************************************************************************/ - static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { - sizeof(xmlSecKeyDataKlass), -! xmlSecKeyDataBinarySize, - - /* data */ - xmlSecNameDESKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, -! /* xmlSecKeyDataUsage usage; */ -! xmlSecHrefDESKeyValue, /* const xmlChar* href; */ -! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ -! xmlSecNs, /* const xmlChar* dataNodeNs; */ - - /* constructors/destructor */ -! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - - /* get info */ -! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ - - /* read/write */ -! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ - - /* debug */ -! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ - - /* reserved for the future */ -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ - }; - - /** ---- 943,988 ---- - * <xmlsec:DESKeyValue> processing - * - *************************************************************************/ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), -! xmlSecNssSymKeyDataSize, - - /* data */ - xmlSecNameDESKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, -! /* xmlSecKeyDataUsage usage; */ -! xmlSecHrefDESKeyValue, /* const xmlChar* href; */ -! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ -! xmlSecNs, /* const xmlChar* dataNodeNs; */ - - /* constructors/destructor */ -! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - - /* get info */ -! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ - - /* read/write */ -! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ - - /* debug */ -! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ - - /* reserved for the future */ -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ - }; - - /** -*************** -*** 332,340 **** - - /** - * xmlSecNssKeyDataDesSet: -! * @data: the pointer to DES key data. -! * @buf: the pointer to key value. -! * @bufSize: the key value size (in bytes). - * - * Sets the value of DES key data. - * ---- 999,1007 ---- - - /** - * xmlSecNssKeyDataDesSet: -! * @data: the pointer to DES key data. -! * @buf: the pointer to key value. -! * @bufSize: the key value size (in bytes). - * - * Sets the value of DES key data. - * -*************** -*** 362,403 **** - * <xmlsec:HMACKeyValue> processing - * - *************************************************************************/ - static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { - sizeof(xmlSecKeyDataKlass), -! xmlSecKeyDataBinarySize, - - /* data */ - xmlSecNameHMACKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, -! /* xmlSecKeyDataUsage usage; */ -! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ -! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ -! xmlSecNs, /* const xmlChar* dataNodeNs; */ - - /* constructors/destructor */ -! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - - /* get info */ -! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ - - /* read/write */ -! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ - - /* debug */ -! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ - - /* reserved for the future */ -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ - }; - - /** ---- 1029,1074 ---- - * <xmlsec:HMACKeyValue> processing - * - *************************************************************************/ -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), -! xmlSecNssSymKeyDataSize, - - /* data */ - xmlSecNameHMACKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, -! /* xmlSecKeyDataUsage usage; */ -! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ -! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ -! xmlSecNs, /* const xmlChar* dataNodeNs; */ - - /* constructors/destructor */ -! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ -! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ -! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ -! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - - /* get info */ -! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ -! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ -! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ - - /* read/write */ -! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ -! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ -! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ -! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ - - /* debug */ -! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ -! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ - - /* reserved for the future */ -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ - }; - - /** -*************** -*** 414,422 **** - - /** - * xmlSecNssKeyDataHmacSet: -! * @data: the pointer to HMAC key data. -! * @buf: the pointer to key value. -! * @bufSize: the key value size (in bytes). - * - * Sets the value of HMAC key data. - * ---- 1085,1093 ---- - - /** - * xmlSecNssKeyDataHmacSet: -! * @data: the pointer to HMAC key data. -! * @buf: the pointer to key value. -! * @bufSize: the key value size (in bytes). - * - * Sets the value of HMAC key data. - * -*** misc/xmlsec1-1.2.6/src/nss/tokens.c Fri May 11 14:47:47 2007 ---- misc/build/xmlsec1-1.2.6/src/nss/tokens.c Fri May 11 14:47:20 2007 -*************** -*** 1 **** -! dummy ---- 1,548 ---- -! /** -! * XMLSec library -! * -! * This is free software; see Copyright file in the source -! * distribution for preciese wording. -! * -! * Copyright.................................. -! * -! * Contributor(s): _____________________________ -! * -! */ -! -! /** -! * In order to ensure that particular crypto operation is performed on -! * particular crypto device, a subclass of xmlSecList is used to store slot and -! * mechanism information. -! * -! * In the list, a slot is bound with a mechanism. If the mechanism is available, -! * this mechanism only can perform on the slot; otherwise, it can perform on -! * every eligibl slot in the list. -! * -! * When try to find a slot for a particular mechanism, the slot bound with -! * avaliable mechanism will be looked up firstly. -! */ -! #include "globals.h" -! #include <string.h> -! -! #include <xmlsec/xmlsec.h> -! #include <xmlsec/errors.h> -! #include <xmlsec/list.h> -! -! #include <xmlsec/nss/tokens.h> -! -! int -! xmlSecNssKeySlotSetMechList( -! xmlSecNssKeySlotPtr keySlot , -! CK_MECHANISM_TYPE_PTR mechanismList -! ) { -! int counter ; -! -! xmlSecAssert2( keySlot != NULL , -1 ) ; -! -! if( keySlot->mechanismList != CK_NULL_PTR ) { -! xmlFree( keySlot->mechanismList ) ; -! -! for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -! keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -! if( keySlot->mechanismList == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( -1 ); -! } -! for( ; counter >= 0 ; counter -- ) -! *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; -! } -! -! return( 0 ); -! } -! -! int -! xmlSecNssKeySlotEnableMech( -! xmlSecNssKeySlotPtr keySlot , -! CK_MECHANISM_TYPE mechanism -! ) { -! int counter ; -! CK_MECHANISM_TYPE_PTR newList ; -! -! xmlSecAssert2( keySlot != NULL , -1 ) ; -! -! if( mechanism != CKM_INVALID_MECHANISM ) { -! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -! newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -! if( newList == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( -1 ); -! } -! *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; -! *( newList + counter ) = mechanism ; -! for( counter -= 1 ; counter >= 0 ; counter -- ) -! *( newList + counter ) = *( keySlot->mechanismList + counter ) ; -! -! xmlFree( keySlot->mechanismList ) ; -! keySlot->mechanismList = newList ; -! } -! -! return(0); -! } -! -! int -! xmlSecNssKeySlotDisableMech( -! xmlSecNssKeySlotPtr keySlot , -! CK_MECHANISM_TYPE mechanism -! ) { -! int counter ; -! -! xmlSecAssert2( keySlot != NULL , -1 ) ; -! -! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -! if( *( keySlot->mechanismList + counter ) == mechanism ) { -! for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -! *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; -! } -! -! break ; -! } -! } -! -! return(0); -! } -! -! CK_MECHANISM_TYPE_PTR -! xmlSecNssKeySlotGetMechList( -! xmlSecNssKeySlotPtr keySlot -! ) { -! if( keySlot != NULL ) -! return keySlot->mechanismList ; -! else -! return NULL ; -! } -! -! int -! xmlSecNssKeySlotSetSlot( -! xmlSecNssKeySlotPtr keySlot , -! PK11SlotInfo* slot -! ) { -! xmlSecAssert2( keySlot != NULL , -1 ) ; -! -! if( slot != NULL && keySlot->slot != slot ) { -! if( keySlot->slot != NULL ) -! PK11_FreeSlot( keySlot->slot ) ; -! -! if( keySlot->mechanismList != NULL ) { -! xmlFree( keySlot->mechanismList ) ; -! keySlot->mechanismList = NULL ; -! } -! -! keySlot->slot = PK11_ReferenceSlot( slot ) ; -! } -! -! return(0); -! } -! -! int -! xmlSecNssKeySlotInitialize( -! xmlSecNssKeySlotPtr keySlot , -! PK11SlotInfo* slot -! ) { -! xmlSecAssert2( keySlot != NULL , -1 ) ; -! xmlSecAssert2( keySlot->slot == NULL , -1 ) ; -! xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; -! -! if( slot != NULL ) { -! keySlot->slot = PK11_ReferenceSlot( slot ) ; -! } -! -! return(0); -! } -! -! void -! xmlSecNssKeySlotFinalize( -! xmlSecNssKeySlotPtr keySlot -! ) { -! xmlSecAssert( keySlot != NULL ) ; -! -! if( keySlot->mechanismList != NULL ) { -! xmlFree( keySlot->mechanismList ) ; -! keySlot->mechanismList = NULL ; -! } -! -! if( keySlot->slot != NULL ) { -! PK11_FreeSlot( keySlot->slot ) ; -! keySlot->slot = NULL ; -! } -! -! } -! -! PK11SlotInfo* -! xmlSecNssKeySlotGetSlot( -! xmlSecNssKeySlotPtr keySlot -! ) { -! if( keySlot != NULL ) -! return keySlot->slot ; -! else -! return NULL ; -! } -! -! xmlSecNssKeySlotPtr -! xmlSecNssKeySlotCreate() { -! xmlSecNssKeySlotPtr keySlot ; -! -! /* Allocates a new xmlSecNssKeySlot and fill the fields */ -! keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; -! if( keySlot == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( NULL ); -! } -! memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; -! -! return( keySlot ) ; -! } -! -! int -! xmlSecNssKeySlotCopy( -! xmlSecNssKeySlotPtr newKeySlot , -! xmlSecNssKeySlotPtr keySlot -! ) { -! CK_MECHANISM_TYPE_PTR mech ; -! int counter ; -! -! xmlSecAssert2( newKeySlot != NULL , -1 ) ; -! xmlSecAssert2( keySlot != NULL , -1 ) ; -! -! if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { -! if( newKeySlot->slot != NULL ) -! PK11_FreeSlot( newKeySlot->slot ) ; -! -! newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; -! } -! -! if( keySlot->mechanismList != CK_NULL_PTR ) { -! xmlFree( newKeySlot->mechanismList ) ; -! -! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -! newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -! if( newKeySlot->mechanismList == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( -1 ); -! } -! for( ; counter >= 0 ; counter -- ) -! *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; -! } -! -! return( 0 ); -! } -! -! xmlSecNssKeySlotPtr -! xmlSecNssKeySlotDuplicate( -! xmlSecNssKeySlotPtr keySlot -! ) { -! xmlSecNssKeySlotPtr newKeySlot ; -! int ret ; -! -! xmlSecAssert2( keySlot != NULL , NULL ) ; -! -! newKeySlot = xmlSecNssKeySlotCreate() ; -! if( newKeySlot == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( NULL ); -! } -! -! if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( NULL ); -! } -! -! return( newKeySlot ); -! } -! -! void -! xmlSecNssKeySlotDestroy( -! xmlSecNssKeySlotPtr keySlot -! ) { -! xmlSecAssert( keySlot != NULL ) ; -! -! if( keySlot->mechanismList != NULL ) -! xmlFree( keySlot->mechanismList ) ; -! -! if( keySlot->slot != NULL ) -! PK11_FreeSlot( keySlot->slot ) ; -! -! xmlFree( keySlot ) ; -! } -! -! int -! xmlSecNssKeySlotBindMech( -! xmlSecNssKeySlotPtr keySlot , -! CK_MECHANISM_TYPE type -! ) { -! int counter ; -! -! xmlSecAssert2( keySlot != NULL , 0 ) ; -! xmlSecAssert2( keySlot->slot != NULL , 0 ) ; -! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; -! -! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -! if( *( keySlot->mechanismList + counter ) == type ) -! return(1) ; -! } -! -! return( 0 ) ; -! } -! -! int -! xmlSecNssKeySlotSupportMech( -! xmlSecNssKeySlotPtr keySlot , -! CK_MECHANISM_TYPE type -! ) { -! xmlSecAssert2( keySlot != NULL , 0 ) ; -! xmlSecAssert2( keySlot->slot != NULL , 0 ) ; -! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; -! -! if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { -! return(1); -! } else -! return(0); -! } -! -! void -! xmlSecNssKeySlotDebugDump( -! xmlSecNssKeySlotPtr keySlot , -! FILE* output -! ) { -! xmlSecAssert( keySlot != NULL ) ; -! xmlSecAssert( output != NULL ) ; -! -! fprintf( output, "== KEY SLOT\n" ); -! } -! -! void -! xmlSecNssKeySlotDebugXmlDump( -! xmlSecNssKeySlotPtr keySlot , -! FILE* output -! ) { -! } -! -! /** -! * Key Slot List -! */ -! #ifdef __MINGW32__ // for runtime-pseudo-reloc -! static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { -! #else -! static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { -! #endif -! BAD_CAST "mechanism-list", -! (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, -! (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, -! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, -! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, -! }; -! -! xmlSecPtrListId -! xmlSecNssKeySlotListGetKlass(void) { -! return(&xmlSecNssKeySlotPtrListKlass); -! } -! -! -! /*- -! * Global PKCS#11 crypto token repository -- Key slot list -! */ -! static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; -! -! PK11SlotInfo* -! xmlSecNssSlotGet( -! CK_MECHANISM_TYPE type -! ) { -! PK11SlotInfo* slot = NULL ; -! xmlSecNssKeySlotPtr keySlot ; -! xmlSecSize ksSize ; -! xmlSecSize ksPos ; -! char flag ; -! -! if( _xmlSecNssKeySlotList == NULL ) { -! slot = PK11_GetBestSlot( type , NULL ) ; -! } else { -! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; -! -! /*- -! * Firstly, checking whether the mechanism is bound with a special slot. -! * If no bound slot, we try to find the first eligible slot in the list. -! */ -! for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { -! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; -! if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { -! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -! flag = 2 ; -! } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { -! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -! flag = 1 ; -! } -! -! if( flag == 2 ) -! break ; -! } -! if( slot != NULL ) -! slot = PK11_ReferenceSlot( slot ) ; -! } -! -! if( slot != NULL && PK11_NeedLogin( slot ) ) { -! if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! PK11_FreeSlot( slot ) ; -! return( NULL ); -! } -! } -! -! return slot ; -! } -! -! int -! xmlSecNssSlotInitialize( -! void -! ) { -! if( _xmlSecNssKeySlotList != NULL ) { -! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; -! _xmlSecNssKeySlotList = NULL ; -! } -! -! _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; -! if( _xmlSecNssKeySlotList == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return( -1 ); -! } -! -! return(0); -! } -! -! void -! xmlSecNssSlotShutdown( -! void -! ) { -! if( _xmlSecNssKeySlotList != NULL ) { -! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; -! _xmlSecNssKeySlotList = NULL ; -! } -! } -! -! int -! xmlSecNssSlotAdopt( -! PK11SlotInfo* slot, -! CK_MECHANISM_TYPE type -! ) { -! xmlSecNssKeySlotPtr keySlot ; -! xmlSecSize ksSize ; -! xmlSecSize ksPos ; -! char flag ; -! -! xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; -! xmlSecAssert2( slot != NULL, -1 ) ; -! -! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; -! -! /*- -! * Firstly, checking whether the slot is in the repository already. -! */ -! flag = 0 ; -! for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { -! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; -! /* If find the slot in the list */ -! if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { -! /* If mechnism type is valid, bind the slot with the mechanism */ -! if( type != CKM_INVALID_MECHANISM ) { -! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! } -! -! flag = 1 ; -! } -! } -! -! /* If the slot do not in the list, add a new item to the list */ -! if( flag == 0 ) { -! /* Create a new KeySlot */ -! keySlot = xmlSecNssKeySlotCreate() ; -! if( keySlot == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return(-1); -! } -! -! /* Initialize the keySlot with a slot */ -! if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecNssKeySlotDestroy( keySlot ) ; -! return(-1); -! } -! -! /* If mechnism type is valid, bind the slot with the mechanism */ -! if( type != CKM_INVALID_MECHANISM ) { -! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecNssKeySlotDestroy( keySlot ) ; -! return(-1); -! } -! } -! -! /* Add keySlot into the list */ -! if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE , -! NULL , -! NULL , -! XMLSEC_ERRORS_R_XMLSEC_FAILED , -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! xmlSecNssKeySlotDestroy( keySlot ) ; -! return(-1); -! } -! } -! -! return(0); -! } -! -*** misc/xmlsec1-1.2.6/src/nss/x509.c Fri Sep 26 05:53:09 2003 ---- misc/build/xmlsec1-1.2.6/src/nss/x509.c Fri May 11 14:47:20 2007 -*************** -*** 34,40 **** - #include <xmlsec/keys.h> - #include <xmlsec/keyinfo.h> - #include <xmlsec/keysmngr.h> -- #include <xmlsec/x509.h> - #include <xmlsec/base64.h> - #include <xmlsec/errors.h> - ---- 34,39 ---- -*************** -*** 61,97 **** - static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -- static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -- static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -- static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -- static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -- static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, - xmlSecKeyPtr key, - xmlSecKeyInfoCtxPtr keyInfoCtx); -- - static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf, - xmlSecSize size); - static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf); ---- 60,80 ---- -*************** -*** 104,112 **** - xmlSecKeyInfoCtxPtr keyInfoCtx); - static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, - int base64LineWrap); -- static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); -- static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); -- static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); - static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, - FILE* output); - static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, ---- 87,92 ---- -*************** -*** 254,260 **** ---- 234,244 ---- - - - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { -+ #else - static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { -+ #endif - sizeof(xmlSecKeyDataKlass), - xmlSecNssX509DataSize, - -*************** -*** 378,384 **** - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_NewCertList", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } ---- 362,368 ---- - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_NewCertList", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - } -*************** -*** 389,395 **** - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_AddCertToListTail", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ctx->numCerts++; ---- 373,379 ---- - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_AddCertToListTail", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - ctx->numCerts++; -*************** -*** 588,594 **** - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ---- 572,578 ---- - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - -*************** -*** 627,633 **** - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "SEC_DupCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ---- 611,617 ---- - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "SEC_DupCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - -*************** -*** 652,658 **** - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); ---- 636,642 ---- - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); -*************** -*** 752,782 **** - xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataPtr data; - CERTCertificate* cert; - CERTSignedCrl* crl; - xmlSecSize size, pos; -- int content = 0; -- int ret; - - xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); - xmlSecAssert2(key != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); - -! content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); -! if (content < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecX509DataGetNodeContent", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "content=%d", content); -! return(-1); -! } else if(content == 0) { -! /* by default we are writing certificates and crls */ -! content = XMLSEC_X509DATA_DEFAULT; - } - -- /* get x509 data */ - data = xmlSecKeyGetData(key, id); - if(data == NULL) { - /* no x509 data in the key */ ---- 736,757 ---- - xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataPtr data; -+ xmlNodePtr cur; -+ xmlChar* buf; - CERTCertificate* cert; - CERTSignedCrl* crl; - xmlSecSize size, pos; - - xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); - xmlSecAssert2(key != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); - -! /* todo: flag in ctx remove all existing content */ -! if(0) { -! xmlNodeSetContent(node, NULL); - } - - data = xmlSecKeyGetData(key, id); - if(data == NULL) { - /* no x509 data in the key */ -*************** -*** 795,874 **** - "pos=%d", pos); - return(-1); - } -! -! if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { -! ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssX509CertificateNodeWrite", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "pos=%d", pos); -! return(-1); -! } - } -! -! if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { -! ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssX509SubjectNameNodeWrite", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "pos=%d", pos); -! return(-1); -! } - } - -! if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { -! ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssX509IssuerSerialNodeWrite", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "pos=%d", pos); -! return(-1); -! } -! } - -! if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { -! ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssX509SKINodeWrite", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "pos=%d", pos); -! return(-1); -! } -! } -! } - -! /* write crls if needed */ -! if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { -! size = xmlSecNssKeyDataX509GetCrlsSize(data); -! for(pos = 0; pos < size; ++pos) { -! crl = xmlSecNssKeyDataX509GetCrl(data, pos); -! if(crl == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssKeyDataX509GetCrl", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "pos=%d", pos); -! return(-1); -! } -! -! ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); -! if(ret < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssX509CRLNodeWrite", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "pos=%d", pos); -! return(-1); -! } -! } - } - - return(0); ---- 770,844 ---- - "pos=%d", pos); - return(-1); - } -! -! /* set base64 lines size from context */ -! buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); -! if(buf == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssX509CertBase64DerWrite", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); - } -! -! cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); -! if(cur == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecAddChild", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "node=%s", -! xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); -! xmlFree(buf); -! return(-1); - } -+ /* todo: add \n around base64 data - from context */ -+ /* todo: add errors check */ -+ xmlNodeSetContent(cur, xmlSecStringCR); -+ xmlNodeSetContent(cur, buf); -+ xmlFree(buf); -+ } - -! /* write crls */ -! size = xmlSecNssKeyDataX509GetCrlsSize(data); -! for(pos = 0; pos < size; ++pos) { -! crl = xmlSecNssKeyDataX509GetCrl(data, pos); -! if(crl == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssKeyDataX509GetCrl", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "pos=%d", pos); -! return(-1); -! } - -! /* set base64 lines size from context */ -! buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); -! if(buf == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecNssX509CrlBase64DerWrite", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } - -! cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); -! if(cur == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -! "xmlSecAddChild", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "new_node=%s", -! xmlSecErrorsSafeString(xmlSecNodeX509CRL)); -! xmlFree(buf); -! return(-1); -! } -! /* todo: add \n around base64 data - from context */ -! /* todo: add errors check */ -! xmlNodeSetContent(cur, xmlSecStringCR); -! xmlNodeSetContent(cur, buf); - } - - return(0); -*************** -*** 1015,1033 **** - xmlSecAssert2(keyInfoCtx != NULL, -1); - - content = xmlNodeGetContent(node); -! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { -! if(content != NULL) { -! xmlFree(content); -! } -! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! return(0); - } - - cert = xmlSecNssX509CertBase64DerRead(content); ---- 985,997 ---- - xmlSecAssert2(keyInfoCtx != NULL, -1); - - content = xmlNodeGetContent(node); -! if(content == NULL){ -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); - } - - cert = xmlSecNssX509CertBase64DerRead(content); -*************** -*** 1057,1102 **** - return(0); - } - -- static int -- xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlChar* buf; -- xmlNodePtr cur; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- xmlSecAssert2(keyInfoCtx != NULL, -1); -- -- /* set base64 lines size from context */ -- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509CertBase64DerWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); -- xmlFree(buf); -- return(-1); -- } -- -- /* todo: add \n around base64 data - from context */ -- /* todo: add errors check */ -- xmlNodeSetContent(cur, xmlSecStringCR); -- xmlNodeSetContent(cur, buf); -- xmlFree(buf); -- return(0); -- } -- - static int - xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataStorePtr x509Store; ---- 1021,1026 ---- -*************** -*** 1120,1138 **** - } - - subject = xmlNodeGetContent(node); -! if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { -! if(subject != NULL) { -! xmlFree(subject); -! } -! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! return(0); - } - - cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); ---- 1044,1056 ---- - } - - subject = xmlNodeGetContent(node); -! if(subject == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); - } - - cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); -*************** -*** 1167,1206 **** - return(0); - } - -- static int -- xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { -- xmlChar* buf = NULL; -- xmlNodePtr cur = NULL; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- -- buf = xmlSecNssX509NameWrite(&(cert->subject)); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameWrite(&(cert->subject))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); -- xmlFree(buf); -- return(-1); -- } -- xmlNodeSetContent(cur, buf); -- xmlFree(buf); -- return(0); -- } -- - static int - xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataStorePtr x509Store; ---- 1085,1090 ---- -*************** -*** 1226,1246 **** - } - - cur = xmlSecGetNextElementNode(node->children); -! if(cur == NULL) { -! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), -! XMLSEC_ERRORS_R_NODE_NOT_FOUND, -! "node=%s", -! xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); -! return(-1); -! } -! return(0); -! } -! - /* the first is required node X509IssuerName */ -! if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), ---- 1110,1118 ---- - } - - cur = xmlSecGetNextElementNode(node->children); -! - /* the first is required node X509IssuerName */ -! if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), -*************** -*** 1332,1409 **** - return(0); - } - -- static int -- xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { -- xmlNodePtr cur; -- xmlNodePtr issuerNameNode; -- xmlNodePtr issuerNumberNode; -- xmlChar* buf; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- -- /* create xml nodes */ -- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); -- return(-1); -- } -- -- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); -- if(issuerNameNode == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); -- return(-1); -- } -- -- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); -- if(issuerNumberNode == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); -- return(-1); -- } -- -- /* write data */ -- buf = xmlSecNssX509NameWrite(&(cert->issuer)); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameWrite(&(cert->issuer))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- xmlNodeSetContent(issuerNameNode, buf); -- xmlFree(buf); -- -- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- xmlNodeSetContent(issuerNumberNode, buf); -- xmlFree(buf); -- -- return(0); -- } -- - static int - xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataStorePtr x509Store; ---- 1204,1209 ---- -*************** -*** 1427,1446 **** - } - - ski = xmlNodeGetContent(node); -! if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { -! if(ski != NULL) { -! xmlFree(ski); -! } -! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -! "node=%s", -! xmlSecErrorsSafeString(xmlSecNodeX509SKI)); -! return(-1); -! } -! return(0); - } - - cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); ---- 1227,1240 ---- - } - - ski = xmlNodeGetContent(node); -! if(ski == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -! "node=%s", -! xmlSecErrorsSafeString(xmlSecNodeX509SKI)); -! return(-1); - } - - cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); -*************** -*** 1475,1515 **** - return(0); - } - -- static int -- xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { -- xmlChar *buf = NULL; -- xmlNodePtr cur = NULL; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- -- buf = xmlSecNssX509SKIWrite(cert); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509SKIWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "new_node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); -- xmlFree(buf); -- return(-1); -- } -- xmlNodeSetContent(cur, buf); -- xmlFree(buf); -- -- return(0); -- } -- - static int - xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlChar *content; ---- 1269,1274 ---- -*************** -*** 1520,1538 **** - xmlSecAssert2(keyInfoCtx != NULL, -1); - - content = xmlNodeGetContent(node); -! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { -! if(content != NULL) { -! xmlFree(content); -! } -! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! return(0); - } - - crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); ---- 1279,1291 ---- - xmlSecAssert2(keyInfoCtx != NULL, -1); - - content = xmlNodeGetContent(node); -! if(content == NULL){ -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); - } - - crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); -*************** -*** 1552,1598 **** - } - - static int -- xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlChar* buf = NULL; -- xmlNodePtr cur = NULL; -- -- xmlSecAssert2(crl != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- xmlSecAssert2(keyInfoCtx != NULL, -1); -- -- /* set base64 lines size from context */ -- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509CrlBase64DerWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "new_node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509CRL)); -- xmlFree(buf); -- return(-1); -- } -- /* todo: add \n around base64 data - from context */ -- /* todo: add errors check */ -- xmlNodeSetContent(cur, xmlSecStringCR); -- xmlNodeSetContent(cur, buf); -- xmlFree(buf); -- -- return(0); -- } -- -- -- static int - xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, - xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecNssX509DataCtxPtr ctx; ---- 1305,1310 ---- -*************** -*** 1600,1605 **** ---- 1312,1321 ---- - int ret; - SECStatus status; - PRTime notBefore, notAfter; -+ -+ PK11SlotInfo* slot ; -+ SECKEYPublicKey *pubKey = NULL; -+ SECKEYPrivateKey *priKey = NULL; - - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); - xmlSecAssert2(key != NULL, -1); -*************** -*** 1632,1641 **** - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); - if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, ---- 1348,1360 ---- - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(-1); - } - -+ /*- -+ * Get Public key from cert, which does not always work for sign action. -+ * - keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); - if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -*************** -*** 1645,1650 **** ---- 1364,1417 ---- - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -+ */ -+ -+ /*- -+ * I'll search key according to KeyReq. -+ */ -+ slot = cert->slot ; -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -+ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "PK11_FindPrivateKeyFromCert" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { -+ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "CERT_ExtractPublicKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ if( priKey != NULL ) -+ SECKEY_DestroyPrivateKey( priKey ) ; -+ return -1 ; -+ } -+ } -+ -+ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); -+ if( keyValue == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "xmlSecNssPKIAdoptKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ if( priKey != NULL ) -+ SECKEY_DestroyPrivateKey( priKey ) ; -+ -+ if( pubKey != NULL ) -+ SECKEY_DestroyPublicKey( pubKey ) ; -+ -+ return -1 ; -+ } -+ /* Modify keyValue get Done */ - - /* verify that the key matches our expectations */ - if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { -*************** -*** 1725,1738 **** - return(0); - } - -- /** -- * xmlSecNssX509CertGetKey: -- * @cert: the certificate. -- * -- * Extracts public key from the @cert. -- * -- * Returns public key value or NULL if an error occurs. -- */ - xmlSecKeyDataPtr - xmlSecNssX509CertGetKey(CERTCertificate* cert) { - xmlSecKeyDataPtr data; ---- 1492,1497 ---- -*************** -*** 1746,1752 **** - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - ---- 1505,1511 ---- - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(NULL); - } - -*************** -*** 1804,1810 **** - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - ---- 1563,1569 ---- - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(NULL); - } - -*************** -*** 1827,1833 **** - NULL, - "cert->derCert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - ---- 1586,1592 ---- - NULL, - "cert->derCert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(NULL); - } - -*************** -*** 1890,1896 **** - NULL, - "PK11_GetInternalKeySlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return NULL; - } - ---- 1649,1655 ---- - NULL, - "PK11_GetInternalKeySlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return NULL; - } - -*************** -*** 1905,1911 **** - NULL, - "PK11_ImportCRL", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - PK11_FreeSlot(slot); - return(NULL); - } ---- 1664,1670 ---- - NULL, - "PK11_ImportCRL", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - PK11_FreeSlot(slot); - return(NULL); - } -*************** -*** 1929,1935 **** - NULL, - "crl->derCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - ---- 1688,1694 ---- - NULL, - "crl->derCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); - return(NULL); - } - -*************** -*** 1946,2031 **** - return(res); - } - -- static xmlChar* -- xmlSecNssX509NameWrite(CERTName* nm) { -- xmlChar *res = NULL; -- char *str; -- -- xmlSecAssert2(nm != NULL, NULL); -- -- str = CERT_NameToAscii(nm); -- if (str == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_NameToAscii", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(NULL); -- } -- -- res = xmlStrdup(BAD_CAST str); -- if(res == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlStrdup", -- XMLSEC_ERRORS_R_MALLOC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- PORT_Free(str); -- return(NULL); -- } -- PORT_Free(str); -- return(res); -- } -- -- static xmlChar* -- xmlSecNssASN1IntegerWrite(SECItem *num) { -- xmlChar *res = NULL; -- -- xmlSecAssert2(num != NULL, NULL); -- -- /* TODO : to be implemented after -- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed -- */ -- return(res); -- } -- -- static xmlChar* -- xmlSecNssX509SKIWrite(CERTCertificate* cert) { -- xmlChar *res = NULL; -- SECItem ski; -- SECStatus rv; -- -- xmlSecAssert2(cert != NULL, NULL); -- -- memset(&ski, 0, sizeof(ski)); -- -- rv = CERT_FindSubjectKeyIDExtension(cert, &ski); -- if (rv != SECSuccess) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_FindSubjectKeyIDExtension", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- SECITEM_FreeItem(&ski, PR_FALSE); -- return(NULL); -- } -- -- res = xmlSecBase64Encode(ski.data, ski.len, 0); -- if(res == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecBase64Encode", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- SECITEM_FreeItem(&ski, PR_FALSE); -- return(NULL); -- } -- SECITEM_FreeItem(&ski, PR_FALSE); -- -- return(res); -- } -- -- - static void - xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { - SECItem *sn; ---- 1705,1710 ---- -*************** -*** 2084,2090 **** ---- 1763,1773 ---- - xmlSecSize bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx); - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { -+ #else - static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { -+ #endif - sizeof(xmlSecKeyDataKlass), - sizeof(xmlSecKeyData), - -*** misc/xmlsec1-1.2.6/src/nss/x509vfy.c Fri Sep 26 02:58:15 2003 ---- misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c Fri May 11 14:47:20 2007 -*************** -*** 30,35 **** ---- 30,36 ---- - #include <xmlsec/keyinfo.h> - #include <xmlsec/keysmngr.h> - #include <xmlsec/base64.h> -+ #include <xmlsec/bn.