diff options
| -rw-r--r-- | external/libxmlsec/UnpackedTarball_xmlsec.mk | 1 | ||||
| -rw-r--r-- | external/libxmlsec/xmlsec1-nssmangleciphers.patch.1 | 1145 |
2 files changed, 0 insertions, 1146 deletions
diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk index d7859f35a083..64fb37aad058 100644 --- a/external/libxmlsec/UnpackedTarball_xmlsec.mk +++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk @@ -10,7 +10,6 @@ xmlsec_patches := xmlsec_patches += xmlsec1-configure.patch.1 xmlsec_patches += xmlsec1-nssdisablecallbacks.patch.1 -xmlsec_patches += xmlsec1-nssmangleciphers.patch.1 xmlsec_patches += xmlsec1-noverify.patch.1 xmlsec_patches += xmlsec1-vc.patch.1 xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1 diff --git a/external/libxmlsec/xmlsec1-nssmangleciphers.patch.1 b/external/libxmlsec/xmlsec1-nssmangleciphers.patch.1 deleted file mode 100644 index ea5088fcea97..000000000000 --- a/external/libxmlsec/xmlsec1-nssmangleciphers.patch.1 +++ /dev/null @@ -1,1145 +0,0 @@ -From 31942f69c090c27ec6c36f1fd36a5967c7ca9f74 Mon Sep 17 00:00:00 2001 -From: Miklos Vajna <vmiklos@collabora.co.uk> -Date: Fri, 4 Mar 2016 16:09:39 +0100 -Subject: [PATCH] xmlsec1-nssmangleciphers.patch - -Conflicts: - src/nss/ciphers.c ---- - src/nss/ciphers.c | 859 ++++++++++++++++++++++++++++++------------------------ - 1 file changed, 480 insertions(+), 379 deletions(-) - -diff --git a/src/nss/ciphers.c b/src/nss/ciphers.c -index cf67936..c063c04 100644 ---- a/src/nss/ciphers.c -+++ b/src/nss/ciphers.c -@@ -11,180 +11,422 @@ - - #include <string.h> - --#include <nspr.h> - #include <nss.h> --#include <secoid.h> - #include <pk11func.h> - - #include <xmlsec/xmlsec.h> -+#include <xmlsec/xmltree.h> -+#include <xmlsec/base64.h> - #include <xmlsec/keys.h> - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> - --#define XMLSEC_NSS_MAX_KEY_SIZE 32 --#define XMLSEC_NSS_MAX_IV_SIZE 32 --#define XMLSEC_NSS_MAX_BLOCK_SIZE 32 -+#include <xmlsec/nss/ciphers.h> - - /************************************************************************** - * -- * Internal Nss Block cipher CTX -+ * Internal Nss Block Cipher Context -+ * This context is designed for repositing a block cipher for transform - * - *****************************************************************************/ --typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, -- *xmlSecNssBlockCipherCtxPtr; -+typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; -+typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; -+ - struct _xmlSecNssBlockCipherCtx { - CK_MECHANISM_TYPE cipher; -+ PK11SymKey* symkey ; - PK11Context* cipherCtx; - xmlSecKeyDataId keyId; -- int keyInitialized; -- int ctxInitialized; -- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; -- xmlSecSize keySize; -- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; -- xmlSecSize ivSize; - }; --static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, -- xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx); --static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, -- xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx); --static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, -- xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx); -+ -+#define xmlSecNssBlockCipherSize \ -+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) -+ -+#define xmlSecNssBlockCipherGetCtx( transform ) \ -+ ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) -+ -+static int -+xmlSecNssBlockCipherCheckId( -+ xmlSecTransformPtr transform -+) { -+ #ifndef XMLSEC_NO_DES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) { -+ return 1 ; -+ } -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) { -+ -+ return 1 ; -+ } -+ #endif /* XMLSEC_NO_AES */ -+ -+ return 0 ; -+} -+ -+static int -+xmlSecNssBlockCipherFetchCtx( -+ xmlSecNssBlockCipherCtxPtr context , -+ xmlSecTransformId id -+) { -+ xmlSecAssert2( context != NULL, -1 ) ; -+ -+ #ifndef XMLSEC_NO_DES -+ if( id == xmlSecNssTransformDes3CbcId ) { -+ context->cipher = CKM_DES3_CBC ; -+ context->keyId = xmlSecNssKeyDataDesId ; -+ } else -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( id == xmlSecNssTransformAes128CbcId ) { -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( id == xmlSecNssTransformAes192CbcId ) { -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( id == xmlSecNssTransformAes256CbcId ) { -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ #endif /* XMLSEC_NO_AES */ -+ -+ if( 1 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ return 0 ; -+} -+ -+/** -+ * xmlSecTransformInitializeMethod: -+ * @transform: the pointer to transform object. -+ * -+ * The transform specific initialization method. -+ * -+ * Returns 0 on success or a negative value otherwise. -+ */ -+static int -+xmlSecNssBlockCipherInitialize( -+ xmlSecTransformPtr transform -+) { -+ xmlSecNssBlockCipherCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -+ -+ context = xmlSecNssBlockCipherGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherFetchCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ context->symkey = NULL ; -+ context->cipherCtx = NULL ; -+ -+ return 0 ; -+} -+ -+/** -+ * xmlSecTransformFinalizeMethod: -+ * @transform: the pointer to transform object. -+ * -+ * The transform specific destroy method. -+ */ -+static void -+xmlSecNssBlockCipherFinalize( -+ xmlSecTransformPtr transform -+) { -+ xmlSecNssBlockCipherCtxPtr context = NULL ; -+ -+ xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ; -+ xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ; -+ -+ context = xmlSecNssBlockCipherGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return ; -+ } -+ -+ if( context->cipherCtx != NULL ) { -+ PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ; -+ context->cipherCtx = NULL ; -+ } -+ -+ if( context->symkey != NULL ) { -+ PK11_FreeSymKey( context->symkey ) ; -+ context->symkey = NULL ; -+ } -+ -+ context->cipher = CKM_INVALID_MECHANISM ; -+ context->keyId = NULL ; -+} -+ -+/** -+ * xmlSecTransformSetKeyRequirementsMethod: -+ * @transform: the pointer to transform object. -+ * @keyReq: the pointer to key requirements structure. -+ * -+ * Transform specific method to set transform's key requirements. -+ * -+ * Returns 0 on success or a negative value otherwise. -+ */ -+static int -+xmlSecNssBlockCipherSetKeyReq( -+ xmlSecTransformPtr transform , -+ xmlSecKeyReqPtr keyReq -+) { -+ xmlSecNssBlockCipherCtxPtr context = NULL ; -+ xmlSecSize cipherSize = 0 ; -+ -+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -+ xmlSecAssert2( keyReq != NULL , -1 ) ; -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ -+ context = xmlSecNssBlockCipherGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ keyReq->keyId = context->keyId ; -+ keyReq->keyType = xmlSecKeyDataTypeSymmetric ; -+ -+ if( transform->operation == xmlSecTransformOperationEncrypt ) { -+ keyReq->keyUsage = xmlSecKeyUsageEncrypt ; -+ } else { -+ keyReq->keyUsage = xmlSecKeyUsageDecrypt ; -+ } -+ -+ /* -+ if( context->symkey != NULL ) -+ cipherSize = PK11_GetKeyLength( context->symkey ) ; -+ -+ keyReq->keyBitsSize = cipherSize * 8 ; -+ */ -+ -+ return 0 ; -+} -+ -+/** -+ * xmlSecTransformSetKeyMethod: -+ * @transform: the pointer to transform object. -+ * @key: the pointer to key. -+ * -+ * The transform specific method to set the key for use. -+ * -+ * Returns 0 on success or a negative value otherwise. -+ */ -+static int -+xmlSecNssBlockCipherSetKey( -+ xmlSecTransformPtr transform , -+ xmlSecKeyPtr key -+) { -+ xmlSecNssBlockCipherCtxPtr context = NULL ; -+ xmlSecKeyDataPtr keyData = NULL ; -+ PK11SymKey* symkey = NULL ; -+ CK_ATTRIBUTE_TYPE operation ; -+ int ivLen ; -+ -+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; -+ xmlSecAssert2( key != NULL , -1 ) ; -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ -+ context = xmlSecNssBlockCipherGetCtx( transform ) ; -+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; -+ -+ keyData = xmlSecKeyGetValue( key ) ; -+ if( keyData == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , -+ "xmlSecKeyGetValue" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -+ "xmlSecNssSymKeyDataGetKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ context->symkey = symkey ; -+ -+ return 0 ; -+} -+ - static int - xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, xmlSecBufferPtr out, - int encrypt, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { -- SECItem keyItem; - SECItem ivItem; -- PK11SlotInfo* slot; -- PK11SymKey* symKey; -+ SECItem* secParam = NULL ; -+ xmlSecBufferPtr ivBuf = NULL ; - int ivLen; -- SECStatus rv; -- int ret; - - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->cipher != 0, -1); -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; - xmlSecAssert2(ctx->cipherCtx == NULL, -1); -- xmlSecAssert2(ctx->keyInitialized != 0, -1); -- xmlSecAssert2(ctx->ctxInitialized == 0, -1); -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2(in != NULL, -1); - xmlSecAssert2(out != NULL, -1); - xmlSecAssert2(transformCtx != NULL, -1); - - ivLen = PK11_GetIVLength(ctx->cipher); -- xmlSecAssert2(ivLen > 0, -1); -- xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); -+ if( ivLen < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetIVLength" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } - - if(encrypt) { -- /* generate