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> -*************** -*** 43,50 **** - typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, - *xmlSecNssX509StoreCtxPtr; - struct _xmlSecNssX509StoreCtx { -! CERTCertList* certsList; /* just keeping a reference to destroy later */ -! }; - - /**************************************************************************** - * ---- 44,51 ---- - typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, - *xmlSecNssX509StoreCtxPtr; - struct _xmlSecNssX509StoreCtx { -! CERTCertList* certsList; /* just keeping a reference to destroy later */ -! }; - - /**************************************************************************** - * -*************** -*** 54,98 **** - * - ***************************************************************************/ - #define xmlSecNssX509StoreGetCtx(store) \ -! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ -! sizeof(xmlSecKeyDataStoreKlass))) - #define xmlSecNssX509StoreSize \ -! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) - - static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); - static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); -- static int xmlSecNssX509NameStringRead (xmlSecByte **str, -- int *strLen, -- xmlSecByte *res, -- int resLen, -- xmlSecByte delim, -- int ingoreTrailingSpaces); -- static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, -- int len); -- -- static void xmlSecNssNumToItem(SECItem *it, unsigned long num); - - - static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { -! sizeof(xmlSecKeyDataStoreKlass), -! xmlSecNssX509StoreSize, -! -! /* data */ -! xmlSecNameX509Store, /* const xmlChar* name; */ -! -! /* constructors/destructor */ -! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ -! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ -! -! /* reserved for the future */ -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ - }; - - static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, -! xmlChar *issuerName, -! xmlChar *issuerSerial, -! xmlChar *ski); - - - /** ---- 55,94 ---- - * - ***************************************************************************/ - #define xmlSecNssX509StoreGetCtx(store) \ -! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ -! sizeof(xmlSecKeyDataStoreKlass))) - #define xmlSecNssX509StoreSize \ -! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) - - static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); - static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); - -+ static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; - -+ #ifdef __MINGW32__ // for runtime-pseudo-reloc -+ static struct _xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { -+ #else - static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { -! #endif -! sizeof(xmlSecKeyDataStoreKlass), -! xmlSecNssX509StoreSize, -! -! /* data */ -! xmlSecNameX509Store, /* const xmlChar* name; */ -! -! /* constructors/destructor */ -! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ -! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ -! -! /* reserved for the future */ -! NULL, /* void* reserved0; */ -! NULL, /* void* reserved1; */ - }; - - static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, -! xmlChar *issuerName, -! xmlChar *issuerSerial, -! xmlChar *ski); - - - /** -*************** -*** 104,110 **** - */ - xmlSecKeyDataStoreId - xmlSecNssX509StoreGetKlass(void) { -! return(&xmlSecNssX509StoreKlass); - } - - /** ---- 100,106 ---- - */ - xmlSecKeyDataStoreId - xmlSecNssX509StoreGetKlass(void) { -! return(&xmlSecNssX509StoreKlass); - } - - /** -*************** -*** 125,139 **** - xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, - xmlChar *issuerName, xmlChar *issuerSerial, - xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { -! xmlSecNssX509StoreCtxPtr ctx; -! -! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); -! xmlSecAssert2(keyInfoCtx != NULL, NULL); - -! ctx = xmlSecNssX509StoreGetCtx(store); -! xmlSecAssert2(ctx != NULL, NULL); - -! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); - } - - /** ---- 121,135 ---- - xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, - xmlChar *issuerName, xmlChar *issuerSerial, - xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { -! xmlSecNssX509StoreCtxPtr ctx; -! -! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); -! xmlSecAssert2(keyInfoCtx != NULL, NULL); - -! ctx = xmlSecNssX509StoreGetCtx(store); -! xmlSecAssert2(ctx != NULL, NULL); - -! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); - } - - /** -*************** -*** 148,263 **** - */ - CERTCertificate * - xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, -! xmlSecKeyInfoCtx* keyInfoCtx) { -! xmlSecNssX509StoreCtxPtr ctx; -! CERTCertListNode* head; -! CERTCertificate* cert = NULL; -! CERTCertListNode* head1; -! CERTCertificate* cert1 = NULL; -! SECStatus status = SECFailure; -! int64 timeboundary; -! int64 tmp1, tmp2; -! -! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); -! xmlSecAssert2(certs != NULL, NULL); -! xmlSecAssert2(keyInfoCtx != NULL, NULL); -! -! ctx = xmlSecNssX509StoreGetCtx(store); -! xmlSecAssert2(ctx != NULL, NULL); -! -! for (head = CERT_LIST_HEAD(certs); -! !CERT_LIST_END(head, certs); -! head = CERT_LIST_NEXT(head)) { -! cert = head->cert; - if(keyInfoCtx->certsVerificationTime > 0) { -! /* convert the time since epoch in seconds to microseconds */ -! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); -! tmp1 = (int64)PR_USEC_PER_SEC; -! tmp2 = timeboundary; -! LL_MUL(timeboundary, tmp1, tmp2); - } else { -! timeboundary = PR_Now(); - } - - /* if cert is the issuer of any other cert in the list, then it is - * to be skipped */ - for (head1 = CERT_LIST_HEAD(certs); -! !CERT_LIST_END(head1, certs); -! head1 = CERT_LIST_NEXT(head1)) { - -! cert1 = head1->cert; -! if (cert1 == cert) { - continue; -! } - -! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) -! == SECEqual) { - break; -! } - } - - if (!CERT_LIST_END(head1, certs)) { -! continue; - } -! -! status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), -! cert, PR_FALSE, -! (SECCertificateUsage)0, -! timeboundary , NULL, NULL, NULL); -! if (status == SECSuccess) { -! break; - } -- } - -! if (status == SECSuccess) { - return (cert); -! } -! -! switch(PORT_GetError()) { - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - case SEC_ERROR_CA_CERT_INVALID: - case SEC_ERROR_UNKNOWN_SIGNER: -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! NULL, -! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, -! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", -! cert->subjectName); -! break; - case SEC_ERROR_EXPIRED_CERTIFICATE: -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! NULL, -! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, -! "cert with subject name %s has expired", -! cert->subjectName); -! break; - case SEC_ERROR_REVOKED_CERTIFICATE: -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! NULL, -! XMLSEC_ERRORS_R_CERT_REVOKED, -! "cert with subject name %s has been revoked", -! cert->subjectName); -! break; - default: -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! NULL, -! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, -! "cert with subject name %s could not be verified", -! cert->subjectName); -! break; -! } + goto done; + } +@@ -1472,7 +1525,7 @@ -! return (NULL); - } - - /** - * xmlSecNssX509StoreAdoptCert: -! * @store: the pointer to X509 key data store klass. -! * @cert: the pointer to NSS X509 certificate. -! * @type: the certificate type (trusted/untrusted). - * - * Adds trusted (root) or untrusted certificate to the store. - * ---- 144,273 ---- - */ - CERTCertificate * - xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, -! xmlSecKeyInfoCtx* keyInfoCtx) { -! xmlSecNssX509StoreCtxPtr ctx; -! CERTCertListNode* head; -! CERTCertificate* cert = NULL; -! CERTCertListNode* head1; -! CERTCertificate* cert1 = NULL; -! SECStatus status = SECFailure; -! int64 timeboundary; -! int64 tmp1, tmp2; -! -! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); -! xmlSecAssert2(certs != NULL, NULL); -! xmlSecAssert2(keyInfoCtx != NULL, NULL); -! -! ctx = xmlSecNssX509StoreGetCtx(store); -! xmlSecAssert2(ctx != NULL, NULL); -! -! for (head = CERT_LIST_HEAD(certs); -! !CERT_LIST_END(head, certs); -! head = CERT_LIST_NEXT(head)) { -! cert = head->cert; - if(keyInfoCtx->certsVerificationTime > 0) { -! /* convert the time since epoch in seconds to microseconds */ -! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); -! tmp1 = (int64)PR_USEC_PER_SEC; -! tmp2 = timeboundary; -! LL_MUL(timeboundary, tmp1, tmp2); - } else { -! timeboundary = PR_Now(); - } - - /* if cert is the issuer of any other cert in the list, then it is - * to be skipped */ - for (head1 = CERT_LIST_HEAD(certs); -! !CERT_LIST_END(head1, certs); -! head1 = CERT_LIST_NEXT(head1)) { - -! cert1 = head1->cert; -! if (cert1 == cert) { - continue; -! } - -! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) -! == SECEqual) { - break; -! } - } - - if (!CERT_LIST_END(head1, certs)) { -! continue; - } -! /* JL: OpenOffice.org implements its own certificate verification routine. -! The goal is to seperate validation of the signature -! and the certificate. For example, OOo could show that the document signature is valid, -! but the certificate could not be verified. If we do not prevent the verification of -! the certificate by libxmlsec and the verification fails, then the XML signature may not be -! verified. This would happen, for example, if the root certificate is not installed. -! -! In the store schould only be the certificate from the X509Certificate element -! and the X509IssuerSerial element. The latter is only there -! if the certificate is installed. Both certificates must be the same! -! In case of writing the signature, the store contains only the certificate that -! was created based on the information from the X509IssuerSerial element. */ -! status = SECSuccess; -! break; -! /* status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), -! cert, PR_FALSE, -! (SECCertificateUsage)0, -! timeboundary , NULL, NULL, NULL); -! if (status == SECSuccess) { -! break; -! } */ - } - -! if (status == SECSuccess) { - return (cert); -! } -! -! switch(PORT_GetError()) { - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - case SEC_ERROR_CA_CERT_INVALID: - case SEC_ERROR_UNKNOWN_SIGNER: -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! NULL, -! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, -! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", -! cert->subjectName); -! break; - case SEC_ERROR_EXPIRED_CERTIFICATE: -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! NULL, -! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, -! "cert with subject name %s has expired", -! cert->subjectName); -! break; - case SEC_ERROR_REVOKED_CERTIFICATE: -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! NULL, -! XMLSEC_ERRORS_R_CERT_REVOKED, -! "cert with subject name %s has been revoked", -! cert->subjectName); -! break; - default: -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! NULL, -! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, -! "cert with subject name %s could not be verified, errcode %d", -! cert->subjectName, -! PORT_GetError()); -! break; -! } + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ + if (ctx->privkey != NULL) { + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + } else { +@@ -1490,7 +1543,7 @@ + + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); ++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ + + return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); + } +--- misc/xmlsec1-1.2.6/src/nss/signatures.c 2003-09-26 02:58:15.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/signatures.c 2008-06-29 23:44:19.000000000 +0200 +@@ -199,7 +199,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_NewContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + } else { +@@ -222,7 +222,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_CreateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + } +@@ -282,7 +282,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_Update, VFY_End", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + + if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -341,7 +341,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_Begin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + } else { +@@ -351,7 +351,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_Begin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + } +@@ -368,7 +368,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_Update", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + } else { +@@ -378,7 +378,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_Update", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + } +@@ -404,7 +404,7 @@ + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_End", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + +@@ -459,7 +459,11 @@ + * + ***************************************************************************/ + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssDsaSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecNssDsaSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ +@@ -506,7 +510,11 @@ + * RSA-SHA1 signature transform + * + ***************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecTransformKlass xmlSecNssRsaSha1Klass = { ++#else + static xmlSecTransformKlass xmlSecNssRsaSha1Klass = { ++#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ +--- misc/xmlsec1-1.2.6/src/nss/symkeys.c 2003-07-21 05:12:52.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/symkeys.c 2008-06-29 23:44:19.000000000 +0200 +@@ -15,178 +15,837 @@ + #include <stdio.h> + #include <string.h> + ++#include <pk11func.h> ++#include <nss.h> ++ + #include <xmlsec/xmlsec.h> + #include <xmlsec/xmltree.h> ++#include <xmlsec/base64.h> + #include <xmlsec/keys.h> + #include <xmlsec/keyinfo.h> + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> ++#include <xmlsec/nss/ciphers.h> ++#include <xmlsec/nss/tokens.h> + + /***************************************************************************** + * +- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary ++ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey + * + ****************************************************************************/ +-static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); +-static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, +- xmlSecKeyDataPtr src); +-static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); +-static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, +- xmlSecKeyPtr key, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, +- xmlSecKeyPtr key, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, +- xmlSecKeyPtr key, +- const xmlSecByte* buf, +- xmlSecSize bufSize, +- xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, +- xmlSecKeyPtr key, +- xmlSecByte** buf, +- xmlSecSize* bufSize, +- xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, +- xmlSecSize sizeBits, +- xmlSecKeyDataType type); +- +-static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); +-static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); +-static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, +- FILE* output); +-static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, +- FILE* output); +-static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); ++typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; ++typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; ++ ++struct _xmlSecNssSymKeyDataCtx { ++ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ ++ PK11SlotInfo* slot ; /* the key resident slot */ ++ PK11SymKey* symkey ; /* the symmetic key */ ++} ; ++ ++#define xmlSecNssSymKeyDataSize \ ++ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) ++ ++#define xmlSecNssSymKeyDataGetCtx( data ) \ ++ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) ++ ++ ++static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); ++static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, ++ xmlSecKeyDataPtr src); ++static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); ++static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, ++ xmlSecKeyPtr key, ++ xmlNodePtr node, ++ xmlSecKeyInfoCtxPtr keyInfoCtx); ++static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, ++ xmlSecKeyPtr key, ++ xmlNodePtr node, ++ xmlSecKeyInfoCtxPtr keyInfoCtx); ++static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, ++ xmlSecKeyPtr key, ++ const xmlSecByte* buf, ++ xmlSecSize bufSize, ++ xmlSecKeyInfoCtxPtr keyInfoCtx); ++static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, ++ xmlSecKeyPtr key, ++ xmlSecByte** buf, ++ xmlSecSize* bufSize, ++ xmlSecKeyInfoCtxPtr keyInfoCtx); ++static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, ++ xmlSecSize sizeBits, ++ xmlSecKeyDataType type); ++ ++static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); ++static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); ++static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, ++ FILE* output); ++static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, ++ FILE* output); ++static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); + + #define xmlSecNssSymKeyDataCheckId(data) \ + (xmlSecKeyDataIsValid((data)) && \ + xmlSecNssSymKeyDataKlassCheck((data)->id)) + ++/** ++ * xmlSecNssSymKeyDataAdoptKey: ++ * @data: the pointer to symmetric key data. ++ * @symkey: the symmetric key ++ * ++ * Set the value of symmetric key data. ++ * ++ * Returns 0 on success or a negative value if an error occurs. ++ */ ++int ++xmlSecNssSymKeyDataAdoptKey( ++ xmlSecKeyDataPtr data , ++ PK11SymKey* symkey ++) { ++ xmlSecNssSymKeyDataCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; ++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; ++ xmlSecAssert2( symkey != NULL, -1 ) ; ++ ++ context = xmlSecNssSymKeyDataGetCtx( data ) ; ++ xmlSecAssert2(context != NULL, -1); ++ ++ context->cipher = PK11_GetMechanism( symkey ) ; ++ ++ if( context->slot != NULL ) { ++ PK11_FreeSlot( context->slot ) ; ++ context->slot = NULL ; ++ } ++ context->slot = PK11_GetSlotFromKey( symkey ) ; ++ ++ if( context->symkey != NULL ) { ++ PK11_FreeSymKey( context->symkey ) ; ++ context->symkey = NULL ; ++ } ++ context->symkey = PK11_ReferenceSymKey( symkey ) ; ++ ++ return 0 ; ++} ++ ++xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( ++ PK11SymKey* symKey ++) { ++ xmlSecKeyDataPtr data = NULL ; ++ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; ++ ++ xmlSecAssert2( symKey != NULL , NULL ) ; ++ ++ mechanism = PK11_GetMechanism( symKey ) ; ++ switch( mechanism ) { ++ case CKM_DES3_KEY_GEN : ++ case CKM_DES3_CBC : ++ case CKM_DES3_MAC : ++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyDataCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "xmlSecNssKeyDataDesId" ) ; ++ return NULL ; ++ } ++ break ; ++ case CKM_AES_KEY_GEN : ++ case CKM_AES_CBC : ++ case CKM_AES_MAC : ++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyDataCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "xmlSecNssKeyDataDesId" ) ; ++ return NULL ; ++ } ++ break ; ++ default : ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "Unsupported mechanism" ) ; ++ return NULL ; ++ } ++ ++ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataAdoptKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyDataDestroy( data ) ; ++ return NULL ; ++ } ++ ++ return data ; ++} ++ ++ ++PK11SymKey* ++xmlSecNssSymKeyDataGetKey( ++ xmlSecKeyDataPtr data ++) { ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ PK11SymKey* symkey ; ++ ++ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, NULL); ++ ++ if( ctx->symkey != NULL ) { ++ symkey = PK11_ReferenceSymKey( ctx->symkey ) ; ++ } else { ++ symkey = NULL ; ++ } ++ ++ return(symkey); ++} ++ + static int + xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); +- +- return(xmlSecKeyDataBinaryValueInitialize(data)); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, -1); ++ ++ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); ++ ++ /* Set the block cipher mechanism */ ++#ifndef XMLSEC_NO_DES ++ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { ++ ctx->cipher = CKM_DES3_KEY_GEN; ++ } else ++#endif /* XMLSEC_NO_DES */ ++ ++#ifndef XMLSEC_NO_AES ++ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { ++ ctx->cipher = CKM_AES_KEY_GEN; ++ } else ++#endif /* XMLSEC_NO_AES */ ++ ++ if(1) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ "Unsupported block cipher" ) ; ++ return(-1) ; ++ } ++ ++ return(0); + } + + static int + xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { ++ xmlSecNssSymKeyDataCtxPtr ctxDst; ++ xmlSecNssSymKeyDataCtxPtr ctxSrc; ++ + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); + xmlSecAssert2(dst->id == src->id, -1); +- +- return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); ++ ++ ctxDst = xmlSecNssSymKeyDataGetCtx(dst); ++ xmlSecAssert2(ctxDst != NULL, -1); ++ ++ ctxSrc = xmlSecNssSymKeyDataGetCtx(src); ++ xmlSecAssert2(ctxSrc != NULL, -1); ++ ++ ctxDst->cipher = ctxSrc->cipher ; ++ ++ if( ctxSrc->slot != NULL ) { ++ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { ++ PK11_FreeSlot( ctxDst->slot ) ; ++ ctxDst->slot = NULL ; ++ } ++ ++ if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) ++ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; ++ } else { ++ if( ctxDst->slot != NULL ) { ++ PK11_FreeSlot( ctxDst->slot ) ; ++ ctxDst->slot = NULL ; ++ } ++ } ++ ++ if( ctxSrc->symkey != NULL ) { ++ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { ++ PK11_FreeSymKey( ctxDst->symkey ) ; ++ ctxDst->symkey = NULL ; ++ } ++ ++ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) ++ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; ++ } else { ++ if( ctxDst->symkey != NULL ) { ++ PK11_FreeSymKey( ctxDst->symkey ) ; ++ ctxDst->symkey = NULL ; ++ } ++ } ++ ++ return(0); + } + + static void + xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); +- +- xmlSecKeyDataBinaryValueFinalize(data); ++ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert(ctx != NULL); ++ ++ if( ctx->slot != NULL ) { ++ PK11_FreeSlot( ctx->slot ) ; ++ ctx->slot = NULL ; ++ } ++ ++ if( ctx->symkey != NULL ) { ++ PK11_FreeSymKey( ctx->symkey ) ; ++ ctx->symkey = NULL ; ++ } ++ ++ ctx->cipher = CKM_INVALID_MECHANISM ; + } + + static int + xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, +- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ++ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { ++ PK11SymKey* symKey ; ++ PK11SlotInfo* slot ; ++ xmlSecBufferPtr keyBuf; ++ xmlSecSize len; ++ xmlSecKeyDataPtr data; ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ SECItem keyItem ; ++ int ret; ++ ++ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); ++ xmlSecAssert2(key != NULL, -1); ++ xmlSecAssert2(node != NULL, -1); ++ xmlSecAssert2(keyInfoCtx != NULL, -1); ++ ++ /* Create a new KeyData from a id */ ++ data = xmlSecKeyDataCreate(id); ++ if(data == NULL ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyDataCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, -1); ++ ++ /* Create a buffer for raw symmetric key value */ ++ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecBufferCreate" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ /* Read the raw key value */ ++ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecBufferDestroy( keyBuf ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ /* Get slot */ ++ slot = xmlSecNssSlotGet(ctx->cipher); ++ if( slot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssSlotGet" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecBufferDestroy( keyBuf ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ /* Wrap the raw key value SECItem */ ++ keyItem.type = siBuffer ; ++ keyItem.data = xmlSecBufferGetData( keyBuf ) ; ++ keyItem.len = xmlSecBufferGetSize( keyBuf ) ; ++ ++ /* Import the raw key into slot temporalily and get the key handler*/ ++ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; ++ if( symKey == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_ImportSymKey" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ PK11_FreeSlot( slot ) ; ++ xmlSecBufferDestroy( keyBuf ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ PK11_FreeSlot( slot ) ; ++ ++ /* raw key material has been copied into symKey, it isn't used any more */ ++ xmlSecBufferDestroy( keyBuf ) ; -! return (NULL); - } - - /** - * xmlSecNssX509StoreAdoptCert: -! * @store: the pointer to X509 key data store klass. -! * @cert: the pointer to NSS X509 certificate. -! * @type: the certificate type (trusted/untrusted). - * - * Adds trusted (root) or untrusted certificate to the store. - * -*************** -*** 265,331 **** - */ - int - xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { -! xmlSecNssX509StoreCtxPtr ctx; -! int ret; - -! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); -! xmlSecAssert2(cert != NULL, -1); - -! ctx = xmlSecNssX509StoreGetCtx(store); -! xmlSecAssert2(ctx != NULL, -1); - -! if(ctx->certsList == NULL) { -! ctx->certsList = CERT_NewCertList(); -! if(ctx->certsList == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! "CERT_NewCertList", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } -! } -! -! ret = CERT_AddCertToListTail(ctx->certsList, cert); -! if(ret != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! "CERT_AddCertToListTail", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(-1); -! } - -! return(0); - } - - static int - xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { -! xmlSecNssX509StoreCtxPtr ctx; -! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); - -! ctx = xmlSecNssX509StoreGetCtx(store); -! xmlSecAssert2(ctx != NULL, -1); - -! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); - -! return(0); - } - - static void - xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { -! xmlSecNssX509StoreCtxPtr ctx; -! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); - -! ctx = xmlSecNssX509StoreGetCtx(store); -! xmlSecAssert(ctx != NULL); -! -! if (ctx->certsList) { - CERT_DestroyCertList(ctx->certsList); - ctx->certsList = NULL; -! } - -! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); - } - - ---- 275,341 ---- - */ - int - xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { -! xmlSecNssX509StoreCtxPtr ctx; -! int ret; - -! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); -! xmlSecAssert2(cert != NULL, -1); - -! ctx = xmlSecNssX509StoreGetCtx(store); -! xmlSecAssert2(ctx != NULL, -1); - -! if(ctx->certsList == NULL) { -! ctx->certsList = CERT_NewCertList(); -! if(ctx->certsList == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! "CERT_NewCertList", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); -! return(-1); -! } -! } - -! ret = CERT_AddCertToListTail(ctx->certsList, cert); -! if(ret != SECSuccess) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), -! "CERT_AddCertToListTail", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); -! return(-1); -! } -! -! return(0); - } - - static int - xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { -! xmlSecNssX509StoreCtxPtr ctx; -! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); - -! ctx = xmlSecNssX509StoreGetCtx(store); -! xmlSecAssert2(ctx != NULL, -1); - -! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); - -! return(0); - } - - static void - xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { -! xmlSecNssX509StoreCtxPtr ctx; -! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); - -! ctx = xmlSecNssX509StoreGetCtx(store); -! xmlSecAssert(ctx != NULL); -! -! if (ctx->certsList) { - CERT_DestroyCertList(ctx->certsList); - ctx->certsList = NULL; -! } - -! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); - } - - -*************** -*** 340,715 **** - */ - static CERTCertificate* - xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, -! xmlChar *issuerSerial, xmlChar *ski) { -! CERTCertificate *cert = NULL; -! xmlChar *p = NULL; -! CERTName *name = NULL; -! SECItem *nameitem = NULL; -! PRArenaPool *arena = NULL; -! -! if (subjectName != NULL) { -! p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); -! if (p == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssX509NameRead", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "subject=%s", -! xmlSecErrorsSafeString(subjectName)); -! goto done; -! } -! -! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -! if (arena == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PORT_NewArena", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! -! name = CERT_AsciiToName((char*)p); -! if (name == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "CERT_AsciiToName", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! -! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, -! SEC_ASN1_GET(CERT_NameTemplate)); -! if (nameitem == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "SEC_ASN1EncodeItem", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! -! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); -! goto done; -! } -! -! if((issuerName != NULL) && (issuerSerial != NULL)) { -! CERTIssuerAndSN issuerAndSN; -! -! p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); -! if (p == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssX509NameRead", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "issuer=%s", -! xmlSecErrorsSafeString(issuerName)); -! goto done; -! } -! -! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -! if (arena == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PORT_NewArena", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! -! name = CERT_AsciiToName((char*)p); -! if (name == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "CERT_AsciiToName", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! -! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, -! SEC_ASN1_GET(CERT_NameTemplate)); -! if (nameitem == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "SEC_ASN1EncodeItem", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! -! memset(&issuerAndSN, 0, sizeof(issuerAndSN)); - -! issuerAndSN.derIssuer.data = nameitem->data; -! issuerAndSN.derIssuer.len = nameitem->len; - -! /* TBD: serial num can be arbitrarily long */ -! xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); - -! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), -! &issuerAndSN); -! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); -! goto done; -! } -! -! if(ski != NULL) { -! SECItem subjKeyID; -! int len; -! -! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); -! if(len < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBase64Decode", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "ski=%s", -! xmlSecErrorsSafeString(ski)); -! goto done; -! } -! -! memset(&subjKeyID, 0, sizeof(subjKeyID)); -! subjKeyID.data = ski; -! subjKeyID.len = xmlStrlen(ski); -! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), -! &subjKeyID); -! } - -! done: -! if (p != NULL) { -! PORT_Free(p); -! } -! if (arena != NULL) { -! PORT_FreeArena(arena, PR_FALSE); -! } -! if (name != NULL) { -! CERT_DestroyName(name); -! } - -! return(cert); -! } - -! /** -! * xmlSecNssX509NameRead: -! */ -! static xmlSecByte * -! xmlSecNssX509NameRead(xmlSecByte *str, int len) { -! xmlSecByte name[256]; -! xmlSecByte value[256]; -! xmlSecByte *retval = NULL; -! xmlSecByte *p = NULL; -! int nameLen, valueLen; -! -! xmlSecAssert2(str != NULL, NULL); -! -! /* return string should be no longer than input string */ -! retval = (xmlSecByte *)PORT_Alloc(len+1); -! if(retval == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PORT_Alloc", -! XMLSEC_ERRORS_R_MALLOC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! return(NULL); -! } -! p = retval; -! -! while(len > 0) { -! /* skip spaces after comma or semicolon */ -! while((len > 0) && isspace(*str)) { -! ++str; --len; -! } -! -! nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); -! if(nameLen < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecNssX509NameStringRead", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! memcpy(p, name, nameLen); -! p+=nameLen; -! *p++='='; -! if(len > 0) { -! ++str; --len; -! if((*str) == '\"') { -! valueLen = xmlSecNssX509NameStringRead(&str, &len, -! value, sizeof(value), '"', 1); -! if(valueLen < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -! "xmlSecNssX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! /* skip spaces before comma or semicolon */ -! while((len > 0) && isspace(*str)) { -! ++str; --len; - } -! if((len > 0) && ((*str) != ',')) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "comma is expected"); -! goto done; -! } -! if(len > 0) { -! ++str; --len; - } -! *p++='\"'; -! memcpy(p, value, valueLen); -! p+=valueLen; -! *p++='\"'; -! } else if((*str) == '#') { -! /* TODO: read octect values */ -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "reading octect values is not implemented yet"); -! goto done; -! } else { -! valueLen = xmlSecNssX509NameStringRead(&str, &len, -! value, sizeof(value), ',', 1); -! if(valueLen < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -! "xmlSecNssX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -! XMLSEC_ERRORS_NO_MESSAGE); -! goto done; -! } -! memcpy(p, value, valueLen); -! p+=valueLen; -! if (len > 0) -! *p++=','; -! } -! } else { -! valueLen = 0; - } -! if(len > 0) { -! ++str; --len; -! } -! } -! -! *p = 0; -! return(retval); -! - done: -! PORT_Free(retval); -! return (NULL); - } - - - -! /** -! * xmlSecNssX509NameStringRead: -! */ -! static int -! xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, -! xmlSecByte *res, int resLen, -! xmlSecByte delim, int ingoreTrailingSpaces) { -! xmlSecByte *p, *q, *nonSpace; -! -! xmlSecAssert2(str != NULL, -1); -! xmlSecAssert2(strLen != NULL, -1); -! xmlSecAssert2(res != NULL, -1); -! -! p = (*str); -! nonSpace = q = res; -! while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { -! if((*p) != '\\') { -! if(ingoreTrailingSpaces && !isspace(*p)) { -! nonSpace = q; -! } -! *(q++) = *(p++); -! } else { -! ++p; -! nonSpace = q; -! if(xmlSecIsHex((*p))) { -! if((p - (*str) + 1) >= (*strLen)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "two hex digits expected"); -! return(-1); -! } -! *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); -! p += 2; -! } else { -! if(((++p) - (*str)) >= (*strLen)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_INVALID_DATA, -! "escaped symbol missed"); -! return(-1); -! } -! *(q++) = *(p++); -! } -! } -! } -! if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! NULL, -! XMLSEC_ERRORS_R_INVALID_SIZE, -! "buffer is too small"); -! return(-1); -! } -! (*strLen) -= (p - (*str)); -! (*str) = p; -! return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); -! } - -! /* code lifted from NSS */ -! static void -! xmlSecNssNumToItem(SECItem *it, unsigned long ui) -! { -! unsigned char bb[5]; -! int len; -! -! bb[0] = 0; -! bb[1] = (unsigned char) (ui >> 24); -! bb[2] = (unsigned char) (ui >> 16); -! bb[3] = (unsigned char) (ui >> 8); -! bb[4] = (unsigned char) (ui); -! -! /* -! ** Small integers are encoded in a single byte. Larger integers -! ** require progressively more space. -! */ -! if (ui > 0x7f) { -! if (ui > 0x7fff) { -! if (ui > 0x7fffffL) { -! if (ui >= 0x80000000L) { -! len = 5; -! } else { -! len = 4; -! } -! } else { -! len = 3; -! } -! } else { -! len = 2; -! } -! } else { -! len = 1; -! } -! -! it->data = (unsigned char *)PORT_Alloc(len); -! if (it->data == NULL) { -! return; -! } - -! it->len = len; -! PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); - } -- #endif /* XMLSEC_NO_X509 */ - - ---- 350,562 ---- - */ - static CERTCertificate* - xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, -! xmlChar *issuerSerial, xmlChar *ski) { -! CERTCertificate *cert = NULL; -! CERTName *name = NULL; -! SECItem *nameitem = NULL; -! PRArenaPool *arena = NULL; -! -! if (subjectName != NULL) { -! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -! if (arena == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PORT_NewArena", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); -! goto done; -! } - -! name = CERT_AsciiToName((char*)subjectName); -! if (name == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "CERT_AsciiToName", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "error code=%d", PORT_GetError()); -! goto done; -! } - -! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, -! SEC_ASN1_GET(CERT_NameTemplate)); -! if (nameitem == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "SEC_ASN1EncodeItem", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "error code=%d", PORT_GetError()); -! goto done; -! } - -! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); -! goto done; -! } - -! if((issuerName != NULL) && (issuerSerial != NULL)) { -! CERTIssuerAndSN issuerAndSN; - -! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -! if (arena == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "PORT_NewArena", -! XMLSEC_ERRORS_R_CRYPTO_FAILED, -! "error code=%d", PORT_GetError()); -! goto done; -! } - -! name = CERT_AsciiToName((char*)issuerName); -! if (name == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -! "CERT_AsciiToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "error code=%d", PORT_GetError()); -! goto done; - } -! -! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, -! SEC_ASN1_GET(CERT_NameTemplate)); -! if (nameitem == NULL) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "SEC_ASN1EncodeItem", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "error code=%d", PORT_GetError()); -! goto done; - } -! -! memset(&issuerAndSN, 0, sizeof(issuerAndSN)); -! -! issuerAndSN.derIssuer.data = nameitem->data; -! issuerAndSN.derIssuer.len = nameitem->len; -! -! if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { -! xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -! "xmlSecNssIntegerToItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "serial number=%s", -! xmlSecErrorsSafeString(issuerSerial)); -! goto done; -! } -! -! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), -! &issuerAndSN); -! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); -! goto done; -! } -! -! if(ski != NULL) { -! SECItem subjKeyID; -! int len; -! -! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); -! if(len < 0) { -! xmlSecError(XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBase64Decode", -! XMLSEC_ERRORS_R_XMLSEC_FAILED, -! "ski=%s", -! xmlSecErrorsSafeString(ski)); -! goto done; -! } -! -! memset(&subjKeyID, 0, sizeof(subjKeyID)); -! subjKeyID.data = ski; -! subjKeyID.len = xmlStrlen(ski); -! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), -! &subjKeyID); - } -! - done: -! if (arena != NULL) { -! PORT_FreeArena(arena, PR_FALSE); -! } -! if (name != NULL) { -! CERT_DestroyName(name); -! } -! -! return(cert); - } - -+ static int -+ xmlSecNssIntegerToItem( -+ const xmlChar* integer , -+ SECItem *item -+ ) { -+ xmlSecBn bn ; -+ xmlSecSize i, length ; -+ const xmlSecByte* bnInteger ; - -+ xmlSecAssert2( integer != NULL, -1 ) ; -+ xmlSecAssert2( item != NULL, -1 ) ; - -! if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnInitialize", -! XMLSEC_ERRORS_R_INVALID_DATA, -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! return -1 ; -! } - -! if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnFromDecString", -! XMLSEC_ERRORS_R_INVALID_DATA, -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecBnFinalize( &bn ) ; -! return -1 ; -! } -! -! length = xmlSecBnGetSize( &bn ) ; -! if( length <= 0 ) { -! xmlSecError( XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnGetSize", -! XMLSEC_ERRORS_R_INVALID_DATA, -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecBnFinalize( &bn ) ; -! return -1 ; -! } -! -! bnInteger = xmlSecBnGetData( &bn ) ; -! if( bnInteger == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE, -! NULL, -! "xmlSecBnGetData", -! XMLSEC_ERRORS_R_INVALID_DATA, -! XMLSEC_ERRORS_NO_MESSAGE ) ; - -! xmlSecBnFinalize( &bn ) ; -! return -1 ; -! } -! -! item->data = ( unsigned char * )PORT_Alloc( length ); -! if( item->data == NULL ) { -! xmlSecError( XMLSEC_ERRORS_HERE, -! NULL, -! "PORT_Alloc", -! XMLSEC_ERRORS_R_INVALID_DATA, -! XMLSEC_ERRORS_NO_MESSAGE ) ; -! -! xmlSecBnFinalize( &bn ) ; -! return -1 ; -! } -! -! item->len = length; -! -! for( i = 0 ; i < length ; i ++ ) -! item->data[i] = *( bnInteger + i ) ; -! -! xmlSecBnFinalize( &bn ) ; -! -! return 0 ; - } - -+ #endif /* XMLSEC_NO_X509 */ - -*** misc/xmlsec1-1.2.6/win32/Makefile.msvc Wed Jun 9 16:35:12 2004 ---- misc/build/xmlsec1-1.2.6/win32/Makefile.msvc Fri May 11 14:47:20 2007 -*************** -*** 223,228 **** ---- 223,232 ---- - $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj - - XMLSEC_NSS_OBJS = \ -+ $(XMLSEC_NSS_INTDIR)\akmngr.obj\ -+ $(XMLSEC_NSS_INTDIR)\keytrans.obj\ -+ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ -+ $(XMLSEC_NSS_INTDIR)\tokens.obj\ - $(XMLSEC_NSS_INTDIR)\app.obj\ - $(XMLSEC_NSS_INTDIR)\bignum.obj\ - $(XMLSEC_NSS_INTDIR)\ciphers.obj \ -*************** -*** 235,243 **** - $(XMLSEC_NSS_INTDIR)\x509.obj\ - $(XMLSEC_NSS_INTDIR)\x509vfy.obj\ - $(XMLSEC_NSS_INTDIR)\keysstore.obj\ -- $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\ -- $(XMLSEC_NSS_INTDIR)\kw_des.obj\ -- $(XMLSEC_NSS_INTDIR)\kw_aes.obj\ - $(XMLSEC_NSS_INTDIR)\strings.obj - XMLSEC_NSS_OBJS_A = \ - $(XMLSEC_NSS_INTDIR_A)\app.obj\ ---- 239,244 ---- -*************** -*** 258,263 **** ---- 259,265 ---- - $(XMLSEC_NSS_INTDIR_A)\strings.obj - - XMLSEC_MSCRYPTO_OBJS = \ -+ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ - $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ - $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ - $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ -*************** -*** 376,382 **** - XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib - XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib - -! XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib - XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib - - XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib ---- 378,384 ---- - XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib - XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib - -! XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib - XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib - - XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib +- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); ++ /* Adopt the symmetric key into key data */ ++ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyDataBinaryValueSetBuffer", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1); ++ } ++ /* symKey has been duplicated into data, it isn't used any more */ ++ PK11_FreeSymKey( symKey ) ; ++ ++ /* Check value */ ++ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyReqMatchKeyValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecKeyDataDestroy( data ) ; ++ return(0); ++ } ++ ++ ret = xmlSecKeySetValue(key, data); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeySetValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1); ++ } ++ ++ return(0); + } + + static int + xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, +- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { ++ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { ++ PK11SymKey* symKey ; ++ + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ++ xmlSecAssert2(key != NULL, -1); ++ xmlSecAssert2(node != NULL, -1); ++ xmlSecAssert2(keyInfoCtx != NULL, -1); ++ ++ /* Get symmetric key from "key" */ ++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); ++ if( symKey != NULL ) { ++ SECItem* keyItem ; ++ xmlSecBufferPtr keyBuf ; ++ ++ /* Extract raw key data from symmetric key */ ++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_ExtractKeyValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ /* Get raw key data from "symKey" */ ++ keyItem = PK11_GetKeyData( symKey ) ; ++ if(keyItem == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_GetKeyData", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ /* Create key data buffer with raw kwy material */ ++ keyBuf = xmlSecBufferCreate(keyItem->len) ; ++ if(keyBuf == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecBufferCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; ++ ++ /* Write raw key material into current xml node */ ++ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecBufferBase64NodeContentWrite", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecBufferDestroy(keyBuf); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ xmlSecBufferDestroy(keyBuf); ++ PK11_FreeSymKey( symKey ) ; ++ } + +- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); ++ return 0 ; + } + + static int + xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, +- const xmlSecByte* buf, xmlSecSize bufSize, +- xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ++ const xmlSecByte* buf, xmlSecSize bufSize, ++ xmlSecKeyInfoCtxPtr keyInfoCtx) { ++ PK11SymKey* symKey ; ++ PK11SlotInfo* slot ; ++ xmlSecKeyDataPtr data; ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ SECItem keyItem ; ++ int ret; + +- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); ++ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); ++ xmlSecAssert2(key != NULL, -1); ++ xmlSecAssert2(buf != NULL, -1); ++ xmlSecAssert2(bufSize != 0, -1); ++ xmlSecAssert2(keyInfoCtx != NULL, -1); ++ ++ /* Create a new KeyData from a id */ ++ data = xmlSecKeyDataCreate(id); ++ if(data == NULL ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyDataCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, -1); ++ ++ /* Get slot */ ++ slot = xmlSecNssSlotGet(ctx->cipher); ++ if( slot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssSlotGet" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ /* Wrap the raw key value SECItem */ ++ keyItem.type = siBuffer ; ++ keyItem.data = buf ; ++ keyItem.len = bufSize ; ++ ++ /* Import the raw key into slot temporalily and get the key handler*/ ++ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; ++ if( symKey == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_ImportSymKey" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSlot( slot ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1) ; ++ } ++ ++ /* Adopt the symmetric key into key data */ ++ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyDataBinaryValueSetBuffer", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSymKey( symKey ) ; ++ PK11_FreeSlot( slot ) ; ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1); ++ } ++ /* symKey has been duplicated into data, it isn't used any more */ ++ PK11_FreeSymKey( symKey ) ; ++ PK11_FreeSlot( slot ) ; ++ ++ /* Check value */ ++ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeyReqMatchKeyValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecKeyDataDestroy( data ) ; ++ return(0); ++ } ++ ++ ret = xmlSecKeySetValue(key, data); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecKeySetValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecKeyDataDestroy( data ) ; ++ return(-1); ++ } ++ ++ return(0); + } + + static int + xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, +- xmlSecByte** buf, xmlSecSize* bufSize, +- xmlSecKeyInfoCtxPtr keyInfoCtx) { ++ xmlSecByte** buf, xmlSecSize* bufSize, ++ xmlSecKeyInfoCtxPtr keyInfoCtx) { ++ PK11SymKey* symKey ; ++ + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ++ xmlSecAssert2(key != NULL, -1); ++ xmlSecAssert2(buf != NULL, -1); ++ xmlSecAssert2(bufSize != 0, -1); ++ xmlSecAssert2(keyInfoCtx != NULL, -1); ++ ++ /* Get symmetric key from "key" */ ++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); ++ if( symKey != NULL ) { ++ SECItem* keyItem ; ++ ++ /* Extract raw key data from symmetric key */ ++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_ExtractKeyValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ /* Get raw key data from "symKey" */ ++ keyItem = PK11_GetKeyData( symKey ) ; ++ if(keyItem == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_GetKeyData", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ *bufSize = keyItem->len; ++ *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); ++ if( *buf == NULL ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ NULL, ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ memcpy((*buf), keyItem->data, (*bufSize)); ++ PK11_FreeSymKey( symKey ) ; ++ } + +- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); ++ return 0 ; + } + + static int + xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { +- xmlSecBufferPtr buffer; +- ++ PK11SymKey* symkey ; ++ PK11SlotInfo* slot ; ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ int ret; ++ + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); + xmlSecAssert2(sizeBits > 0, -1); + +- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); +- xmlSecAssert2(buffer != NULL, -1); +- +- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, -1); ++ ++ if( sizeBits % 8 != 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ NULL, ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "Symmetric key size must be octuple"); ++ return(-1); ++ } ++ ++ /* Get slot */ ++ slot = xmlSecNssSlotGet(ctx->cipher); ++ if( slot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "xmlSecNssSlotGet" , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1) ; ++ } ++ ++ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "PK11_Authenticate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSlot( slot ) ; ++ return -1 ; ++ } ++ ++ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; ++ if( symkey == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "PK11_KeyGen" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSlot( slot ) ; ++ return -1 ; ++ } ++ ++ if( ctx->slot != NULL ) { ++ PK11_FreeSlot( ctx->slot ) ; ++ ctx->slot = NULL ; ++ } ++ ctx->slot = slot ; ++ ++ if( ctx->symkey != NULL ) { ++ PK11_FreeSymKey( ctx->symkey ) ; ++ ctx->symkey = NULL ; ++ } ++ ctx->symkey = symkey ; ++ ++ return 0 ; + } + + static xmlSecKeyDataType + xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { +- xmlSecBufferPtr buffer; ++ xmlSecNssSymKeyDataCtxPtr context = NULL ; ++ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; + + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); ++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; + +- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); +- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); ++ context = xmlSecNssSymKeyDataGetCtx( data ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "xmlSecNssSymKeyDataGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return xmlSecKeyDataTypeUnknown ; ++ } ++ ++ if( context->symkey != NULL ) { ++ type |= xmlSecKeyDataTypeSymmetric ; ++ } else { ++ type |= xmlSecKeyDataTypeUnknown ; ++ } + +- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); ++ return type ; + } + + static xmlSecSize + xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { ++ xmlSecNssSymKeyDataCtxPtr context ; ++ unsigned int length = 0 ; ++ + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); +- +- return(xmlSecKeyDataBinaryValueGetSize(data)); ++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; ++ ++ context = xmlSecNssSymKeyDataGetCtx( data ) ; ++ if( context == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "xmlSecNssSymKeyDataGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return 0 ; ++ } ++ ++ if( context->symkey != NULL ) { ++ length = PK11_GetKeyLength( context->symkey ) ; ++ length *= 8 ; ++ } ++ ++ return length ; + } + + static void + xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); + +- xmlSecKeyDataBinaryValueDebugDump(data, output); ++ /* print only size, everything else is sensitive */ ++ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , ++ xmlSecKeyDataGetSize(data)) ; + } + + static void + xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); + +- xmlSecKeyDataBinaryValueDebugXmlDump(data, output); ++ /* print only size, everything else is sensitive */ ++ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , ++ xmlSecKeyDataGetSize(data)) ; + } + + static int + xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { + #ifndef XMLSEC_NO_DES + if(klass == xmlSecNssKeyDataDesId) { +- return(1); ++ return(1); + } + #endif /* XMLSEC_NO_DES */ + + #ifndef XMLSEC_NO_AES + if(klass == xmlSecNssKeyDataAesId) { +- return(1); ++ return(1); + } + #endif /* XMLSEC_NO_AES */ + + #ifndef XMLSEC_NO_HMAC + if(klass == xmlSecNssKeyDataHmacId) { +- return(1); ++ return(1); + } + #endif /* XMLSEC_NO_HMAC */ + +@@ -199,42 +858,46 @@ + * <xmlsec:AESKeyValue> processing + * + *************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), +- xmlSecKeyDataBinarySize, ++ xmlSecNssSymKeyDataSize, + + /* data */ + xmlSecNameAESKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, +- /* xmlSecKeyDataUsage usage; */ +- xmlSecHrefAESKeyValue, /* const xmlChar* href; */ +- xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ +- xmlSecNs, /* const xmlChar* dataNodeNs; */ ++ /* xmlSecKeyDataUsage usage; */ ++ xmlSecHrefAESKeyValue, /* const xmlChar* href; */ ++ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ ++ xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ +- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ +- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ +- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ +- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ ++ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ++ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ++ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ++ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ +- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ +- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ +- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ ++ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ++ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ++ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ +- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ +- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ +- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ +- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ ++ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ++ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ++ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ++ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ +- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ +- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ ++ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ++ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ + }; + + /** +@@ -251,9 +914,9 @@ + + /** + * xmlSecNssKeyDataAesSet: +- * @data: the pointer to AES key data. +- * @buf: the pointer to key value. +- * @bufSize: the key value size (in bytes). ++ * @data: the pointer to AES key data. ++ * @buf: the pointer to key value. ++ * @bufSize: the key value size (in bytes). + * + * Sets the value of AES key data. + * +@@ -280,42 +943,46 @@ + * <xmlsec:DESKeyValue> processing + * + *************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), +- xmlSecKeyDataBinarySize, ++ xmlSecNssSymKeyDataSize, + + /* data */ + xmlSecNameDESKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, +- /* xmlSecKeyDataUsage usage; */ +- xmlSecHrefDESKeyValue, /* const xmlChar* href; */ +- xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ +- xmlSecNs, /* const xmlChar* dataNodeNs; */ ++ /* xmlSecKeyDataUsage usage; */ ++ xmlSecHrefDESKeyValue, /* const xmlChar* href; */ ++ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ ++ xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ +- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ +- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ +- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ +- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ ++ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ++ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ++ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ++ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ +- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ +- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ +- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ ++ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ++ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ++ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ +- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ +- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ +- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ +- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ ++ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ++ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ++ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ++ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ +- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ +- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ ++ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ++ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ + }; + + /** +@@ -332,9 +999,9 @@ + + /** + * xmlSecNssKeyDataDesSet: +- * @data: the pointer to DES key data. +- * @buf: the pointer to key value. +- * @bufSize: the key value size (in bytes). ++ * @data: the pointer to DES key data. ++ * @buf: the pointer to key value. ++ * @bufSize: the key value size (in bytes). + * + * Sets the value of DES key data. + * +@@ -362,42 +1029,46 @@ + * <xmlsec:HMACKeyValue> processing + * + *************************************************************************/ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), +- xmlSecKeyDataBinarySize, ++ xmlSecNssSymKeyDataSize, + + /* data */ + xmlSecNameHMACKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, +- /* xmlSecKeyDataUsage usage; */ +- xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ +- xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ +- xmlSecNs, /* const xmlChar* dataNodeNs; */ ++ /* xmlSecKeyDataUsage usage; */ ++ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ ++ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ ++ xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ +- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ +- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ +- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ +- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ ++ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ++ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ++ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ++ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ +- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ +- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ +- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ ++ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ++ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ++ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ +- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ +- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ +- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ +- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ ++ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ++ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ++ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ++ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ +- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ +- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ ++ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ++ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ + }; + + /** +@@ -414,9 +1085,9 @@ + + /** + * xmlSecNssKeyDataHmacSet: +- * @data: the pointer to HMAC key data. +- * @buf: the pointer to key value. +- * @bufSize: the key value size (in bytes). ++ * @data: the pointer to HMAC key data. ++ * @buf: the pointer to key value. ++ * @bufSize: the key value size (in bytes). + * + * Sets the value of HMAC key data. + * +--- misc/xmlsec1-1.2.6/src/nss/tokens.c 2008-06-29 23:44:40.