random iv */ -- rv = PK11_GenerateRandom(ctx->iv, ivLen); -- if(rv != SECSuccess) { -+ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", ivLen); -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecBufferDestroy( ivBuf ) ; - return(-1); - } -+ if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; -+ return -1 ; -+ } - -- /* write iv to the output */ -- ret = xmlSecBufferAppend(out, ctx->iv, ivLen); -- if(ret < 0) { -+ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferAppend", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", ivLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecBufferDestroy( ivBuf ) ; - return(-1); - } - - } else { -- /* if we don't have enough data, exit and hope that -- * we'll have iv next time */ -- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { -- return(0); -- } -- -- /* copy iv to our buffer*/ -- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); -- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); -- -- /* and remove from input */ -- ret = xmlSecBufferRemoveHead(in, ivLen); -- if(ret < 0) { -+ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferRemoveHead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", ivLen); -+ "xmlSecBufferSetData", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecBufferDestroy( ivBuf ) ; - return(-1); - } - } - -- memset(&keyItem, 0, sizeof(keyItem)); -- keyItem.data = ctx->key; -- keyItem.len = ctx->keySize; -- memset(&ivItem, 0, sizeof(ivItem)); -- ivItem.data = ctx->iv; -- ivItem.len = ctx->ivSize; -- -- slot = PK11_GetBestSlot(ctx->cipher, NULL); -- if(slot == NULL) { -+ if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), -- "PK11_GetBestSlot", -+ "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecBufferDestroy( ivBuf ) ; - return(-1); - } - -- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, -- CKA_SIGN, &keyItem, NULL); -- if(symKey == NULL) { -+ ivItem.data = xmlSecBufferGetData( ivBuf ) ; -+ ivItem.len = xmlSecBufferGetSize( ivBuf ) ; -+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), -- "PK11_ImportSymKey", -+ "PK11_ParamFromIV", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -- PK11_FreeSlot(slot); -+ xmlSecBufferDestroy( ivBuf ) ; - return(-1); - } - - ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, - (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, -- symKey, &ivItem); -+ ctx->symkey, secParam); - if(ctx->cipherCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), -- "PK11_CreateContextBySymKey", -+ "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -- PK11_FreeSymKey(symKey); -- PK11_FreeSlot(slot); -+ SECITEM_FreeItem( secParam , PR_TRUE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; - return(-1); - } - -- ctx->ctxInitialized = 1; -- PK11_FreeSymKey(symKey); -- PK11_FreeSlot(slot); -+ SECITEM_FreeItem( secParam , PR_TRUE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; - return(0); - } - -+/** -+ * Block cipher transform update -+ */ - static int - xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, xmlSecBufferPtr out, -@@ -192,54 +434,49 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { - xmlSecSize inSize, inBlocks, outSize; -- int blockLen; -+ int blockSize; - int outLen = 0; - xmlSecByte* outBuf; -- SECStatus rv; -- int ret; - - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->cipher != 0, -1); -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; - xmlSecAssert2(ctx->cipherCtx != NULL, -1); -- xmlSecAssert2(ctx->ctxInitialized != 0, -1); -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2(in != NULL, -1); - xmlSecAssert2(out != NULL, -1); - xmlSecAssert2(transformCtx != NULL, -1); - -- blockLen = PK11_GetBlockSize(ctx->cipher, NULL); -- xmlSecAssert2(blockLen > 0, -1); -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } - - inSize = xmlSecBufferGetSize(in); - outSize = xmlSecBufferGetSize(out); -+ -+ inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; -+ inSize = inBlocks * blockSize ; - -- if(inSize < (xmlSecSize)blockLen) { -- return(0); -- } -- -- if(encrypt) { -- inBlocks = inSize / ((xmlSecSize)blockLen); -- } else { -- /* we want to have the last block in the input buffer -- * for padding check */ -- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); -+ if( inSize < blockSize ) { -+ return 0 ; - } -- inSize = inBlocks * ((xmlSecSize)blockLen); - -- /* we write out the input size plus may be one block */ -- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); -- if(ret < 0) { -+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + inSize + blockLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - outBuf = xmlSecBufferGetData(out) + outSize; - -- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, -- xmlSecBufferGetData(in), inSize); -- if(rv != SECSuccess) { -+ if(PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CipherOp", -@@ -247,27 +484,22 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -- xmlSecAssert2((xmlSecSize)outLen == inSize, -1); - -- /* set correct output buffer size */ -- ret = xmlSecBufferSetSize(out, outSize + outLen); -- if(ret < 0) { -+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + outLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - -- /* remove the processed block from input */ -- ret = xmlSecBufferRemoveHead(in, inSize); -- if(ret < 0) { -+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", inSize); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - return(0); -@@ -281,81 +513,82 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { - xmlSecSize inSize, outSize; -- int blockLen, outLen = 0; -+ int blockSize, outLen = 0; - xmlSecByte* inBuf; - xmlSecByte* outBuf; -- SECStatus rv; -- int ret; - - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->cipher != 0, -1); -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; - xmlSecAssert2(ctx->cipherCtx != NULL, -1); -- xmlSecAssert2(ctx->ctxInitialized != 0, -1); -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2(in != NULL, -1); - xmlSecAssert2(out != NULL, -1); - xmlSecAssert2(transformCtx != NULL, -1); - -- blockLen = PK11_GetBlockSize(ctx->cipher, NULL); -- xmlSecAssert2(blockLen > 0, -1); -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } - - inSize = xmlSecBufferGetSize(in); - outSize = xmlSecBufferGetSize(out); - -+ /******************************************************************/ - if(encrypt != 0) { -- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); -+ xmlSecAssert2( inSize < blockSize, -1 ) ; - - /* create padding */ -- ret = xmlSecBufferSetMaxSize(in, blockLen); -- if(ret < 0) { -+ if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", blockLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - inBuf = xmlSecBufferGetData(in); - -- /* generate random padding */ -- if((xmlSecSize)blockLen > (inSize + 1)) { -- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); -- if(rv != SECSuccess) { -+ /* generate random */ -+ if( blockSize > ( inSize + 1 ) ) { -+ if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", blockLen - inSize - 1); -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } -- inBuf[blockLen - 1] = blockLen - inSize; -- inSize = blockLen; -+ inBuf[blockSize-1] = blockSize - inSize ; -+ inSize = blockSize ; - } else { -- if(inSize != (xmlSecSize)blockLen) { -+ if( inSize != blockSize ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "data=%d;block=%d", inSize, blockLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - -- /* process last block */ -- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); -- if(ret < 0) { -+ /* process the last block */ -+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + 2 * blockLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - outBuf = xmlSecBufferGetData(out) + outSize; - -- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, -- xmlSecBufferGetData(in), inSize); -- if(rv != SECSuccess) { -+ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CipherOp", -@@ -363,300 +596,168 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -- xmlSecAssert2((xmlSecSize)outLen == inSize, -1); - - if(encrypt == 0) { - /* check padding */ -- if(outLen < outBuf[blockLen - 1]) { -+ if( outLen < outBuf[blockSize-1] ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "padding=%d;buffer=%d", -- outBuf[blockLen - 1], outLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -- outLen -= outBuf[blockLen - 1]; -+ outLen -= outBuf[blockSize-1] ; - } - -- /* set correct output buffer size */ -- ret = xmlSecBufferSetSize(out, outSize + outLen); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferSetSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + outLen); -- return(-1); -- } -+ /******************************************************************/ - -- /* remove the processed block from input */ -- ret = xmlSecBufferRemoveHead(in, inSize); -- if(ret < 0) { -+ /****************************************************************** -+ if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferRemoveHead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", inSize); -+ "xmlSecBufferSetMaxSize", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - -- return(0); --} -- -- --/****************************************************************************** -- * -- * EVP Block Cipher transforms -- * -- * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure -- * -- *****************************************************************************/ --#define xmlSecNssBlockCipherSize \ -- (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) --#define xmlSecNssBlockCipherGetCtx(transform) \ -- ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) -- --static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); --static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); --static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, -- xmlSecKeyReqPtr keyReq); --static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, -- xmlSecKeyPtr key); --static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, -- int last, -- xmlSecTransformCtxPtr transformCtx); --static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); -- -- -- --static int --xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { --#ifndef XMLSEC_NO_DES -- if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { -- return(1); -- } --#endif /* XMLSEC_NO_DES */ -- --#ifndef XMLSEC_NO_AES -- if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || -- xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || -- xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { -- -- return(1); -+ outBuf = xmlSecBufferGetData( out ) + outSize ; -+ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_DigestFinal" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; - } --#endif /* XMLSEC_NO_AES */ -- -- return(0); --} -- --static int --xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { -- xmlSecNssBlockCipherCtxPtr ctx; -- -- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -- -- ctx = xmlSecNssBlockCipherGetCtx(transform); -- xmlSecAssert2(ctx != NULL, -1); -- -- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); -- --#ifndef XMLSEC_NO_DES -- if(transform->id == xmlSecNssTransformDes3CbcId) { -- ctx->cipher = CKM_DES3_CBC; -- ctx->keyId = xmlSecNssKeyDataDesId; -- ctx->keySize = 24; -- } else --#endif /* XMLSEC_NO_DES */ -- --#ifndef XMLSEC_NO_AES -- if(transform->id == xmlSecNssTransformAes128CbcId) { -- ctx->cipher = CKM_AES_CBC; -- ctx->keyId = xmlSecNssKeyDataAesId; -- ctx->keySize = 16; -- } else if(transform->id == xmlSecNssTransformAes192CbcId) { -- ctx->cipher = CKM_AES_CBC; -- ctx->keyId = xmlSecNssKeyDataAesId; -- ctx->keySize = 24; -- } else if(transform->id == xmlSecNssTransformAes256CbcId) { -- ctx->cipher = CKM_AES_CBC; -- ctx->keyId = xmlSecNssKeyDataAesId; -- ctx->keySize = 32; -- } else --#endif /* XMLSEC_NO_AES */ -- -- if(1) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- NULL, -- XMLSEC_ERRORS_R_INVALID_TRANSFORM, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -+ ******************************************************************/ -+ -+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; - } -- -- return(0); --} -- --static void --xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { -- xmlSecNssBlockCipherCtxPtr ctx; -- -- xmlSecAssert(xmlSecNssBlockCipherCheckId(transform)); -- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize)); -- -- ctx = xmlSecNssBlockCipherGetCtx(transform); -- xmlSecAssert(ctx != NULL); -- -- if(ctx->cipherCtx != NULL) { -- PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); -+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; - } -+/* PK11_Finalize( ctx->cipherCtx ) ;*/ -+ PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); -+ ctx->cipherCtx = NULL ; - -- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); --} -- --static int --xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { -- xmlSecNssBlockCipherCtxPtr ctx; -- -- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -- xmlSecAssert2(keyReq != NULL, -1); -- -- ctx = xmlSecNssBlockCipherGetCtx(transform); -- xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->keyId != NULL, -1); -- -- keyReq->keyId = ctx->keyId; -- keyReq->keyType = xmlSecKeyDataTypeSymmetric; -- if(transform->operation == xmlSecTransformOperationEncrypt) { -- keyReq->keyUsage = xmlSecKeyUsageEncrypt; -- } else { -- keyReq->keyUsage = xmlSecKeyUsageDecrypt; -- } -- keyReq->keyBitsSize = 8 * ctx->keySize; - return(0); - } - --static int --xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { -- xmlSecNssBlockCipherCtxPtr ctx; -- xmlSecBufferPtr buffer; -+/** -+ * xmlSecTransformExecuteMethod: -+ * @transform: the pointer to transform object. -+ * @last: the flag: if set to 1 then it's the last data chunk. -+ * @transformCtx: the pointer to transform context object. -+ * -+ * Transform specific method to process a chunk of data. -+ * -+ * Returns 0 on success or a negative value otherwise. -+ */ -+xmlSecNssBlockCipherExecute( -+ xmlSecTransformPtr transform , -+ int last , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecNssBlockCipherCtxPtr context = NULL ; -+ xmlSecBufferPtr inBuf = NULL ; -+ xmlSecBufferPtr outBuf = NULL ; -+ const xmlChar* cipherName ; -+ int operation ; -+ int rtv ; - - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -- xmlSecAssert2(key != NULL, -1); -- -- ctx = xmlSecNssBlockCipherGetCtx(transform); -- xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(ctx->cipher != 0, -1); -- xmlSecAssert2(ctx->keyInitialized == 0, -1); -- xmlSecAssert2(ctx->keyId != NULL, -1); -- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); - -- xmlSecAssert2(ctx->keySize > 0, -1); -- xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; - -- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); -- xmlSecAssert2(buffer != NULL, -1); -- -- if(xmlSecBufferGetSize(buffer) < ctx->keySize) { -+ context = xmlSecNssBlockCipherGetCtx( transform ) ; -+ if( context == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- NULL, -- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, -- "keySize=%d;expected=%d", -- xmlSecBufferGetSize(buffer), ctx->keySize); -- return(-1); -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - } - -- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); -- memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); - -- ctx->keyInitialized = 1; -- return(0); --} -- --static int --xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { -- xmlSecNssBlockCipherCtxPtr ctx; -- xmlSecBufferPtr in, out; -- int ret; -- -- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); -- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); -- xmlSecAssert2(transformCtx != NULL, -1); -- -- in = &(transform->inBuf); -- out = &(transform->outBuf); -- -- ctx = xmlSecNssBlockCipherGetCtx(transform); -- xmlSecAssert2(ctx != NULL, -1); -+ inBuf = &( transform->inBuf ) ; -+ outBuf = &( transform->outBuf ) ; - - if(transform->status == xmlSecTransformStatusNone) { - transform->status = xmlSecTransformStatusWorking; - } - -+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; -+ cipherName = xmlSecTransformGetName( transform ) ; -+ - if(transform->status == xmlSecTransformStatusWorking) { -- if(ctx->ctxInitialized == 0) { -- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, -- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -- xmlSecTransformGetName(transform), transformCtx); -- if(ret < 0) { -+ if( context->cipherCtx == NULL ) { -+ rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; -+ if( rtv < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxInit", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_R_INVALID_STATUS, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } -- if((ctx->ctxInitialized == 0) && (last != 0)) { -+ if( context->cipherCtx == NULL && last != 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_R_INVALID_STATUS, - "not enough data to initialize transform"); - return(-1); - } - -- if(ctx->ctxInitialized != 0) { -- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, -- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -- xmlSecTransformGetName(transform), transformCtx); -- if(ret < 0) { -+ if( context->cipherCtx != NULL ) { -+ rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; -+ if( rtv < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxUpdate", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_R_INVALID_STATUS, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - - if(last) { -- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, -- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -- xmlSecTransformGetName(transform), transformCtx); -- if(ret < 0) { -+ rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; -+ if( rtv < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxFinal", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_R_INVALID_STATUS, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - transform->status = xmlSecTransformStatusFinished; - } - } else if(transform->status == xmlSecTransformStatusFinished) { -- /* the only way we can get here is if there is no input */ -- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); -- } else if(transform->status == xmlSecTransformStatusNone) { -- /* the only way we can get here is if there is no enough data in the input */ -- xmlSecAssert2(last == 0, -1); -+ if( xmlSecBufferGetSize( inBuf ) != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return -1 ; -+ } - } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), --- -2.6.6 - |