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/tokens.c 2008-06-29 23:44:19.000000000 +0200 +@@ -1 +1,548 @@ +-dummy ++/** ++ * XMLSec library ++ * ++ * This is free software; see Copyright file in the source ++ * distribution for preciese wording. ++ * ++ * Copyright.................................. ++ * ++ * Contributor(s): _____________________________ ++ * ++ */ ++ ++/** ++ * In order to ensure that particular crypto operation is performed on ++ * particular crypto device, a subclass of xmlSecList is used to store slot and ++ * mechanism information. ++ * ++ * In the list, a slot is bound with a mechanism. If the mechanism is available, ++ * this mechanism only can perform on the slot; otherwise, it can perform on ++ * every eligibl slot in the list. ++ * ++ * When try to find a slot for a particular mechanism, the slot bound with ++ * avaliable mechanism will be looked up firstly. ++ */ ++#include "globals.h" ++#include <string.h> ++ ++#include <xmlsec/xmlsec.h> ++#include <xmlsec/errors.h> ++#include <xmlsec/list.h> ++ ++#include <xmlsec/nss/tokens.h> ++ ++int ++xmlSecNssKeySlotSetMechList( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE_PTR mechanismList ++) { ++ int counter ; ++ ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ ++ if( keySlot->mechanismList != CK_NULL_PTR ) { ++ xmlFree( keySlot->mechanismList ) ; ++ ++ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ++ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ++ if( keySlot->mechanismList == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ); ++ } ++ for( ; counter >= 0 ; counter -- ) ++ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; ++ } ++ ++ return( 0 ); ++} ++ ++int ++xmlSecNssKeySlotEnableMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE mechanism ++) { ++ int counter ; ++ CK_MECHANISM_TYPE_PTR newList ; ++ ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ ++ if( mechanism != CKM_INVALID_MECHANISM ) { ++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ++ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ++ if( newList == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ); ++ } ++ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; ++ *( newList + counter ) = mechanism ; ++ for( counter -= 1 ; counter >= 0 ; counter -- ) ++ *( newList + counter ) = *( keySlot->mechanismList + counter ) ; ++ ++ xmlFree( keySlot->mechanismList ) ; ++ keySlot->mechanismList = newList ; ++ } ++ ++ return(0); ++} ++ ++int ++xmlSecNssKeySlotDisableMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE mechanism ++) { ++ int counter ; ++ ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ ++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ++ if( *( keySlot->mechanismList + counter ) == mechanism ) { ++ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ++ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; ++ } ++ ++ break ; ++ } ++ } ++ ++ return(0); ++} ++ ++CK_MECHANISM_TYPE_PTR ++xmlSecNssKeySlotGetMechList( ++ xmlSecNssKeySlotPtr keySlot ++) { ++ if( keySlot != NULL ) ++ return keySlot->mechanismList ; ++ else ++ return NULL ; ++} ++ ++int ++xmlSecNssKeySlotSetSlot( ++ xmlSecNssKeySlotPtr keySlot , ++ PK11SlotInfo* slot ++) { ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ ++ if( slot != NULL && keySlot->slot != slot ) { ++ if( keySlot->slot != NULL ) ++ PK11_FreeSlot( keySlot->slot ) ; ++ ++ if( keySlot->mechanismList != NULL ) { ++ xmlFree( keySlot->mechanismList ) ; ++ keySlot->mechanismList = NULL ; ++ } ++ ++ keySlot->slot = PK11_ReferenceSlot( slot ) ; ++ } ++ ++ return(0); ++} ++ ++int ++xmlSecNssKeySlotInitialize( ++ xmlSecNssKeySlotPtr keySlot , ++ PK11SlotInfo* slot ++) { ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ xmlSecAssert2( keySlot->slot == NULL , -1 ) ; ++ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; ++ ++ if( slot != NULL ) { ++ keySlot->slot = PK11_ReferenceSlot( slot ) ; ++ } ++ ++ return(0); ++} ++ ++void ++xmlSecNssKeySlotFinalize( ++ xmlSecNssKeySlotPtr keySlot ++) { ++ xmlSecAssert( keySlot != NULL ) ; ++ ++ if( keySlot->mechanismList != NULL ) { ++ xmlFree( keySlot->mechanismList ) ; ++ keySlot->mechanismList = NULL ; ++ } ++ ++ if( keySlot->slot != NULL ) { ++ PK11_FreeSlot( keySlot->slot ) ; ++ keySlot->slot = NULL ; ++ } ++ ++} ++ ++PK11SlotInfo* ++xmlSecNssKeySlotGetSlot( ++ xmlSecNssKeySlotPtr keySlot ++) { ++ if( keySlot != NULL ) ++ return keySlot->slot ; ++ else ++ return NULL ; ++} ++ ++xmlSecNssKeySlotPtr ++xmlSecNssKeySlotCreate() { ++ xmlSecNssKeySlotPtr keySlot ; ++ ++ /* Allocates a new xmlSecNssKeySlot and fill the fields */ ++ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; ++ if( keySlot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( NULL ); ++ } ++ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; ++ ++ return( keySlot ) ; ++} ++ ++int ++xmlSecNssKeySlotCopy( ++ xmlSecNssKeySlotPtr newKeySlot , ++ xmlSecNssKeySlotPtr keySlot ++) { ++ CK_MECHANISM_TYPE_PTR mech ; ++ int counter ; ++ ++ xmlSecAssert2( newKeySlot != NULL , -1 ) ; ++ xmlSecAssert2( keySlot != NULL , -1 ) ; ++ ++ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { ++ if( newKeySlot->slot != NULL ) ++ PK11_FreeSlot( newKeySlot->slot ) ; ++ ++ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; ++ } ++ ++ if( keySlot->mechanismList != CK_NULL_PTR ) { ++ xmlFree( newKeySlot->mechanismList ) ; ++ ++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ++ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ++ if( newKeySlot->mechanismList == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ); ++ } ++ for( ; counter >= 0 ; counter -- ) ++ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; ++ } ++ ++ return( 0 ); ++} ++ ++xmlSecNssKeySlotPtr ++xmlSecNssKeySlotDuplicate( ++ xmlSecNssKeySlotPtr keySlot ++) { ++ xmlSecNssKeySlotPtr newKeySlot ; ++ int ret ; ++ ++ xmlSecAssert2( keySlot != NULL , NULL ) ; ++ ++ newKeySlot = xmlSecNssKeySlotCreate() ; ++ if( newKeySlot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( NULL ); ++ } ++ ++ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( NULL ); ++ } ++ ++ return( newKeySlot ); ++} ++ ++void ++xmlSecNssKeySlotDestroy( ++ xmlSecNssKeySlotPtr keySlot ++) { ++ xmlSecAssert( keySlot != NULL ) ; ++ ++ if( keySlot->mechanismList != NULL ) ++ xmlFree( keySlot->mechanismList ) ; ++ ++ if( keySlot->slot != NULL ) ++ PK11_FreeSlot( keySlot->slot ) ; ++ ++ xmlFree( keySlot ) ; ++} ++ ++int ++xmlSecNssKeySlotBindMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE type ++) { ++ int counter ; ++ ++ xmlSecAssert2( keySlot != NULL , 0 ) ; ++ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; ++ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; ++ ++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ++ if( *( keySlot->mechanismList + counter ) == type ) ++ return(1) ; ++ } ++ ++ return( 0 ) ; ++} ++ ++int ++xmlSecNssKeySlotSupportMech( ++ xmlSecNssKeySlotPtr keySlot , ++ CK_MECHANISM_TYPE type ++) { ++ xmlSecAssert2( keySlot != NULL , 0 ) ; ++ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; ++ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; ++ ++ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { ++ return(1); ++ } else ++ return(0); ++} ++ ++void ++xmlSecNssKeySlotDebugDump( ++ xmlSecNssKeySlotPtr keySlot , ++ FILE* output ++) { ++ xmlSecAssert( keySlot != NULL ) ; ++ xmlSecAssert( output != NULL ) ; ++ ++ fprintf( output, "== KEY SLOT\n" ); ++} ++ ++void ++xmlSecNssKeySlotDebugXmlDump( ++ xmlSecNssKeySlotPtr keySlot , ++ FILE* output ++) { ++} ++ ++/** ++ * Key Slot List ++ */ ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { ++#else ++static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { ++#endif ++ BAD_CAST "mechanism-list", ++ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, ++ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, ++ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, ++ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, ++}; ++ ++xmlSecPtrListId ++xmlSecNssKeySlotListGetKlass(void) { ++ return(&xmlSecNssKeySlotPtrListKlass); ++} ++ ++ ++/*- ++ * Global PKCS#11 crypto token repository -- Key slot list ++ */ ++static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; ++ ++PK11SlotInfo* ++xmlSecNssSlotGet( ++ CK_MECHANISM_TYPE type ++) { ++ PK11SlotInfo* slot = NULL ; ++ xmlSecNssKeySlotPtr keySlot ; ++ xmlSecSize ksSize ; ++ xmlSecSize ksPos ; ++ char flag ; ++ ++ if( _xmlSecNssKeySlotList == NULL ) { ++ slot = PK11_GetBestSlot( type , NULL ) ; ++ } else { ++ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; ++ ++ /*- ++ * Firstly, checking whether the mechanism is bound with a special slot. ++ * If no bound slot, we try to find the first eligible slot in the list. ++ */ ++ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { ++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; ++ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { ++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ++ flag = 2 ; ++ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { ++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ++ flag = 1 ; ++ } ++ ++ if( flag == 2 ) ++ break ; ++ } ++ if( slot != NULL ) ++ slot = PK11_ReferenceSlot( slot ) ; ++ } ++ ++ if( slot != NULL && PK11_NeedLogin( slot ) ) { ++ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ PK11_FreeSlot( slot ) ; ++ return( NULL ); ++ } ++ } ++ ++ return slot ; ++} ++ ++int ++xmlSecNssSlotInitialize( ++ void ++) { ++ if( _xmlSecNssKeySlotList != NULL ) { ++ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; ++ _xmlSecNssKeySlotList = NULL ; ++ } ++ ++ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; ++ if( _xmlSecNssKeySlotList == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return( -1 ); ++ } ++ ++ return(0); ++} ++ ++void ++xmlSecNssSlotShutdown( ++ void ++) { ++ if( _xmlSecNssKeySlotList != NULL ) { ++ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; ++ _xmlSecNssKeySlotList = NULL ; ++ } ++} ++ ++int ++xmlSecNssSlotAdopt( ++ PK11SlotInfo* slot, ++ CK_MECHANISM_TYPE type ++) { ++ xmlSecNssKeySlotPtr keySlot ; ++ xmlSecSize ksSize ; ++ xmlSecSize ksPos ; ++ char flag ; ++ ++ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; ++ xmlSecAssert2( slot != NULL, -1 ) ; ++ ++ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; ++ ++ /*- ++ * Firstly, checking whether the slot is in the repository already. ++ */ ++ flag = 0 ; ++ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { ++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; ++ /* If find the slot in the list */ ++ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { ++ /* If mechnism type is valid, bind the slot with the mechanism */ ++ if( type != CKM_INVALID_MECHANISM ) { ++ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ } ++ ++ flag = 1 ; ++ } ++ } ++ ++ /* If the slot do not in the list, add a new item to the list */ ++ if( flag == 0 ) { ++ /* Create a new KeySlot */ ++ keySlot = xmlSecNssKeySlotCreate() ; ++ if( keySlot == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return(-1); ++ } ++ ++ /* Initialize the keySlot with a slot */ ++ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecNssKeySlotDestroy( keySlot ) ; ++ return(-1); ++ } ++ ++ /* If mechnism type is valid, bind the slot with the mechanism */ ++ if( type != CKM_INVALID_MECHANISM ) { ++ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecNssKeySlotDestroy( keySlot ) ; ++ return(-1); ++ } ++ } ++ ++ /* Add keySlot into the list */ ++ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_XMLSEC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ xmlSecNssKeySlotDestroy( keySlot ) ; ++ return(-1); ++ } ++ } ++ ++ return(0); ++} ++ +--- misc/xmlsec1-1.2.6/src/nss/x509.c 2003-09-26 05:53:09.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/x509.c 2008-06-29 23:44:19.000000000 +0200 +@@ -34,7 +34,6 @@ + #include <xmlsec/keys.h> + #include <xmlsec/keyinfo.h> + #include <xmlsec/keysmngr.h> +-#include <xmlsec/x509.h> + #include <xmlsec/base64.h> + #include <xmlsec/errors.h> + +@@ -61,37 +60,21 @@ + static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, + xmlSecKeyPtr key, + xmlSecKeyInfoCtxPtr keyInfoCtx); +- + static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf, + xmlSecSize size); + static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf); +@@ -104,9 +87,6 @@ + xmlSecKeyInfoCtxPtr keyInfoCtx); + static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, + int base64LineWrap); +-static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); +-static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); +-static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); + static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, + FILE* output); + static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, +@@ -254,7 +234,11 @@ + + + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { ++#endif + sizeof(xmlSecKeyDataKlass), + xmlSecNssX509DataSize, + +@@ -378,7 +362,7 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_NewCertList", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + } +@@ -389,7 +373,7 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_AddCertToListTail", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + ctx->numCerts++; +@@ -588,7 +572,7 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + +@@ -627,7 +611,7 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "SEC_DupCrl", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + +@@ -652,7 +636,7 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); +@@ -752,31 +736,22 @@ + xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataPtr data; ++ xmlNodePtr cur; ++ xmlChar* buf; + CERTCertificate* cert; + CERTSignedCrl* crl; + xmlSecSize size, pos; +- int content = 0; +- int ret; + + xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + +- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); +- if (content < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecX509DataGetNodeContent", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "content=%d", content); +- return(-1); +- } else if(content == 0) { +- /* by default we are writing certificates and crls */ +- content = XMLSEC_X509DATA_DEFAULT; ++ /* todo: flag in ctx remove all existing content */ ++ if(0) { ++ xmlNodeSetContent(node, NULL); + } + +- /* get x509 data */ + data = xmlSecKeyGetData(key, id); + if(data == NULL) { + /* no x509 data in the key */ +@@ -795,80 +770,75 @@ + "pos=%d", pos); + return(-1); + } +- +- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { +- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509CertificateNodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } ++ ++ /* set base64 lines size from context */ ++ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); ++ if(buf == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssX509CertBase64DerWrite", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); + } +- +- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { +- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509SubjectNameNodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } ++ ++ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); ++ if(cur == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecAddChild", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "node=%s", ++ xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); ++ xmlFree(buf); ++ return(-1); + } ++ /* todo: add \n around base64 data - from context */ ++ /* todo: add errors check */ ++ xmlNodeSetContent(cur, xmlSecStringCR); ++ xmlNodeSetContent(cur, buf); ++ xmlFree(buf); ++ } + +- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { +- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509IssuerSerialNodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } +- } ++ /* write crls */ ++ size = xmlSecNssKeyDataX509GetCrlsSize(data); ++ for(pos = 0; pos < size; ++pos) { ++ crl = xmlSecNssKeyDataX509GetCrl(data, pos); ++ if(crl == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssKeyDataX509GetCrl", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "pos=%d", pos); ++ return(-1); ++ } + +- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { +- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509SKINodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } +- } +- } ++ /* set base64 lines size from context */ ++ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); ++ if(buf == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssX509CrlBase64DerWrite", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } + +- /* write crls if needed */ +- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { +- size = xmlSecNssKeyDataX509GetCrlsSize(data); +- for(pos = 0; pos < size; ++pos) { +- crl = xmlSecNssKeyDataX509GetCrl(data, pos); +- if(crl == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssKeyDataX509GetCrl", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } +- +- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509CRLNodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } +- } ++ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); ++ if(cur == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecAddChild", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "new_node=%s", ++ xmlSecErrorsSafeString(xmlSecNodeX509CRL)); ++ xmlFree(buf); ++ return(-1); ++ } ++ /* todo: add \n around base64 data - from context */ ++ /* todo: add errors check */ ++ xmlNodeSetContent(cur, xmlSecStringCR); ++ xmlNodeSetContent(cur, buf); + } + + return(0); +@@ -1015,19 +985,13 @@ + xmlSecAssert2(keyInfoCtx != NULL, -1); + + content = xmlNodeGetContent(node); +- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { +- if(content != NULL) { +- xmlFree(content); +- } +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +- xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- return(0); ++ if(content == NULL){ ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ++ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); + } + + cert = xmlSecNssX509CertBase64DerRead(content); +@@ -1057,46 +1021,6 @@ + return(0); + } + +-static int +-xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlChar* buf; +- xmlNodePtr cur; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- xmlSecAssert2(keyInfoCtx != NULL, -1); +- +- /* set base64 lines size from context */ +- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509CertBase64DerWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); +- xmlFree(buf); +- return(-1); +- } +- +- /* todo: add \n around base64 data - from context */ +- /* todo: add errors check */ +- xmlNodeSetContent(cur, xmlSecStringCR); +- xmlNodeSetContent(cur, buf); +- xmlFree(buf); +- return(0); +-} +- + static int + xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr x509Store; +@@ -1120,19 +1044,13 @@ + } + + subject = xmlNodeGetContent(node); +- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { +- if(subject != NULL) { +- xmlFree(subject); +- } +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +- xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- return(0); ++ if(subject == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ++ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); + } + + cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); +@@ -1167,40 +1085,6 @@ + return(0); + } + +-static int +-xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { +- xmlChar* buf = NULL; +- xmlNodePtr cur = NULL; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- +- buf = xmlSecNssX509NameWrite(&(cert->subject)); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameWrite(&(cert->subject))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); +- xmlFree(buf); +- return(-1); +- } +- xmlNodeSetContent(cur, buf); +- xmlFree(buf); +- return(0); +-} +- + static int + xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr x509Store; +@@ -1226,21 +1110,9 @@ + } + + cur = xmlSecGetNextElementNode(node->children); +- if(cur == NULL) { +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), +- XMLSEC_ERRORS_R_NODE_NOT_FOUND, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); +- return(-1); +- } +- return(0); +- } +- ++ + /* the first is required node X509IssuerName */ +- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { ++ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), +@@ -1332,78 +1204,6 @@ + return(0); + } + +-static int +-xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { +- xmlNodePtr cur; +- xmlNodePtr issuerNameNode; +- xmlNodePtr issuerNumberNode; +- xmlChar* buf; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- +- /* create xml nodes */ +- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); +- return(-1); +- } +- +- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); +- if(issuerNameNode == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); +- return(-1); +- } +- +- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); +- if(issuerNumberNode == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); +- return(-1); +- } +- +- /* write data */ +- buf = xmlSecNssX509NameWrite(&(cert->issuer)); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameWrite(&(cert->issuer))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- xmlNodeSetContent(issuerNameNode, buf); +- xmlFree(buf); +- +- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- xmlNodeSetContent(issuerNumberNode, buf); +- xmlFree(buf); +- +- return(0); +-} +- + static int + xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr x509Store; +@@ -1427,20 +1227,14 @@ + } + + ski = xmlNodeGetContent(node); +- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { +- if(ski != NULL) { +- xmlFree(ski); +- } +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +- xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); +- return(-1); +- } +- return(0); ++ if(ski == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ++ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ++ "node=%s", ++ xmlSecErrorsSafeString(xmlSecNodeX509SKI)); ++ return(-1); + } + + cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); +@@ -1475,41 +1269,6 @@ + return(0); + } + +-static int +-xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { +- xmlChar *buf = NULL; +- xmlNodePtr cur = NULL; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- +- buf = xmlSecNssX509SKIWrite(cert); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509SKIWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "new_node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); +- xmlFree(buf); +- return(-1); +- } +- xmlNodeSetContent(cur, buf); +- xmlFree(buf); +- +- return(0); +-} +- + static int + xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlChar *content; +@@ -1520,19 +1279,13 @@ + xmlSecAssert2(keyInfoCtx != NULL, -1); + + content = xmlNodeGetContent(node); +- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { +- if(content != NULL) { +- xmlFree(content); +- } +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +- xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- return(0); ++ if(content == NULL){ ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ++ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); + } + + crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); +@@ -1552,47 +1305,6 @@ + } + + static int +-xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlChar* buf = NULL; +- xmlNodePtr cur = NULL; +- +- xmlSecAssert2(crl != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- xmlSecAssert2(keyInfoCtx != NULL, -1); +- +- /* set base64 lines size from context */ +- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509CrlBase64DerWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "new_node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509CRL)); +- xmlFree(buf); +- return(-1); +- } +- /* todo: add \n around base64 data - from context */ +- /* todo: add errors check */ +- xmlNodeSetContent(cur, xmlSecStringCR); +- xmlNodeSetContent(cur, buf); +- xmlFree(buf); +- +- return(0); +-} +- +- +-static int + xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecNssX509DataCtxPtr ctx; +@@ -1600,6 +1312,10 @@ + int ret; + SECStatus status; + PRTime notBefore, notAfter; ++ ++ PK11SlotInfo* slot ; ++ SECKEYPublicKey *pubKey = NULL; ++ SECKEYPrivateKey *priKey = NULL; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); + xmlSecAssert2(key != NULL, -1); +@@ -1632,10 +1348,13 @@ + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + ++ /*- ++ * Get Public key from cert, which does not always work for sign action. ++ * + keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -1645,6 +1364,54 @@ + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } ++ */ ++ ++ /*- ++ * I'll search key according to KeyReq. ++ */ ++ slot = cert->slot ; ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ++ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "PK11_FindPrivateKeyFromCert" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { ++ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "CERT_ExtractPublicKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ if( priKey != NULL ) ++ SECKEY_DestroyPrivateKey( priKey ) ; ++ return -1 ; ++ } ++ } ++ ++ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); ++ if( keyValue == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "xmlSecNssPKIAdoptKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ if( priKey != NULL ) ++ SECKEY_DestroyPrivateKey( priKey ) ; ++ ++ if( pubKey != NULL ) ++ SECKEY_DestroyPublicKey( pubKey ) ; ++ ++ return -1 ; ++ } ++ /* Modify keyValue get Done */ + + /* verify that the key matches our expectations */ + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { +@@ -1725,14 +1492,6 @@ + return(0); + } + +-/** +- * xmlSecNssX509CertGetKey: +- * @cert: the certificate. +- * +- * Extracts public key from the @cert. +- * +- * Returns public key value or NULL if an error occurs. +- */ + xmlSecKeyDataPtr + xmlSecNssX509CertGetKey(CERTCertificate* cert) { + xmlSecKeyDataPtr data; +@@ -1746,7 +1505,7 @@ + NULL, + "CERT_ExtractPublicKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(NULL); + } + +@@ -1804,7 +1563,7 @@ + NULL, + "__CERT_NewTempCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(NULL); + } + +@@ -1827,7 +1586,7 @@ + NULL, + "cert->derCert", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(NULL); + } + +@@ -1890,7 +1649,7 @@ + NULL, + "PK11_GetInternalKeySlot", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return NULL; + } + +@@ -1905,7 +1664,7 @@ + NULL, + "PK11_ImportCRL", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + PK11_FreeSlot(slot); + return(NULL); + } +@@ -1929,7 +1688,7 @@ + NULL, + "crl->derCrl", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(NULL); + } + +@@ -1946,86 +1705,6 @@ + return(res); + } + +-static xmlChar* +-xmlSecNssX509NameWrite(CERTName* nm) { +- xmlChar *res = NULL; +- char *str; +- +- xmlSecAssert2(nm != NULL, NULL); +- +- str = CERT_NameToAscii(nm); +- if (str == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_NameToAscii", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(NULL); +- } +- +- res = xmlStrdup(BAD_CAST str); +- if(res == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlStrdup", +- XMLSEC_ERRORS_R_MALLOC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- PORT_Free(str); +- return(NULL); +- } +- PORT_Free(str); +- return(res); +-} +- +-static xmlChar* +-xmlSecNssASN1IntegerWrite(SECItem *num) { +- xmlChar *res = NULL; +- +- xmlSecAssert2(num != NULL, NULL); +- +- /* TODO : to be implemented after +- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed +- */ +- return(res); +-} +- +-static xmlChar* +-xmlSecNssX509SKIWrite(CERTCertificate* cert) { +- xmlChar *res = NULL; +- SECItem ski; +- SECStatus rv; +- +- xmlSecAssert2(cert != NULL, NULL); +- +- memset(&ski, 0, sizeof(ski)); +- +- rv = CERT_FindSubjectKeyIDExtension(cert, &ski); +- if (rv != SECSuccess) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_FindSubjectKeyIDExtension", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- SECITEM_FreeItem(&ski, PR_FALSE); +- return(NULL); +- } +- +- res = xmlSecBase64Encode(ski.data, ski.len, 0); +- if(res == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecBase64Encode", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- SECITEM_FreeItem(&ski, PR_FALSE); +- return(NULL); +- } +- SECITEM_FreeItem(&ski, PR_FALSE); +- +- return(res); +-} +- +- + static void + xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { + SECItem *sn; +@@ -2084,7 +1763,11 @@ + xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx); + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { ++#else + static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { ++#endif + sizeof(xmlSecKeyDataKlass), + sizeof(xmlSecKeyData), + +--- misc/xmlsec1-1.2.6/src/nss/x509vfy.c 2003-09-26 02:58:15.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c 2008-06-29 23:44:19.000000000 +0200 +@@ -30,6 +30,7 @@ + #include <xmlsec/keyinfo.h> + #include <xmlsec/keysmngr.h> + #include <xmlsec/base64.h> ++#include <xmlsec/bn.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> +@@ -43,8 +44,8 @@ + typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, + *xmlSecNssX509StoreCtxPtr; + struct _xmlSecNssX509StoreCtx { +- CERTCertList* certsList; /* just keeping a reference to destroy later */ +-}; ++ CERTCertList* certsList; /* just keeping a reference to destroy later */ ++}; + + /**************************************************************************** + * +@@ -54,45 +55,40 @@ + * + ***************************************************************************/ + #define xmlSecNssX509StoreGetCtx(store) \ +- ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ +- sizeof(xmlSecKeyDataStoreKlass))) ++ ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ ++ sizeof(xmlSecKeyDataStoreKlass))) + #define xmlSecNssX509StoreSize \ +- (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) ++ (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) + + static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); + static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); +-static int xmlSecNssX509NameStringRead (xmlSecByte **str, +- int *strLen, +- xmlSecByte *res, +- int resLen, +- xmlSecByte delim, +- int ingoreTrailingSpaces); +-static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, +- int len); +- +-static void xmlSecNssNumToItem(SECItem *it, unsigned long num); + ++static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; + ++#ifdef __MINGW32__ // for runtime-pseudo-reloc ++static struct _xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { ++#else + static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { +- sizeof(xmlSecKeyDataStoreKlass), +- xmlSecNssX509StoreSize, +- +- /* data */ +- xmlSecNameX509Store, /* const xmlChar* name; */ +- +- /* constructors/destructor */ +- xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ +- xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ +- +- /* reserved for the future */ +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ ++#endif ++ sizeof(xmlSecKeyDataStoreKlass), ++ xmlSecNssX509StoreSize, ++ ++ /* data */ ++ xmlSecNameX509Store, /* const xmlChar* name; */ ++ ++ /* constructors/destructor */ ++ xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ ++ xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ ++ ++ /* reserved for the future */ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ + }; + + static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, +- xmlChar *issuerName, +- xmlChar *issuerSerial, +- xmlChar *ski); ++ xmlChar *issuerName, ++ xmlChar *issuerSerial, ++ xmlChar *ski); + + + /** +@@ -104,7 +100,7 @@ + */ + xmlSecKeyDataStoreId + xmlSecNssX509StoreGetKlass(void) { +- return(&xmlSecNssX509StoreKlass); ++ return(&xmlSecNssX509StoreKlass); + } + + /** +@@ -125,15 +121,15 @@ + xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, + xmlChar *issuerName, xmlChar *issuerSerial, + xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { +- xmlSecNssX509StoreCtxPtr ctx; +- +- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); +- xmlSecAssert2(keyInfoCtx != NULL, NULL); ++ xmlSecNssX509StoreCtxPtr ctx; ++ ++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); ++ xmlSecAssert2(keyInfoCtx != NULL, NULL); + +- ctx = xmlSecNssX509StoreGetCtx(store); +- xmlSecAssert2(ctx != NULL, NULL); ++ ctx = xmlSecNssX509StoreGetCtx(store); ++ xmlSecAssert2(ctx != NULL, NULL); + +- return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); ++ return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); + } + + /** +@@ -148,116 +144,130 @@ + */ + CERTCertificate * + xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, +- xmlSecKeyInfoCtx* keyInfoCtx) { +- xmlSecNssX509StoreCtxPtr ctx; +- CERTCertListNode* head; +- CERTCertificate* cert = NULL; +- CERTCertListNode* head1; +- CERTCertificate* cert1 = NULL; +- SECStatus status = SECFailure; +- int64 timeboundary; +- int64 tmp1, tmp2; +- +- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); +- xmlSecAssert2(certs != NULL, NULL); +- xmlSecAssert2(keyInfoCtx != NULL, NULL); +- +- ctx = xmlSecNssX509StoreGetCtx(store); +- xmlSecAssert2(ctx != NULL, NULL); +- +- for (head = CERT_LIST_HEAD(certs); +- !CERT_LIST_END(head, certs); +- head = CERT_LIST_NEXT(head)) { +- cert = head->cert; ++ xmlSecKeyInfoCtx* keyInfoCtx) { ++ xmlSecNssX509StoreCtxPtr ctx; ++ CERTCertListNode* head; ++ CERTCertificate* cert = NULL; ++ CERTCertListNode* head1; ++ CERTCertificate* cert1 = NULL; ++ SECStatus status = SECFailure; ++ int64 timeboundary; ++ int64 tmp1, tmp2; ++ ++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); ++ xmlSecAssert2(certs != NULL, NULL); ++ xmlSecAssert2(keyInfoCtx != NULL, NULL); ++ ++ ctx = xmlSecNssX509StoreGetCtx(store); ++ xmlSecAssert2(ctx != NULL, NULL); ++ ++ for (head = CERT_LIST_HEAD(certs); ++ !CERT_LIST_END(head, certs); ++ head = CERT_LIST_NEXT(head)) { ++ cert = head->cert; + if(keyInfoCtx->certsVerificationTime > 0) { +- /* convert the time since epoch in seconds to microseconds */ +- LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); +- tmp1 = (int64)PR_USEC_PER_SEC; +- tmp2 = timeboundary; +- LL_MUL(timeboundary, tmp1, tmp2); ++ /* convert the time since epoch in seconds to microseconds */ ++ LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); ++ tmp1 = (int64)PR_USEC_PER_SEC; ++ tmp2 = timeboundary; ++ LL_MUL(timeboundary, tmp1, tmp2); + } else { +- timeboundary = PR_Now(); ++ timeboundary = PR_Now(); + } + + /* if cert is the issuer of any other cert in the list, then it is + * to be skipped */ + for (head1 = CERT_LIST_HEAD(certs); +- !CERT_LIST_END(head1, certs); +- head1 = CERT_LIST_NEXT(head1)) { ++ !CERT_LIST_END(head1, certs); ++ head1 = CERT_LIST_NEXT(head1)) { + +- cert1 = head1->cert; +- if (cert1 == cert) { ++ cert1 = head1->cert; ++ if (cert1 == cert) { + continue; +- } ++ } + +- if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) +- == SECEqual) { ++ if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) ++ == SECEqual) { + break; +- } ++ } + } + + if (!CERT_LIST_END(head1, certs)) { +- continue; ++ continue; + } +- +- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), +- cert, PR_FALSE, +- (SECCertificateUsage)0, +- timeboundary , NULL, NULL, NULL); +- if (status == SECSuccess) { +- break; ++ /* JL: OpenOffice.org implements its own certificate verification routine. ++ The goal is to seperate validation of the signature ++ and the certificate. For example, OOo could show that the document signature is valid, ++ but the certificate could not be verified. If we do not prevent the verification of ++ the certificate by libxmlsec and the verification fails, then the XML signature may not be ++ verified. This would happen, for example, if the root certificate is not installed. ++ ++ In the store schould only be the certificate from the X509Certificate element ++ and the X509IssuerSerial element. The latter is only there ++ if the certificate is installed. Both certificates must be the same! ++ In case of writing the signature, the store contains only the certificate that ++ was created based on the information from the X509IssuerSerial element. */ ++ status = SECSuccess; ++ break; ++/* status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), ++ cert, PR_FALSE, ++ (SECCertificateUsage)0, ++ timeboundary , NULL, NULL, NULL); ++ if (status == SECSuccess) { ++ break; ++ } */ + } +- } + +- if (status == SECSuccess) { ++ if (status == SECSuccess) { + return (cert); +- } +- +- switch(PORT_GetError()) { ++ } ++ ++ switch(PORT_GetError()) { + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + case SEC_ERROR_CA_CERT_INVALID: + case SEC_ERROR_UNKNOWN_SIGNER: +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +- NULL, +- XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, +- "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", +- cert->subjectName); +- break; ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ NULL, ++ XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, ++ "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", ++ cert->subjectName); ++ break; + case SEC_ERROR_EXPIRED_CERTIFICATE: +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +- NULL, +- XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, +- "cert with subject name %s has expired", +- cert->subjectName); +- break; ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ NULL, ++ XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, ++ "cert with subject name %s has expired", ++ cert->subjectName); ++ break; + case SEC_ERROR_REVOKED_CERTIFICATE: +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +- NULL, +- XMLSEC_ERRORS_R_CERT_REVOKED, +- "cert with subject name %s has been revoked", +- cert->subjectName); +- break; ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ NULL, ++ XMLSEC_ERRORS_R_CERT_REVOKED, ++ "cert with subject name %s has been revoked", ++ cert->subjectName); ++ break; + default: +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +- NULL, +- XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, +- "cert with subject name %s could not be verified", +- cert->subjectName); +- break; +- } ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ NULL, ++ XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, ++ "cert with subject name %s could not be verified, errcode %d", ++ cert->subjectName, ++ PORT_GetError()); ++ break; ++ } + +- return (NULL); ++ return (NULL); + } + + /** + * xmlSecNssX509StoreAdoptCert: +- * @store: the pointer to X509 key data store klass. +- * @cert: the pointer to NSS X509 certificate. +- * @type: the certificate type (trusted/untrusted). ++ * @store: the pointer to X509 key data store klass. ++ * @cert: the pointer to NSS X509 certificate. ++ * @type: the certificate type (trusted/untrusted). + * + * Adds trusted (root) or untrusted certificate to the store. + * +@@ -265,67 +275,67 @@ + */ + int + xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { +- xmlSecNssX509StoreCtxPtr ctx; +- int ret; ++ xmlSecNssX509StoreCtxPtr ctx; ++ int ret; + +- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); +- xmlSecAssert2(cert != NULL, -1); ++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); ++ xmlSecAssert2(cert != NULL, -1); + +- ctx = xmlSecNssX509StoreGetCtx(store); +- xmlSecAssert2(ctx != NULL, -1); ++ ctx = xmlSecNssX509StoreGetCtx(store); ++ xmlSecAssert2(ctx != NULL, -1); + +- if(ctx->certsList == NULL) { +- ctx->certsList = CERT_NewCertList(); +- if(ctx->certsList == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +- "CERT_NewCertList", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- } +- +- ret = CERT_AddCertToListTail(ctx->certsList, cert); +- if(ret != SECSuccess) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +- "CERT_AddCertToListTail", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } ++ if(ctx->certsList == NULL) { ++ ctx->certsList = CERT_NewCertList(); ++ if(ctx->certsList == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CERT_NewCertList", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code=%d", PORT_GetError()); ++ return(-1); ++ } ++ } + +- return(0); ++ ret = CERT_AddCertToListTail(ctx->certsList, cert); ++ if(ret != SECSuccess) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CERT_AddCertToListTail", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code=%d", PORT_GetError()); ++ return(-1); ++ } ++ ++ return(0); + } + + static int + xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { +- xmlSecNssX509StoreCtxPtr ctx; +- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); ++ xmlSecNssX509StoreCtxPtr ctx; ++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); + +- ctx = xmlSecNssX509StoreGetCtx(store); +- xmlSecAssert2(ctx != NULL, -1); ++ ctx = xmlSecNssX509StoreGetCtx(store); ++ xmlSecAssert2(ctx != NULL, -1); + +- memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); ++ memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); + +- return(0); ++ return(0); + } + + static void + xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { +- xmlSecNssX509StoreCtxPtr ctx; +- xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); ++ xmlSecNssX509StoreCtxPtr ctx; ++ xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); + +- ctx = xmlSecNssX509StoreGetCtx(store); +- xmlSecAssert(ctx != NULL); +- +- if (ctx->certsList) { ++ ctx = xmlSecNssX509StoreGetCtx(store); ++ xmlSecAssert(ctx != NULL); ++ ++ if (ctx->certsList) { + CERT_DestroyCertList(ctx->certsList); + ctx->certsList = NULL; +- } ++ } + +- memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); ++ memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); + } + + +@@ -340,376 +350,213 @@ + */ + static CERTCertificate* + xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, +- xmlChar *issuerSerial, xmlChar *ski) { +- CERTCertificate *cert = NULL; +- xmlChar *p = NULL; +- CERTName *name = NULL; +- SECItem *nameitem = NULL; +- PRArenaPool *arena = NULL; +- +- if (subjectName != NULL) { +- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); +- if (p == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "subject=%s", +- xmlSecErrorsSafeString(subjectName)); +- goto done; +- } +- +- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); +- if (arena == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "PORT_NewArena", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- +- name = CERT_AsciiToName((char*)p); +- if (name == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_AsciiToName", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- +- nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, +- SEC_ASN1_GET(CERT_NameTemplate)); +- if (nameitem == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "SEC_ASN1EncodeItem", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- +- cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); +- goto done; +- } +- +- if((issuerName != NULL) && (issuerSerial != NULL)) { +- CERTIssuerAndSN issuerAndSN; +- +- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); +- if (p == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "issuer=%s", +- xmlSecErrorsSafeString(issuerName)); +- goto done; +- } +- +- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); +- if (arena == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "PORT_NewArena", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- +- name = CERT_AsciiToName((char*)p); +- if (name == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_AsciiToName", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- +- nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, +- SEC_ASN1_GET(CERT_NameTemplate)); +- if (nameitem == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "SEC_ASN1EncodeItem", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- +- memset(&issuerAndSN, 0, sizeof(issuerAndSN)); ++ xmlChar *issuerSerial, xmlChar *ski) { ++ CERTCertificate *cert = NULL; ++ CERTName *name = NULL; ++ SECItem *nameitem = NULL; ++ PRArenaPool *arena = NULL; ++ ++ if (subjectName != NULL) { ++ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); ++ if (arena == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PORT_NewArena", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code=%d", PORT_GetError()); ++ goto done; ++ } + +- issuerAndSN.derIssuer.data = nameitem->data; +- issuerAndSN.derIssuer.len = nameitem->len; ++ name = CERT_AsciiToName((char*)subjectName); ++ if (name == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "CERT_AsciiToName", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "error code=%d", PORT_GetError()); ++ goto done; ++ } + +- /* TBD: serial num can be arbitrarily long */ +- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); ++ nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, ++ SEC_ASN1_GET(CERT_NameTemplate)); ++ if (nameitem == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "SEC_ASN1EncodeItem", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "error code=%d", PORT_GetError()); ++ goto done; ++ } + +- cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), +- &issuerAndSN); +- SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); +- goto done; +- } +- +- if(ski != NULL) { +- SECItem subjKeyID; +- int len; +- +- len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); +- if(len < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecBase64Decode", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "ski=%s", +- xmlSecErrorsSafeString(ski)); +- goto done; +- } +- +- memset(&subjKeyID, 0, sizeof(subjKeyID)); +- subjKeyID.data = ski; +- subjKeyID.len = xmlStrlen(ski); +- cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), +- &subjKeyID); +- } ++ cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); ++ goto done; ++ } + +-done: +- if (p != NULL) { +- PORT_Free(p); +- } +- if (arena != NULL) { +- PORT_FreeArena(arena, PR_FALSE); +- } +- if (name != NULL) { +- CERT_DestroyName(name); +- } ++ if((issuerName != NULL) && (issuerSerial != NULL)) { ++ CERTIssuerAndSN issuerAndSN; + +- return(cert); +-} ++ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); ++ if (arena == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "PORT_NewArena", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ "error code=%d", PORT_GetError()); ++ goto done; ++ } + +-/** +- * xmlSecNssX509NameRead: +- */ +-static xmlSecByte * +-xmlSecNssX509NameRead(xmlSecByte *str, int len) { +- xmlSecByte name[256]; +- xmlSecByte value[256]; +- xmlSecByte *retval = NULL; +- xmlSecByte *p = NULL; +- int nameLen, valueLen; +- +- xmlSecAssert2(str != NULL, NULL); +- +- /* return string should be no longer than input string */ +- retval = (xmlSecByte *)PORT_Alloc(len+1); +- if(retval == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "PORT_Alloc", +- XMLSEC_ERRORS_R_MALLOC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(NULL); +- } +- p = retval; +- +- while(len > 0) { +- /* skip spaces after comma or semicolon */ +- while((len > 0) && isspace(*str)) { +- ++str; --len; +- } +- +- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); +- if(nameLen < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameStringRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- memcpy(p, name, nameLen); +- p+=nameLen; +- *p++='='; +- if(len > 0) { +- ++str; --len; +- if((*str) == '\"') { +- valueLen = xmlSecNssX509NameStringRead(&str, &len, +- value, sizeof(value), '"', 1); +- if(valueLen < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, ++ name = CERT_AsciiToName((char*)issuerName); ++ if (name == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +- "xmlSecNssX509NameStringRead", ++ "CERT_AsciiToName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- /* skip spaces before comma or semicolon */ +- while((len > 0) && isspace(*str)) { +- ++str; --len; ++ "error code=%d", PORT_GetError()); ++ goto done; + } +- if((len > 0) && ((*str) != ',')) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "comma is expected"); +- goto done; +- } +- if(len > 0) { +- ++str; --len; ++ ++ nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, ++ SEC_ASN1_GET(CERT_NameTemplate)); ++ if (nameitem == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "SEC_ASN1EncodeItem", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "error code=%d", PORT_GetError()); ++ goto done; + } +- *p++='\"'; +- memcpy(p, value, valueLen); +- p+=valueLen; +- *p++='\"'; +- } else if((*str) == '#') { +- /* TODO: read octect values */ +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "reading octect values is not implemented yet"); +- goto done; +- } else { +- valueLen = xmlSecNssX509NameStringRead(&str, &len, +- value, sizeof(value), ',', 1); +- if(valueLen < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, ++ ++ memset(&issuerAndSN, 0, sizeof(issuerAndSN)); ++ ++ issuerAndSN.derIssuer.data = nameitem->data; ++ issuerAndSN.derIssuer.len = nameitem->len; ++ ++ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +- "xmlSecNssX509NameStringRead", ++ "xmlSecNssIntegerToItem", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- memcpy(p, value, valueLen); +- p+=valueLen; +- if (len > 0) +- *p++=','; +- } +- } else { +- valueLen = 0; ++ "serial number=%s", ++ xmlSecErrorsSafeString(issuerSerial)); ++ goto done; ++ } ++ ++ cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), ++ &issuerAndSN); ++ SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); ++ goto done; ++ } ++ ++ if(ski != NULL) { ++ SECItem subjKeyID; ++ int len; ++ ++ len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); ++ if(len < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBase64Decode", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "ski=%s", ++ xmlSecErrorsSafeString(ski)); ++ goto done; ++ } ++ ++ memset(&subjKeyID, 0, sizeof(subjKeyID)); ++ subjKeyID.data = ski; ++ subjKeyID.len = xmlStrlen(ski); ++ cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), ++ &subjKeyID); + } +- if(len > 0) { +- ++str; --len; +- } +- } +- +- *p = 0; +- return(retval); +- ++ + done: +- PORT_Free(retval); +- return (NULL); ++ if (arena != NULL) { ++ PORT_FreeArena(arena, PR_FALSE); ++ } ++ if (name != NULL) { ++ CERT_DestroyName(name); ++ } ++ ++ return(cert); + } + ++static int ++xmlSecNssIntegerToItem( ++ const xmlChar* integer , ++ SECItem *item ++) { ++ xmlSecBn bn ; ++ xmlSecSize i, length ; ++ const xmlSecByte* bnInteger ; + ++ xmlSecAssert2( integer != NULL, -1 ) ; ++ xmlSecAssert2( item != NULL, -1 ) ; + +-/** +- * xmlSecNssX509NameStringRead: +- */ +-static int +-xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, +- xmlSecByte *res, int resLen, +- xmlSecByte delim, int ingoreTrailingSpaces) { +- xmlSecByte *p, *q, *nonSpace; +- +- xmlSecAssert2(str != NULL, -1); +- xmlSecAssert2(strLen != NULL, -1); +- xmlSecAssert2(res != NULL, -1); +- +- p = (*str); +- nonSpace = q = res; +- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { +- if((*p) != '\\') { +- if(ingoreTrailingSpaces && !isspace(*p)) { +- nonSpace = q; +- } +- *(q++) = *(p++); +- } else { +- ++p; +- nonSpace = q; +- if(xmlSecIsHex((*p))) { +- if((p - (*str) + 1) >= (*strLen)) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "two hex digits expected"); +- return(-1); +- } +- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); +- p += 2; +- } else { +- if(((++p) - (*str)) >= (*strLen)) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "escaped symbol missed"); +- return(-1); +- } +- *(q++) = *(p++); +- } +- } +- } +- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_SIZE, +- "buffer is too small"); +- return(-1); +- } +- (*strLen) -= (p - (*str)); +- (*str) = p; +- return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); +-} ++ if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnInitialize", ++ XMLSEC_ERRORS_R_INVALID_DATA, ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } + +-/* code lifted from NSS */ +-static void +-xmlSecNssNumToItem(SECItem *it, unsigned long ui) +-{ +- unsigned char bb[5]; +- int len; +- +- bb[0] = 0; +- bb[1] = (unsigned char) (ui >> 24); +- bb[2] = (unsigned char) (ui >> 16); +- bb[3] = (unsigned char) (ui >> 8); +- bb[4] = (unsigned char) (ui); +- +- /* +- ** Small integers are encoded in a single byte. Larger integers +- ** require progressively more space. +- */ +- if (ui > 0x7f) { +- if (ui > 0x7fff) { +- if (ui > 0x7fffffL) { +- if (ui >= 0x80000000L) { +- len = 5; +- } else { +- len = 4; +- } +- } else { +- len = 3; +- } +- } else { +- len = 2; +- } +- } else { +- len = 1; +- } +- +- it->data = (unsigned char *)PORT_Alloc(len); +- if (it->data == NULL) { +- return; +- } ++ if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnFromDecString", ++ XMLSEC_ERRORS_R_INVALID_DATA, ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecBnFinalize( &bn ) ; ++ return -1 ; ++ } ++ ++ length = xmlSecBnGetSize( &bn ) ; ++ if( length <= 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnGetSize", ++ XMLSEC_ERRORS_R_INVALID_DATA, ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecBnFinalize( &bn ) ; ++ return -1 ; ++ } ++ ++ bnInteger = xmlSecBnGetData( &bn ) ; ++ if( bnInteger == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnGetData", ++ XMLSEC_ERRORS_R_INVALID_DATA, ++ XMLSEC_ERRORS_NO_MESSAGE ) ; + +- it->len = len; +- PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); ++ xmlSecBnFinalize( &bn ) ; ++ return -1 ; ++ } ++ ++ item->data = ( unsigned char * )PORT_Alloc( length ); ++ if( item->data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ NULL, ++ "PORT_Alloc", ++ XMLSEC_ERRORS_R_INVALID_DATA, ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecBnFinalize( &bn ) ; ++ return -1 ; ++ } ++ ++ item->len = length; ++ ++ for( i = 0 ; i < length ; i ++ ) ++ item->data[i] = *( bnInteger + i ) ; ++ ++ xmlSecBnFinalize( &bn ) ; ++ ++ return 0 ; + } +-#endif /* XMLSEC_NO_X509 */ + ++#endif /* XMLSEC_NO_X509 */ + +--- misc/xmlsec1-1.2.6/win32/Makefile.msvc 2004-06-09 16:35:12.000000000 +0200 ++++ misc/build/xmlsec1-1.2.6/win32/Makefile.msvc 2008-06-29 23:44:19.000000000 +0200 +@@ -223,6 +223,10 @@ + $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj + + XMLSEC_NSS_OBJS = \ ++ $(XMLSEC_NSS_INTDIR)\akmngr.obj\ ++ $(XMLSEC_NSS_INTDIR)\keytrans.obj\ ++ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ ++ $(XMLSEC_NSS_INTDIR)\tokens.obj\ + $(XMLSEC_NSS_INTDIR)\app.obj\ + $(XMLSEC_NSS_INTDIR)\bignum.obj\ + $(XMLSEC_NSS_INTDIR)\ciphers.obj \ +@@ -235,9 +239,6 @@ + $(XMLSEC_NSS_INTDIR)\x509.obj\ + $(XMLSEC_NSS_INTDIR)\x509vfy.obj\ + $(XMLSEC_NSS_INTDIR)\keysstore.obj\ +- $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\ +- $(XMLSEC_NSS_INTDIR)\kw_des.obj\ +- $(XMLSEC_NSS_INTDIR)\kw_aes.obj\ + $(XMLSEC_NSS_INTDIR)\strings.obj + XMLSEC_NSS_OBJS_A = \ + $(XMLSEC_NSS_INTDIR_A)\app.obj\ +@@ -258,6 +259,7 @@ + $(XMLSEC_NSS_INTDIR_A)\strings.obj + + XMLSEC_MSCRYPTO_OBJS = \ ++ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ + $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ + $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ + $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ +@@ -376,7 +378,7 @@ + XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib + XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib + +-XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib ++XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib + XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib + + XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib |