*** misc/xmlsec1-1.2.6/apps/Makefile.in Thu Aug 26 08:00:30 2004 --- misc/build/xmlsec1-1.2.6/apps/Makefile.in Fri May 11 14:47:19 2007 *************** *** 370,376 **** $(CRYPTO_DEPS) \ $(NULL) ! all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj --- 370,376 ---- $(CRYPTO_DEPS) \ $(NULL) ! all: .SUFFIXES: .SUFFIXES: .c .lo .o .obj *** misc/xmlsec1-1.2.6/configure Thu Aug 26 08:00:34 2004 --- misc/build/xmlsec1-1.2.6/configure Fri May 11 14:47:19 2007 *************** *** 463,469 **** # include #endif" ! ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. --- 463,469 ---- # include #endif" ! ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION MSCRYPTO_CFLAGS MSCRYPTO_LIBS XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. *************** *** 1072,1077 **** --- 1072,1078 ---- --with-nss=PFX nss location --with-nspr=PFX nspr location (needed for NSS) --with-mozilla-ver=VER mozilla version (alt to --with-nss, --with-nspr) + --with-mscrypto try to use mscrypto --with-html-dir=PATH path to installed docs Some influential environment variables: *************** *** 2045,2052 **** ac_ext=c ac_cpp='$CPP $CPPFLAGS' ! ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ! ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. --- 2046,2053 ---- ac_ext=c ac_cpp='$CPP $CPPFLAGS' ! ac_compile='$CC -c $ADDCFLAGS $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ! ac_link='$CC -o conftest$ac_exeext $ADDCFLAGS $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. *************** *** 2698,2712 **** CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then ! CFLAGS="-g -O2" else ! CFLAGS="-g" fi else if test "$GCC" = yes; then ! CFLAGS="-O2" else ! CFLAGS= fi fi echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 --- 2699,2713 ---- CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then ! CFLAGS="$ADDCFLAGS -g -O2" else ! CFLAGS="$ADDCFLAGS -g" fi else if test "$GCC" = yes; then ! CFLAGS="$ADDCFLAGS -O2" else ! CFLAGS="$ADDCFLAGS" fi fi echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 *************** *** 6350,6360 **** lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; ! beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; ! mingw* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' --- 6351,6361 ---- lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; ! beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; ! pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' *************** *** 6409,6415 **** fi ;; ! mingw* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' --- 6410,6416 ---- fi ;; ! pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' *************** *** 6752,6758 **** export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then ! archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then --- 6753,6759 ---- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then ! archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then *************** *** 7778,7784 **** ;; freebsd*) ! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` version_type=freebsd-$objformat case $version_type in freebsd-elf*) --- 7779,7785 ---- ;; freebsd*) ! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` version_type=freebsd-$objformat case $version_type in freebsd-elf*) *************** *** 9046,9052 **** ;; esac output_verbose_link_cmd='echo' ! archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring' module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' --- 9047,9053 ---- ;; esac output_verbose_link_cmd='echo' ! archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name @executable_path/$soname $verstring' module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' *************** *** 10088,10094 **** enable_shared_with_static_runtimes_CXX=yes if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then ! archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then --- 10089,10095 ---- enable_shared_with_static_runtimes_CXX=yes if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then ! archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then *************** *** 10816,10825 **** # like `-m68040'. lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' ;; ! beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; ! mingw* | os2* | pw32*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_CXX='-DDLL_EXPORT' --- 10817,10826 ---- # like `-m68040'. lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' ;; ! beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; ! os2* | pw32*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_CXX='-DDLL_EXPORT' *************** *** 11497,11503 **** ;; freebsd*) ! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` version_type=freebsd-$objformat case $version_type in freebsd-elf*) --- 11498,11504 ---- ;; freebsd*) ! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` version_type=freebsd-$objformat case $version_type in freebsd-elf*) *************** *** 13259,13269 **** lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' ;; ! beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; ! mingw* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_F77='-DDLL_EXPORT' --- 13260,13270 ---- lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' ;; ! beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; ! pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_F77='-DDLL_EXPORT' *************** *** 13661,13667 **** export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then ! archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then --- 13662,13668 ---- export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then ! archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then *************** *** 14667,14673 **** ;; freebsd*) ! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` version_type=freebsd-$objformat case $version_type in freebsd-elf*) --- 14668,14674 ---- ;; freebsd*) ! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` version_type=freebsd-$objformat case $version_type in freebsd-elf*) *************** *** 15607,15617 **** lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' ;; ! beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; ! mingw* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' --- 15608,15618 ---- lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' ;; ! beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; ! pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' *************** *** 15666,15672 **** fi ;; ! mingw* | pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' --- 15667,15673 ---- fi ;; ! pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' *************** *** 16009,16015 **** export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then ! archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then --- 16010,16016 ---- export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then ! archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then *************** *** 17035,17041 **** ;; freebsd*) ! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` version_type=freebsd-$objformat case $version_type in freebsd-elf*) --- 17036,17042 ---- ;; freebsd*) ! objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` version_type=freebsd-$objformat case $version_type in freebsd-elf*) *************** *** 24598,24604 **** fi LIBXML_MIN_VERSION="2.4.2" ! LIBXML_CONFIG="xml2-config" LIBXML_CFLAGS="" LIBXML_LIBS="" LIBXML_FOUND="no" --- 24599,24605 ---- fi LIBXML_MIN_VERSION="2.4.2" ! LIBXML_CONFIG="./libxml2-config" LIBXML_CFLAGS="" LIBXML_LIBS="" LIBXML_FOUND="no" *************** *** 25678,25689 **** XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" NSS_MIN_VERSION="3.2" NSPR_MIN_VERSION="4.0" NSS_CFLAGS="" NSS_LIBS="" ! NSS_LIBS_LIST="-lnss3 -lsmime3" ! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" NSS_CRYPTO_LIB="$PACKAGE-nss" NSS_FOUND="no" --- 25679,25704 ---- XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" + if test "z$MOZ_FLAVOUR" = "zfirefox" ; then + MOZILLA_MIN_VERSION="1.0" + fi NSS_MIN_VERSION="3.2" NSPR_MIN_VERSION="4.0" NSS_CFLAGS="" NSS_LIBS="" ! ! case $host_os in ! cygwin* | mingw* | pw32*) ! NSS_LIBS_LIST="-lnss3 -lsmime3" ! NSPR_LIBS_LIST="-lnspr4" ! ;; ! ! *) ! NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" ! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" ! ;; ! esac ! NSS_CRYPTO_LIB="$PACKAGE-nss" NSS_FOUND="no" *************** *** 25766,25788 **** else PKG_CONFIG_MIN_VERSION=0.9.0 if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then ! echo "$as_me:$LINENO: checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" >&5 ! echo $ECHO_N "checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 ! if $PKG_CONFIG --exists "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" ; then echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 succeeded=yes echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 ! NSS_CFLAGS=`$PKG_CONFIG --cflags "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 echo "${ECHO_T}$NSS_CFLAGS" >&6 echo "$as_me:$LINENO: checking NSS_LIBS" >&5 echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 ! NSS_LIBS=`$PKG_CONFIG --libs "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 echo "${ECHO_T}$NSS_LIBS" >&6 else --- 25781,25803 ---- else PKG_CONFIG_MIN_VERSION=0.9.0 if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then ! echo "$as_me:$LINENO: checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" >&5 ! echo $ECHO_N "checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 ! if $PKG_CONFIG --exists "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" ; then echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 succeeded=yes echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 ! NSS_CFLAGS=`$PKG_CONFIG --cflags "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 echo "${ECHO_T}$NSS_CFLAGS" >&6 echo "$as_me:$LINENO: checking NSS_LIBS" >&5 echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 ! NSS_LIBS=`$PKG_CONFIG --libs "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 echo "${ECHO_T}$NSS_LIBS" >&6 else *************** *** 25790,25796 **** NSS_LIBS="" ## If we have a custom action on failure, don't print errors, but ## do set a variable so people can do so. ! NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` fi --- 25805,25811 ---- NSS_LIBS="" ## If we have a custom action on failure, don't print errors, but ## do set a variable so people can do so. ! NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` fi *************** *** 25817,25824 **** ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi ! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" ! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 --- 25832,25839 ---- ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi ! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" ! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 *************** *** 25853,25860 **** done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnspr4.so ; then ! if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" else if test "z$with_gnu_ld" = "zyes" ; then --- 25868,25878 ---- done for dir in $ac_nss_lib_dir ; do ! case $host_os in ! cygwin* | mingw* | pw32*) ! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then ! dnl do not add -L/usr/lib because compiler does it anyway ! if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" else if test "z$with_gnu_ld" = "zyes" ; then *************** *** 25865,25871 **** fi NSPR_LIBS_FOUND="yes" break ! fi done fi --- 25883,25908 ---- fi NSPR_LIBS_FOUND="yes" break ! fi ! ;; ! ! *) ! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then ! dnl do not add -L/usr/lib because compiler does it anyway ! if test "z$dir" = "z/usr/lib" ; then ! NSPR_LIBS="$NSPR_LIBS_LIST" ! else ! if test "z$with_gnu_ld" = "zyes" ; then ! NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" ! else ! NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" ! fi ! fi ! NSPR_LIBS_FOUND="yes" ! break ! fi ! ;; ! esac done fi *************** *** 25939,25946 **** done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnss3.so ; then ! if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" else if test "z$with_gnu_ld" = "zyes" ; then --- 25976,25986 ---- done for dir in $ac_nss_lib_dir ; do ! case $host_os in ! cygwin* | mingw* | pw32*) ! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then ! dnl do not add -L/usr/lib because compiler does it anyway ! if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" else if test "z$with_gnu_ld" = "zyes" ; then *************** *** 25951,25957 **** fi NSS_LIBS_FOUND="yes" break ! fi done fi --- 25991,26016 ---- fi NSS_LIBS_FOUND="yes" break ! fi ! ;; ! ! *) ! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then ! dnl do not add -L/usr/lib because compiler does it anyway ! if test "z$dir" = "z/usr/lib" ; then ! NSS_LIBS="$NSS_LIBS_LIST" ! else ! if test "z$with_gnu_ld" = "zyes" ; then ! NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" ! else ! NSS_LIBS="-L$dir $NSS_LIBS_LIST" ! fi ! fi ! NSS_LIBS_FOUND="yes" ! break ! fi ! ;; ! esac done fi *************** *** 26037,26042 **** --- 26096,26204 ---- + MSCRYPTO_CFLAGS="" + MSCRYPTO_LIBS="" + MSCRYPTO_FOUND="no" + + + # Check whether --with-mscrypto or --without-mscrypto was given. + if test "${with_mscrypto+set}" = set; then + withval="$with_mscrypto" + + fi; + if test "z$with_mscrypto" = "zno" ; then + echo "$as_me:$LINENO: checking for MSCRYPTO libraries" >&5 + echo $ECHO_N "checking for MSCRYPTO libraries... $ECHO_C" >&6 + echo "$as_me:$LINENO: result: no" >&5 + echo "${ECHO_T}no" >&6 + MSCRYPTO_FOUND="without" + else + ac_mscrypto_lib_dir="${PSDK_HOME}/lib" + ac_mscrypto_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external/mingw/include ${COMPATH}/include ${COMPATH}/include/w32api" + echo "$as_me:$LINENO: checking for mscrypto libraries" >&5 + echo $ECHO_N "checking for mscrypto libraries... $ECHO_C" >&6 + MSCRYPTO_INCLUDES_FOUND="no" + MSCRYPTO_LIBS_FOUND="no" + WINCRYPT_H="" + + for dir in $ac_mscrypto_inc_dir ; do + if test -f $dir/wincrypt.h ; then + MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -I$dir" + MSCRYPTO_INCLUDES_FOUND="yes" + WINCRYPT_H="$dir/wincrypt.h" + break + fi + done + + for dir in $ac_mscrypto_lib_dir ; do + if test -f $dir/crypt32.lib ; then + if test "z$with_gnu_ld" = "zyes" ; then + MSCRYPTO_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $dir/crypt32.lib" + else + MSCRYPTO_LIBS="-L$dir $dir/crypt32.lib" + fi + MSCRYPTO_LIBS_FOUND="yes" + break + fi + done + + if test "z$MSCRYPTO_INCLUDES_FOUND" = "zyes" -a "z$MSCRYPTO_LIBS_FOUND" = "zyes" ; then + OLD_CPPFLAGS=$CPPFLAGS + CPPFLAGS="$MSCRYPTO_CFLAGS" + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ + _ACEOF + cat confdefs.h >>conftest.$ac_ext + cat >>conftest.$ac_ext <<_ACEOF + /* end confdefs.h. */ + + #include + #if defined(_WINCRYPT_H) || defined(__WINCRYPT_H__) + yes + #endif + + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "yes" >/dev/null 2>&1; then + + MSCRYPTO_FOUND=yes + + else + + MSCRYPTO_FOUND=no + + fi + rm -f conftest* + + CPPFLAGS="$OLD_CPPFLAGS" + fi + + if test "z$MSCRYPTO_FOUND" = "zyes" ; then + echo "$as_me:$LINENO: result: yes" >&5 + echo "${ECHO_T}yes" >&6 + else + echo "$as_me:$LINENO: result: no" >&5 + echo "${ECHO_T}no" >&6 + fi + + fi + + if test "z$MSCRYPTO_FOUND" = "zyes" ; then + MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1" + + if test "z$XMLSEC_CRYPTO" = "z" ; then + XMLSEC_CRYPTO="mscrypto" + XMLSEC_CRYPTO_LIB="$PACKAGE-mscrypto" + XMLSEC_CRYPTO_CFLAGS="$MSCRYPTO_CFLAGS" + XMLSEC_CRYPTO_LIBS="$MSCRYPTO_LIBS" + fi + XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscrypto" + else + XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscrypto" + fi + + + echo "$as_me:$LINENO: checking for crypto library" >&5 echo $ECHO_N "checking for crypto library... $ECHO_C" >&6 if test "z$XMLSEC_CRYPTO" = "z" ; then *************** *** 26604,26610 **** done ! ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1.spec:xmlsec.spec.in" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure --- 26766,26772 ---- done ! ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1-mscrypto.pc:xmlsec-mscrypto.pc.in xmlsec1.spec:xmlsec.spec.in" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure *************** *** 27521,27526 **** --- 27683,27690 ---- s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t + s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t + s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t *************** *** 29231,29236 **** --- 29395,29402 ---- s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t + s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t + s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t *************** *** 30941,30946 **** --- 31107,31114 ---- s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t + s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t + s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t *************** *** 32653,32658 **** --- 32821,34544 ---- s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t + s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t + s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t + s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t + s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t + s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t + s,@XMLSEC_NO_RIPEMD160_TRUE@,$XMLSEC_NO_RIPEMD160_TRUE,;t t + s,@XMLSEC_NO_RIPEMD160_FALSE@,$XMLSEC_NO_RIPEMD160_FALSE,;t t + s,@XMLSEC_NO_RIPEMD160@,$XMLSEC_NO_RIPEMD160,;t t + s,@XMLSEC_NO_HMAC_TRUE@,$XMLSEC_NO_HMAC_TRUE,;t t + s,@XMLSEC_NO_HMAC_FALSE@,$XMLSEC_NO_HMAC_FALSE,;t t + s,@XMLSEC_NO_HMAC@,$XMLSEC_NO_HMAC,;t t + s,@XMLSEC_NO_DSA_TRUE@,$XMLSEC_NO_DSA_TRUE,;t t + s,@XMLSEC_NO_DSA_FALSE@,$XMLSEC_NO_DSA_FALSE,;t t + s,@XMLSEC_NO_DSA@,$XMLSEC_NO_DSA,;t t + s,@XMLSEC_NO_RSA_TRUE@,$XMLSEC_NO_RSA_TRUE,;t t + s,@XMLSEC_NO_RSA_FALSE@,$XMLSEC_NO_RSA_FALSE,;t t + s,@XMLSEC_NO_RSA@,$XMLSEC_NO_RSA,;t t + s,@XMLSEC_NO_X509_TRUE@,$XMLSEC_NO_X509_TRUE,;t t + s,@XMLSEC_NO_X509_FALSE@,$XMLSEC_NO_X509_FALSE,;t t + s,@XMLSEC_NO_X509@,$XMLSEC_NO_X509,;t t + s,@XMLSEC_NO_DES_TRUE@,$XMLSEC_NO_DES_TRUE,;t t + s,@XMLSEC_NO_DES_FALSE@,$XMLSEC_NO_DES_FALSE,;t t + s,@XMLSEC_NO_DES@,$XMLSEC_NO_DES,;t t + s,@XMLSEC_NO_AES_TRUE@,$XMLSEC_NO_AES_TRUE,;t t + s,@XMLSEC_NO_AES_FALSE@,$XMLSEC_NO_AES_FALSE,;t t + s,@XMLSEC_NO_AES@,$XMLSEC_NO_AES,;t t + s,@XMLSEC_NO_XMLDSIG_TRUE@,$XMLSEC_NO_XMLDSIG_TRUE,;t t + s,@XMLSEC_NO_XMLDSIG_FALSE@,$XMLSEC_NO_XMLDSIG_FALSE,;t t + s,@XMLSEC_NO_XMLDSIG@,$XMLSEC_NO_XMLDSIG,;t t + s,@XMLSEC_NO_XMLENC_TRUE@,$XMLSEC_NO_XMLENC_TRUE,;t t + s,@XMLSEC_NO_XMLENC_FALSE@,$XMLSEC_NO_XMLENC_FALSE,;t t + s,@XMLSEC_NO_XMLENC@,$XMLSEC_NO_XMLENC,;t t + s,@XMLSEC_NO_XKMS_TRUE@,$XMLSEC_NO_XKMS_TRUE,;t t + s,@XMLSEC_NO_XKMS_FALSE@,$XMLSEC_NO_XKMS_FALSE,;t t + s,@XMLSEC_NO_XKMS@,$XMLSEC_NO_XKMS,;t t + s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE,;t t + s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE,;t t + s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING,;t t + s,@XMLSEC_DL_INCLUDES@,$XMLSEC_DL_INCLUDES,;t t + s,@XMLSEC_DL_LIBS@,$XMLSEC_DL_LIBS,;t t + s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE,;t t + s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE,;t t + s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING,;t t + s,@XMLSEC_DOCDIR@,$XMLSEC_DOCDIR,;t t + s,@XMLSEC_STATIC_BINARIES@,$XMLSEC_STATIC_BINARIES,;t t + s,@XMLSEC_CORE_CFLAGS@,$XMLSEC_CORE_CFLAGS,;t t + s,@XMLSEC_CORE_LIBS@,$XMLSEC_CORE_LIBS,;t t + s,@XMLSEC_LIBDIR@,$XMLSEC_LIBDIR,;t t + s,@XMLSEC_OPENSSL_CFLAGS@,$XMLSEC_OPENSSL_CFLAGS,;t t + s,@XMLSEC_OPENSSL_LIBS@,$XMLSEC_OPENSSL_LIBS,;t t + s,@XMLSEC_GNUTLS_CFLAGS@,$XMLSEC_GNUTLS_CFLAGS,;t t + s,@XMLSEC_GNUTLS_LIBS@,$XMLSEC_GNUTLS_LIBS,;t t + s,@XMLSEC_NSS_CFLAGS@,$XMLSEC_NSS_CFLAGS,;t t + s,@XMLSEC_NSS_LIBS@,$XMLSEC_NSS_LIBS,;t t + s,@XMLSEC_CFLAGS@,$XMLSEC_CFLAGS,;t t + s,@XMLSEC_LIBS@,$XMLSEC_LIBS,;t t + s,@XMLSEC_DEFINES@,$XMLSEC_DEFINES,;t t + s,@XMLSEC_APP_DEFINES@,$XMLSEC_APP_DEFINES,;t t + s,@XMLSEC_CRYPTO@,$XMLSEC_CRYPTO,;t t + s,@XMLSEC_CRYPTO_LIST@,$XMLSEC_CRYPTO_LIST,;t t + s,@XMLSEC_CRYPTO_DISABLED_LIST@,$XMLSEC_CRYPTO_DISABLED_LIST,;t t + s,@XMLSEC_CRYPTO_LIB@,$XMLSEC_CRYPTO_LIB,;t t + s,@XMLSEC_CRYPTO_CFLAGS@,$XMLSEC_CRYPTO_CFLAGS,;t t + s,@XMLSEC_CRYPTO_LIBS@,$XMLSEC_CRYPTO_LIBS,;t t + s,@XMLSEC_CRYPTO_PC_FILES_LIST@,$XMLSEC_CRYPTO_PC_FILES_LIST,;t t + s,@LIBOBJS@,$LIBOBJS,;t t + s,@LTLIBOBJS@,$LTLIBOBJS,;t t + CEOF + + _ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false + else + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` + fi + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat + fi + fi # test -n "$CONFIG_FILES" + + _ACEOF + cat >>$CONFIG_STATUS <<\_ACEOF + for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`(dirname "$ac_file") 2>/dev/null || + $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || + echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || + $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || + echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 + echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + + if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` + else + ac_dir_suffix= ac_top_builddir= + fi + + case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; + esac + + # Do not use `cd foo && pwd` to compute absolute paths, because + # the directories may not exist. + case `pwd` in + .) ac_abs_builddir="$ac_dir";; + *) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; + esac + case $ac_abs_builddir in + .) ac_abs_top_builddir=${ac_top_builddir}.;; + *) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; + esac + case $ac_abs_builddir in + .) ac_abs_srcdir=$ac_srcdir;; + *) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; + esac + case $ac_abs_builddir in + .) ac_abs_top_srcdir=$ac_top_srcdir;; + *) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; + esac + + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_builddir$INSTALL ;; + esac + + if test x"$ac_file" != x-; then + { echo "$as_me:$LINENO: creating $ac_file" >&5 + echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + configure_input= + else + configure_input="$ac_file. " + fi + configure_input=$configure_input"Generated from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 + echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 + echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + _ACEOF + cat >>$CONFIG_STATUS <<_ACEOF + sed "$ac_vpsub + $extrasub + _ACEOF + cat >>$CONFIG_STATUS <<\_ACEOF + :t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b + s,@configure_input@,$configure_input,;t t + s,@srcdir@,$ac_srcdir,;t t + s,@abs_srcdir@,$ac_abs_srcdir,;t t + s,@top_srcdir@,$ac_top_srcdir,;t t + s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t + s,@builddir@,$ac_builddir,;t t + s,@abs_builddir@,$ac_abs_builddir,;t t + s,@top_builddir@,$ac_top_builddir,;t t + s,@abs_top_builddir@,$ac_abs_top_builddir,;t t + s,@INSTALL@,$ac_INSTALL,;t t + " $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi + + done + _ACEOF + cat >>$CONFIG_STATUS <<\_ACEOF + + # + # CONFIG_HEADER section. + # + + # These sed commands are passed to sed as "A NAME B NAME C VALUE D", where + # NAME is the cpp macro being defined and VALUE is the value it is being given. + # + # ac_d sets the value in "#define NAME VALUE" lines. + ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' + ac_dB='[ ].*$,\1#\2' + ac_dC=' ' + ac_dD=',;t' + # ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". + ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' + ac_uB='$,\1#\2define\3' + ac_uC=' ' + ac_uD=',;t' + + for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 + echo "$as_me: creating $ac_file" >&6;} + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 + echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + # Do quote $f, to prevent DOS paths from being IFS'd. + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 + echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in + + _ACEOF + + # Transform confdefs.h into two sed scripts, `conftest.defines' and + # `conftest.undefs', that substitutes the proper values into + # config.h.in to produce config.h. The first handles `#define' + # templates, and the second `#undef' templates. + # And first: Protect against being on the right side of a sed subst in + # config.status. Protect against being in an unquoted here document + # in config.status. + rm -f conftest.defines conftest.undefs + # Using a here document instead of a string reduces the quoting nightmare. + # Putting comments in sed scripts is not portable. + # + # `end' is used to avoid that the second main sed command (meant for + # 0-ary CPP macros) applies to n-ary macro definitions. + # See the Autoconf documentation for `clear'. + cat >confdef2sed.sed <<\_ACEOF + s/[\\&,]/\\&/g + s,[\\$`],\\&,g + t clear + : clear + s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp + t end + s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp + : end + _ACEOF + # If some macros were called several times there might be several times + # the same #defines, which is useless. Nevertheless, we may not want to + # sort them, since we want the *last* AC-DEFINE to be honored. + uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines + sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs + rm -f confdef2sed.sed + + # This sed command replaces #undef with comments. This is necessary, for + # example, in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + cat >>conftest.undefs <<\_ACEOF + s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, + _ACEOF + + # Break up conftest.defines because some shells have a limit on the size + # of here documents, and old seds have small limits too (100 cmds). + echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS + echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS + echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS + echo ' :' >>$CONFIG_STATUS + rm -f conftest.tail + while grep . conftest.defines >/dev/null + do + # Write a limited-size here document to $tmp/defines.sed. + echo ' cat >$tmp/defines.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#define' lines. + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/defines.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in + ' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail + rm -f conftest.defines + mv conftest.tail conftest.defines + done + rm -f conftest.defines + echo ' fi # grep' >>$CONFIG_STATUS + echo >>$CONFIG_STATUS + + # Break up conftest.undefs because some shells have a limit on the size + # of here documents, and old seds have small limits too (100 cmds). + echo ' # Handle all the #undef templates' >>$CONFIG_STATUS + rm -f conftest.tail + while grep . conftest.undefs >/dev/null + do + # Write a limited-size here document to $tmp/undefs.sed. + echo ' cat >$tmp/undefs.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#undef' + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/undefs.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in + ' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail + rm -f conftest.undefs + mv conftest.tail conftest.undefs + done + rm -f conftest.undefs + + cat >>$CONFIG_STATUS <<\_ACEOF + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated by configure. */" >$tmp/config.h + else + echo "/* $ac_file. Generated by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if diff $ac_file $tmp/config.h >/dev/null 2>&1; then + { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 + echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`(dirname "$ac_file") 2>/dev/null || + $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || + echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || + $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || + echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 + echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + rm -f $ac_file + mv $tmp/config.h $ac_file + fi + else + cat $tmp/config.h + rm -f $tmp/config.h + fi + # Compute $ac_file's index in $config_headers. + _am_stamp_count=1 + for _am_header in $config_headers :; do + case $_am_header in + $ac_file | $ac_file:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac + done + echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null || + $as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X$ac_file : 'X\(//\)[^/]' \| \ + X$ac_file : 'X\(//\)$' \| \ + X$ac_file : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || + echo X$ac_file | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'`/stamp-h$_am_stamp_count + done + _ACEOF + cat >>$CONFIG_STATUS <<\_ACEOF + + # + # CONFIG_COMMANDS section. + # + for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue + ac_dest=`echo "$ac_file" | sed 's,:.*,,'` + ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_dir=`(dirname "$ac_dest") 2>/dev/null || + $as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_dest" : 'X\(//\)[^/]' \| \ + X"$ac_dest" : 'X\(//\)$' \| \ + X"$ac_dest" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || + echo X"$ac_dest" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || + $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || + echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 + echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + + if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` + else + ac_dir_suffix= ac_top_builddir= + fi + + case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; + esac + + # Do not use `cd foo && pwd` to compute absolute paths, because + # the directories may not exist. + case `pwd` in + .) ac_abs_builddir="$ac_dir";; + *) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; + esac + case $ac_abs_builddir in + .) ac_abs_top_builddir=${ac_top_builddir}.;; + *) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; + esac + case $ac_abs_builddir in + .) ac_abs_srcdir=$ac_srcdir;; + *) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; + esac + case $ac_abs_builddir in + .) ac_abs_top_srcdir=$ac_top_srcdir;; + *) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; + esac + + + { echo "$as_me:$LINENO: executing $ac_dest commands" >&5 + echo "$as_me: executing $ac_dest commands" >&6;} + case $ac_dest in + depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # So let's grep whole file. + if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then + dirpart=`(dirname "$mf") 2>/dev/null || + $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || + echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + else + continue + fi + grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue + # Extract the definition of DEP_FILES from the Makefile without + # running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR" + # We invoke sed twice because it is the simplest approach to + # changing $(DEPDIR) to its actual value in the expansion. + for file in `sed -n ' + /^DEP_FILES = .*\\\\$/ { + s/^DEP_FILES = // + :loop + s/\\\\$// + p + n + /\\\\$/ b loop + p + } + /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`(dirname "$file") 2>/dev/null || + $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || + echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p $dirpart/$fdir + else + as_dir=$dirpart/$fdir + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || + $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || + echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5 + echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;} + { (exit 1); exit 1; }; }; } + + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done + ;; + esac + done + _ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + + { (exit 0); exit 0; } + _ACEOF + chmod +x $CONFIG_STATUS + ac_clean_files=$ac_clean_files_save + + + # configure is writing to config.log, and then calls config.status. + # config.status does its own redirection, appending to config.log. + # Unfortunately, on DOS this fails, as config.log is still kept open + # by configure, so config.status won't be able to write to it; its + # output is simply discarded. So we exec the FD to /dev/null, + # effectively closing config.log, so it can be properly (re)opened and + # appended to by config.status. When coming back to configure, we + # need to make the FD available again. + if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } + fi + + fi + + if test "z$MSCRYPTO_FOUND" = "zyes" ; then + ac_config_files="$ac_config_files include/xmlsec/mscrypto/Makefile src/mscrypto/Makefile" + cat >confcache <<\_ACEOF + # This file is a shell script that caches the results of configure + # tests run on this system so they can be shared between configure + # scripts and configure runs, see configure's option --config-cache. + # It is not useful on other systems. If it contains results you don't + # want to keep, you may remove or edit it. + # + # config.status only pays attention to the cache file if you give it + # the --recheck option to rerun configure. + # + # `ac_cv_env_foo' variables (set or unset) will be overridden when + # loading this file, other *unset* `ac_cv_foo' will be assigned the + # following values. + + _ACEOF + + # The following way of writing the cache mishandles newlines in values, + # but we know of no workaround that is simple, portable, and efficient. + # So, don't put newlines in cache variables' values. + # Ultrix sh set writes to stderr and can't be redirected directly, + # and sets the high bit in the cache file unless we assign to the vars. + { + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; + } | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache + if diff $cache_file confcache >/dev/null 2>&1; then :; else + if test -w $cache_file; then + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file + else + echo "not updating unwritable cache $cache_file" + fi + fi + rm -f confcache + + test "x$prefix" = xNONE && prefix=$ac_default_prefix + # Let make expand exec_prefix. + test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + + # VPATH may cause trouble with some makes, so we remove $(srcdir), + # ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and + # trailing colons and then remove the whole line if VPATH becomes empty + # (actually we leave an empty line to preserve line numbers). + if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ + s/:*\$(srcdir):*/:/; + s/:*\${srcdir}:*/:/; + s/:*@srcdir@:*/:/; + s/^\([^=]*=[ ]*\):*/\1/; + s/:*$//; + s/^[^=]*=[ ]*$//; + }' + fi + + DEFS=-DHAVE_CONFIG_H + + ac_libobjs= + ac_ltlibobjs= + for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_i=`echo "$ac_i" | + sed 's/\$U\././;s/\.o$//;s/\.obj$//'` + # 2. Add them. + ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' + done + LIBOBJS=$ac_libobjs + + LTLIBOBJS=$ac_ltlibobjs + + + if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"AMDEP\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${INSTALL_LTDL_TRUE}" && test -z "${INSTALL_LTDL_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"INSTALL_LTDL\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"INSTALL_LTDL\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${CONVENIENCE_LTDL_TRUE}" && test -z "${CONVENIENCE_LTDL_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"CONVENIENCE_LTDL\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"CONVENIENCE_LTDL\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_OPENSSL_TRUE}" && test -z "${XMLSEC_NO_OPENSSL_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_GNUTLS_TRUE}" && test -z "${XMLSEC_NO_GNUTLS_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_NSS_TRUE}" && test -z "${XMLSEC_NO_NSS_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_NSS\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_NSS\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_SHA1_TRUE}" && test -z "${XMLSEC_NO_SHA1_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_SHA1\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_SHA1\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_RIPEMD160_TRUE}" && test -z "${XMLSEC_NO_RIPEMD160_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_HMAC_TRUE}" && test -z "${XMLSEC_NO_HMAC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_HMAC\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_HMAC\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_DSA_TRUE}" && test -z "${XMLSEC_NO_DSA_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DSA\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_DSA\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_RSA_TRUE}" && test -z "${XMLSEC_NO_RSA_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RSA\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_RSA\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_X509_TRUE}" && test -z "${XMLSEC_NO_X509_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_X509\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_X509\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_DES_TRUE}" && test -z "${XMLSEC_NO_DES_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DES\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_DES\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_AES_TRUE}" && test -z "${XMLSEC_NO_AES_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_AES\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_AES\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_XMLDSIG_TRUE}" && test -z "${XMLSEC_NO_XMLDSIG_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_XMLENC_TRUE}" && test -z "${XMLSEC_NO_XMLENC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLENC\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_XMLENC\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_XKMS_TRUE}" && test -z "${XMLSEC_NO_XKMS_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XKMS\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_XKMS\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + if test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined. + Usually this means the macro was only invoked conditionally." >&5 + echo "$as_me: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined. + Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } + fi + + : ${CONFIG_STATUS=./config.status} + ac_clean_files_save=$ac_clean_files + ac_clean_files="$ac_clean_files $CONFIG_STATUS" + { echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 + echo "$as_me: creating $CONFIG_STATUS" >&6;} + cat >$CONFIG_STATUS <<_ACEOF + #! $SHELL + # Generated by $as_me. + # Run this file to recreate the current configuration. + # Compiler output produced by configure, useful for debugging + # configure, is in config.log if it exists. + + debug=false + ac_cs_recheck=false + ac_cs_silent=false + SHELL=\${CONFIG_SHELL-$SHELL} + _ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + ## --------------------- ## + ## M4sh Initialization. ## + ## --------------------- ## + + # Be Bourne compatible + if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix + fi + DUALCASE=1; export DUALCASE # for MKS sh + + # Support unset when possible. + if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset + else + as_unset=false + fi + + + # Work around bugs in pre-3.0 UWIN ksh. + $as_unset ENV MAIL MAILPATH + PS1='$ ' + PS2='> ' + PS4='+ ' + + # NLS nuisances. + for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME + do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi + done + + # Required to use basename. + if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr + else + as_expr=false + fi + + if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename + else + as_basename=false + fi + + + # Name of the executable. + as_me=`$as_basename "$0" || + $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || + echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + + # PATH needs CR, and LINENO needs CR and PATH. + # Avoid depending upon Character Ranges. + as_cr_letters='abcdefghijklmnopqrstuvwxyz' + as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' + as_cr_Letters=$as_cr_letters$as_cr_LETTERS + as_cr_digits='0123456789' + as_cr_alnum=$as_cr_Letters$as_cr_digits + + # The user is always right. + if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh + fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 + echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH + do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done + done + ;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 + echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit + } + + + case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' + ' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; + esac + + if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr + else + as_expr=false + fi + + rm -f conf$$ conf$$.exe conf$$.file + echo >conf$$.file + if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi + rm -f conf$$ conf$$.exe conf$$.file + + if mkdir -p . 2>/dev/null; then + as_mkdir_p=: + else + test -d ./-p && rmdir ./-p + as_mkdir_p=false + fi + + as_executable_p="test -f" + + # Sed expression to map a string onto a valid CPP name. + as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + + # Sed expression to map a string onto a valid variable name. + as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + + # IFS + # We need space, tab and new line, in precisely that order. + as_nl=' + ' + IFS=" $as_nl" + + # CDPATH. + $as_unset CDPATH + + exec 6>&1 + + # Open the log real soon, to keep \$[0] and so on meaningful, and to + # report actual input values of CONFIG_FILES etc. instead of their + # values after options handling. Logging --version etc. is OK. + exec 5>>config.log + { + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX + ## Running $as_me. ## + _ASBOX + } >&5 + cat >&5 <<_CSEOF + + This file was extended by $as_me, which was + generated by GNU Autoconf 2.59. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + + _CSEOF + echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 + echo >&5 + _ACEOF + + # Files that config.status was made for. + if test -n "$ac_config_files"; then + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS + fi + + if test -n "$ac_config_headers"; then + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS + fi + + if test -n "$ac_config_links"; then + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS + fi + + if test -n "$ac_config_commands"; then + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS + fi + + cat >>$CONFIG_STATUS <<\_ACEOF + + ac_cs_usage="\ + \`$as_me' instantiates files from templates according to the + current configuration. + + Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + + Configuration files: + $config_files + + Configuration headers: + $config_headers + + Configuration commands: + $config_commands + + Report bugs to ." + _ACEOF + + cat >>$CONFIG_STATUS <<_ACEOF + ac_cs_version="\\ + config.status + configured by $0, generated by GNU Autoconf 2.59, + with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" + + Copyright (C) 2003 Free Software Foundation, Inc. + This config.status script is free software; the Free Software Foundation + gives unlimited permission to copy, distribute and modify it." + srcdir=$srcdir + INSTALL="$INSTALL" + _ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + # If no file are specified by the user, then we need to provide default + # value. By we need to know if files were specified by the user. + ac_need_defaults=: + while test $# != 0 + do + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + ac_shift=: + ;; + -*) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_option=$1 + ac_need_defaults=false;; + esac + + case $ac_option in + # Handling of the options. + _ACEOF + cat >>$CONFIG_STATUS <<\_ACEOF + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:$LINENO: error: ambiguous option: $1 + Try \`$0 --help' for more information." >&5 + echo "$as_me: error: ambiguous option: $1 + Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + CONFIG_FILES="$CONFIG_FILES $ac_optarg" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" + ac_need_defaults=false;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 + Try \`$0 --help' for more information." >&5 + echo "$as_me: error: unrecognized option: $1 + Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + + esac + shift + done + + ac_configure_extra_args= + + if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" + fi + + _ACEOF + cat >>$CONFIG_STATUS <<_ACEOF + if \$ac_cs_recheck; then + echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 + exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + fi + + _ACEOF + + cat >>$CONFIG_STATUS <<_ACEOF + # + # INIT-COMMANDS section. + # + + AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + + _ACEOF + + + + cat >>$CONFIG_STATUS <<\_ACEOF + for ac_config_target in $ac_config_targets + do + case "$ac_config_target" in + # Handling of arguments. + "include/xmlsec/version.h" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/version.h" ;; + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; + "include/xmlsec/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/Makefile" ;; + "include/xmlsec/private/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/private/Makefile" ;; + "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "apps/Makefile" ) CONFIG_FILES="$CONFIG_FILES apps/Makefile" ;; + "docs/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;; + "docs/api/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/api/Makefile" ;; + "man/Makefile" ) CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; + "xmlsec1Conf.sh" ) CONFIG_FILES="$CONFIG_FILES xmlsec1Conf.sh:xmlsecConf.sh.in" ;; + "xmlsec1-config" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-config:xmlsec-config.in" ;; + "xmlsec1-openssl.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-openssl.pc:xmlsec-openssl.pc.in" ;; + "xmlsec1-gnutls.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in" ;; + "xmlsec1-nss.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-nss.pc:xmlsec-nss.pc.in" ;; + "xmlsec1.spec" ) CONFIG_FILES="$CONFIG_FILES xmlsec1.spec:xmlsec.spec.in" ;; + "include/xmlsec/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/openssl/Makefile" ;; + "src/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/openssl/Makefile" ;; + "include/xmlsec/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/gnutls/Makefile" ;; + "src/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/gnutls/Makefile" ;; + "include/xmlsec/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/nss/Makefile" ;; + "src/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/nss/Makefile" ;; + "include/xmlsec/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/mscrypto/Makefile" ;; + "src/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/mscrypto/Makefile" ;; + "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 + echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac + done + + # If the user did not use the arguments to specify the items to instantiate, + # then the envvar interface is used. Set only those that are not. + # We use the long form for the default assignment because of an extremely + # bizarre bug on SunOS 4.1.3. + if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands + fi + + # Have a temporary directory for convenience. Make it in the build tree + # simply because there is no reason to put it here, and in addition, + # creating and moving files from /tmp can sometimes cause problems. + # Create a temporary directory, and hook for its removal unless debugging. + $debug || + { + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 + } + + # Create a (secure) tmp directory for tmp files. + + { + tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" + } || + { + tmp=./confstat$$-$RANDOM + (umask 077 && mkdir $tmp) + } || + { + echo "$me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } + } + + _ACEOF + + cat >>$CONFIG_STATUS <<_ACEOF + + # + # CONFIG_FILES section. + # + + # No need to generate the scripts if there are no CONFIG_FILES. + # This happens for instance when ./config.status config.h + if test -n "\$CONFIG_FILES"; then + # Protect against being on the right side of a sed subst in config.status. + sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; + s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF + s,@SHELL@,$SHELL,;t t + s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t + s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t + s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t + s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t + s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t + s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t + s,@exec_prefix@,$exec_prefix,;t t + s,@prefix@,$prefix,;t t + s,@program_transform_name@,$program_transform_name,;t t + s,@bindir@,$bindir,;t t + s,@sbindir@,$sbindir,;t t + s,@libexecdir@,$libexecdir,;t t + s,@datadir@,$datadir,;t t + s,@sysconfdir@,$sysconfdir,;t t + s,@sharedstatedir@,$sharedstatedir,;t t + s,@localstatedir@,$localstatedir,;t t + s,@libdir@,$libdir,;t t + s,@includedir@,$includedir,;t t + s,@oldincludedir@,$oldincludedir,;t t + s,@infodir@,$infodir,;t t + s,@mandir@,$mandir,;t t + s,@build_alias@,$build_alias,;t t + s,@host_alias@,$host_alias,;t t + s,@target_alias@,$target_alias,;t t + s,@DEFS@,$DEFS,;t t + s,@ECHO_C@,$ECHO_C,;t t + s,@ECHO_N@,$ECHO_N,;t t + s,@ECHO_T@,$ECHO_T,;t t + s,@LIBS@,$LIBS,;t t + s,@build@,$build,;t t + s,@build_cpu@,$build_cpu,;t t + s,@build_vendor@,$build_vendor,;t t + s,@build_os@,$build_os,;t t + s,@host@,$host,;t t + s,@host_cpu@,$host_cpu,;t t + s,@host_vendor@,$host_vendor,;t t + s,@host_os@,$host_os,;t t + s,@XMLSEC_VERSION@,$XMLSEC_VERSION,;t t + s,@XMLSEC_PACKAGE@,$XMLSEC_PACKAGE,;t t + s,@XMLSEC_VERSION_SAFE@,$XMLSEC_VERSION_SAFE,;t t + s,@XMLSEC_VERSION_MAJOR@,$XMLSEC_VERSION_MAJOR,;t t + s,@XMLSEC_VERSION_MINOR@,$XMLSEC_VERSION_MINOR,;t t + s,@XMLSEC_VERSION_SUBMINOR@,$XMLSEC_VERSION_SUBMINOR,;t t + s,@XMLSEC_VERSION_INFO@,$XMLSEC_VERSION_INFO,;t t + s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t + s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t + s,@INSTALL_DATA@,$INSTALL_DATA,;t t + s,@CYGPATH_W@,$CYGPATH_W,;t t + s,@PACKAGE@,$PACKAGE,;t t + s,@VERSION@,$VERSION,;t t + s,@ACLOCAL@,$ACLOCAL,;t t + s,@AUTOCONF@,$AUTOCONF,;t t + s,@AUTOMAKE@,$AUTOMAKE,;t t + s,@AUTOHEADER@,$AUTOHEADER,;t t + s,@MAKEINFO@,$MAKEINFO,;t t + s,@AMTAR@,$AMTAR,;t t + s,@install_sh@,$install_sh,;t t + s,@STRIP@,$STRIP,;t t + s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t + s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t + s,@mkdir_p@,$mkdir_p,;t t + s,@AWK@,$AWK,;t t + s,@SET_MAKE@,$SET_MAKE,;t t + s,@am__leading_dot@,$am__leading_dot,;t t + s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t + s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t + s,@MAINT@,$MAINT,;t t + s,@CC@,$CC,;t t + s,@CFLAGS@,$CFLAGS,;t t + s,@LDFLAGS@,$LDFLAGS,;t t + s,@CPPFLAGS@,$CPPFLAGS,;t t + s,@ac_ct_CC@,$ac_ct_CC,;t t + s,@EXEEXT@,$EXEEXT,;t t + s,@OBJEXT@,$OBJEXT,;t t + s,@DEPDIR@,$DEPDIR,;t t + s,@am__include@,$am__include,;t t + s,@am__quote@,$am__quote,;t t + s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t + s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t + s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t + s,@CCDEPMODE@,$CCDEPMODE,;t t + s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t + s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t + s,@EGREP@,$EGREP,;t t + s,@LN_S@,$LN_S,;t t + s,@ECHO@,$ECHO,;t t + s,@AR@,$AR,;t t + s,@ac_ct_AR@,$ac_ct_AR,;t t + s,@RANLIB@,$RANLIB,;t t + s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t + s,@CPP@,$CPP,;t t + s,@CXX@,$CXX,;t t + s,@CXXFLAGS@,$CXXFLAGS,;t t + s,@ac_ct_CXX@,$ac_ct_CXX,;t t + s,@CXXDEPMODE@,$CXXDEPMODE,;t t + s,@am__fastdepCXX_TRUE@,$am__fastdepCXX_TRUE,;t t + s,@am__fastdepCXX_FALSE@,$am__fastdepCXX_FALSE,;t t + s,@CXXCPP@,$CXXCPP,;t t + s,@F77@,$F77,;t t + s,@FFLAGS@,$FFLAGS,;t t + s,@ac_ct_F77@,$ac_ct_F77,;t t + s,@LIBTOOL@,$LIBTOOL,;t t + s,@RM@,$RM,;t t + s,@CP@,$CP,;t t + s,@MV@,$MV,;t t + s,@TAR@,$TAR,;t t + s,@HELP2MAN@,$HELP2MAN,;t t + s,@MAN2HTML@,$MAN2HTML,;t t + s,@U@,$U,;t t + s,@ANSI2KNR@,$ANSI2KNR,;t t + s,@INSTALL_LTDL_TRUE@,$INSTALL_LTDL_TRUE,;t t + s,@INSTALL_LTDL_FALSE@,$INSTALL_LTDL_FALSE,;t t + s,@CONVENIENCE_LTDL_TRUE@,$CONVENIENCE_LTDL_TRUE,;t t + s,@CONVENIENCE_LTDL_FALSE@,$CONVENIENCE_LTDL_FALSE,;t t + s,@LIBADD_DL@,$LIBADD_DL,;t t + s,@PKG_CONFIG_ENABLED@,$PKG_CONFIG_ENABLED,;t t + s,@PKG_CONFIG@,$PKG_CONFIG,;t t + s,@LIBXML_CFLAGS@,$LIBXML_CFLAGS,;t t + s,@LIBXML_LIBS@,$LIBXML_LIBS,;t t + s,@LIBXML262_CFLAGS@,$LIBXML262_CFLAGS,;t t + s,@LIBXML262_LIBS@,$LIBXML262_LIBS,;t t + s,@LIBXML_CONFIG@,$LIBXML_CONFIG,;t t + s,@LIBXML_MIN_VERSION@,$LIBXML_MIN_VERSION,;t t + s,@LIBXSLT_CFLAGS@,$LIBXSLT_CFLAGS,;t t + s,@LIBXSLT_LIBS@,$LIBXSLT_LIBS,;t t + s,@XMLSEC_NO_LIBXSLT@,$XMLSEC_NO_LIBXSLT,;t t + s,@LIBXSLT_CONFIG@,$LIBXSLT_CONFIG,;t t + s,@LIBXSLT_MIN_VERSION@,$LIBXSLT_MIN_VERSION,;t t + s,@OPENSSL_CFLAGS@,$OPENSSL_CFLAGS,;t t + s,@OPENSSL_LIBS@,$OPENSSL_LIBS,;t t + s,@OPENSSL097_CFLAGS@,$OPENSSL097_CFLAGS,;t t + s,@OPENSSL097_LIBS@,$OPENSSL097_LIBS,;t t + s,@XMLSEC_NO_OPENSSL_TRUE@,$XMLSEC_NO_OPENSSL_TRUE,;t t + s,@XMLSEC_NO_OPENSSL_FALSE@,$XMLSEC_NO_OPENSSL_FALSE,;t t + s,@XMLSEC_NO_OPENSSL@,$XMLSEC_NO_OPENSSL,;t t + s,@OPENSSL_CRYPTO_LIB@,$OPENSSL_CRYPTO_LIB,;t t + s,@OPENSSL_MIN_VERSION@,$OPENSSL_MIN_VERSION,;t t + s,@GNUTLS_CFLAGS@,$GNUTLS_CFLAGS,;t t + s,@GNUTLS_LIBS@,$GNUTLS_LIBS,;t t + s,@XMLSEC_NO_GNUTLS_TRUE@,$XMLSEC_NO_GNUTLS_TRUE,;t t + s,@XMLSEC_NO_GNUTLS_FALSE@,$XMLSEC_NO_GNUTLS_FALSE,;t t + s,@XMLSEC_NO_GNUTLS@,$XMLSEC_NO_GNUTLS,;t t + s,@GNUTLS_CRYPTO_LIB@,$GNUTLS_CRYPTO_LIB,;t t + s,@GNUTLS_MIN_VERSION@,$GNUTLS_MIN_VERSION,;t t + s,@NSS_CFLAGS@,$NSS_CFLAGS,;t t + s,@NSS_LIBS@,$NSS_LIBS,;t t + s,@XMLSEC_NO_NSS_TRUE@,$XMLSEC_NO_NSS_TRUE,;t t + s,@XMLSEC_NO_NSS_FALSE@,$XMLSEC_NO_NSS_FALSE,;t t + s,@XMLSEC_NO_NSS@,$XMLSEC_NO_NSS,;t t + s,@NSS_CRYPTO_LIB@,$NSS_CRYPTO_LIB,;t t + s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t + s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t + s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t + s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t + s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t *************** *** 34368,34373 **** --- 36254,36261 ---- s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t + s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t + s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t *** misc/xmlsec1-1.2.6/configure.in Thu Aug 26 04:49:24 2004 --- misc/build/xmlsec1-1.2.6/configure.in Fri May 11 14:47:19 2007 *************** *** 143,149 **** dnl find libxml dnl ========================================================================== LIBXML_MIN_VERSION="2.4.2" ! LIBXML_CONFIG="xml2-config" LIBXML_CFLAGS="" LIBXML_LIBS="" LIBXML_FOUND="no" --- 143,149 ---- dnl find libxml dnl ========================================================================== LIBXML_MIN_VERSION="2.4.2" ! LIBXML_CONFIG="./libxml2-config" LIBXML_CFLAGS="" LIBXML_LIBS="" LIBXML_FOUND="no" *************** *** 503,514 **** XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" NSS_MIN_VERSION="3.2" NSPR_MIN_VERSION="4.0" NSS_CFLAGS="" NSS_LIBS="" ! NSS_LIBS_LIST="-lnss3 -lsmime3" ! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" NSS_CRYPTO_LIB="$PACKAGE-nss" NSS_FOUND="no" --- 503,528 ---- XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" + if test "z$MOZ_FLAVOUR" = "zfirefox" ; then + MOZILLA_MIN_VERSION="1.0" + fi NSS_MIN_VERSION="3.2" NSPR_MIN_VERSION="4.0" NSS_CFLAGS="" NSS_LIBS="" ! ! case $host_os in ! cygwin* | mingw* | pw32*) ! NSS_LIBS_LIST="-lnss3 -lsmime3" ! NSPR_LIBS_LIST="-lnspr4" ! ;; ! ! *) ! NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" ! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" ! ;; ! esac ! NSS_CRYPTO_LIB="$PACKAGE-nss" NSS_FOUND="no" *************** *** 521,527 **** AC_MSG_RESULT(no) NSS_FOUND="without" elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then ! PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION, [NSS_FOUND=yes], [NSS_FOUND=no]) fi --- 535,541 ---- AC_MSG_RESULT(no) NSS_FOUND="without" elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then ! PKG_CHECK_MODULES(NSS, $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION, [NSS_FOUND=yes], [NSS_FOUND=no]) fi *************** *** 534,541 **** ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi ! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" ! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) NSPR_INCLUDES_FOUND="no" --- 548,555 ---- ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi ! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" ! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) NSPR_INCLUDES_FOUND="no" *************** *** 570,576 **** done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnspr4.so ; then dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" --- 584,592 ---- done for dir in $ac_nss_lib_dir ; do ! case $host_os in ! cygwin* | mingw* | pw32*) ! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" *************** *** 583,589 **** fi NSPR_LIBS_FOUND="yes" break ! fi done fi --- 599,624 ---- fi NSPR_LIBS_FOUND="yes" break ! fi ! ;; ! ! *) ! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then ! dnl do not add -L/usr/lib because compiler does it anyway ! if test "z$dir" = "z/usr/lib" ; then ! NSPR_LIBS="$NSPR_LIBS_LIST" ! else ! if test "z$with_gnu_ld" = "zyes" ; then ! NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" ! else ! NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" ! fi ! fi ! NSPR_LIBS_FOUND="yes" ! break ! fi ! ;; ! esac done fi *************** *** 641,647 **** done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnss3.so ; then dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" --- 676,684 ---- done for dir in $ac_nss_lib_dir ; do ! case $host_os in ! cygwin* | mingw* | pw32*) ! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" *************** *** 654,660 **** fi NSS_LIBS_FOUND="yes" break ! fi done fi --- 691,716 ---- fi NSS_LIBS_FOUND="yes" break ! fi ! ;; ! ! *) ! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then ! dnl do not add -L/usr/lib because compiler does it anyway ! if test "z$dir" = "z/usr/lib" ; then ! NSS_LIBS="$NSS_LIBS_LIST" ! else ! if test "z$with_gnu_ld" = "zyes" ; then ! NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" ! else ! NSS_LIBS="-L$dir $NSS_LIBS_LIST" ! fi ! fi ! NSS_LIBS_FOUND="yes" ! break ! fi ! ;; ! esac done fi *** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in Fri May 11 14:47:48 2007 --- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in Fri May 11 14:47:19 2007 *************** *** 1 **** ! dummy --- 1,58 ---- ! # Makefile.in generated by automake 1.8.3 from Makefile.am. ! # @configure_input@ ! ! # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, ! # 2003, 2004 Free Software Foundation, Inc. ! # This Makefile.in is free software; the Free Software Foundation ! # gives unlimited permission to copy and/or distribute it, ! # with or without modifications, as long as this notice is preserved. ! ! # This program is distributed in the hope that it will be useful, ! # but WITHOUT ANY WARRANTY, to the extent permitted by law; without ! # even the implied warranty of MERCHANTABILITY or FITNESS FOR A ! # PARTICULAR PURPOSE. ! ! @SET_MAKE@ ! ! HEADERS = $(xmlsecmscryptoinc_HEADERS) ! NULL = ! xmlsecmscryptoinc_HEADERS = \ ! akmngr.h \ ! app.h \ ! crypto.h \ ! symbols.h \ ! certkeys.h \ ! keysstore.h \ ! x509.h \ ! $(NULL) ! ! all: all-am ! ! mostlyclean-libtool: ! -rm -f *.lo ! ! clean-libtool: ! -rm -rf .libs _libs ! ! all-am: Makefile $(HEADERS) ! ! mostlyclean-generic: ! ! clean-generic: ! ! clean: clean-am ! ! clean-am: clean-generic clean-libtool mostlyclean-am ! ! mostlyclean: mostlyclean-am ! ! mostlyclean-am: mostlyclean-generic mostlyclean-libtool ! ! .PHONY: all all-am clean clean-generic \ ! clean-libtool \ ! mostlyclean mostlyclean-generic mostlyclean-libtool ! ! ! # Tell versions [3.59,3.63) of GNU make to not export all variables. ! # Otherwise a system limit (for SysV at least) may be exceeded. ! .NOEXPORT: *** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h Fri May 11 14:47:43 2007 --- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h Fri May 11 14:47:19 2007 *************** *** 1 **** ! dummy --- 1,71 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright .......................... ! */ ! #ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ ! #define __XMLSEC_MSCRYPTO_AKMNGR_H__ ! ! #include ! #include ! ! #include ! #include ! #include ! ! #ifdef __cplusplus ! extern "C" { ! #endif /* __cplusplus */ ! ! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr ! xmlSecMSCryptoAppliedKeysMngrCreate( ! HCERTSTORE keyStore , ! HCERTSTORE certStore ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY symKey ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY pubKey ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY priKey ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE keyStore ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE trustedStore ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE untrustedStore ! ) ; ! ! #ifdef __cplusplus ! } ! #endif /* __cplusplus */ ! ! #endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ ! ! *** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h Fri Sep 26 08:12:46 2003 --- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h Fri May 11 14:47:19 2007 *************** *** 77,82 **** --- 77,97 ---- PCCERT_CONTEXT cert, xmlSecKeyDataType type); + XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE keyStore + ) ; + + XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE trustedStore + ) ; + + XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE untrustedStore + ) ; + #endif /* XMLSEC_NO_X509 */ *** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am Wed Jul 30 04:46:35 2003 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am Fri May 11 14:47:19 2007 *************** *** 3,8 **** --- 3,9 ---- xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss xmlsecnssinc_HEADERS = \ + akmngr.h \ app.h \ crypto.h \ symbols.h \ *************** *** 10,15 **** --- 11,18 ---- keysstore.h \ pkikeys.h \ x509.h \ + tokens.h \ + ciphers.h \ $(NULL) install-exec-hook: *** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in Thu Aug 26 08:00:31 2004 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in Fri May 11 14:47:19 2007 *************** *** 273,278 **** --- 273,279 ---- NULL = xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss xmlsecnssinc_HEADERS = \ + akmngr.h \ app.h \ crypto.h \ symbols.h \ *************** *** 280,285 **** --- 281,288 ---- keysstore.h \ pkikeys.h \ x509.h \ + tokens.h \ + ciphers.h \ $(NULL) all: all-am *** misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h Fri May 11 14:47:41 2007 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h Fri May 11 14:47:19 2007 *************** *** 1 **** ! dummy --- 1,56 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright .......................... ! */ ! #ifndef __XMLSEC_NSS_AKMNGR_H__ ! #define __XMLSEC_NSS_AKMNGR_H__ ! ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! ! #ifdef __cplusplus ! extern "C" { ! #endif /* __cplusplus */ ! ! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr ! xmlSecNssAppliedKeysMngrCreate( ! PK11SlotInfo** slots, ! int cSlots, ! CERTCertDBHandle* handler ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssAppliedKeysMngrSymKeyLoad( ! xmlSecKeysMngrPtr mngr , ! PK11SymKey* symKey ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssAppliedKeysMngrPubKeyLoad( ! xmlSecKeysMngrPtr mngr , ! SECKEYPublicKey* pubKey ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssAppliedKeysMngrPriKeyLoad( ! xmlSecKeysMngrPtr mngr , ! SECKEYPrivateKey* priKey ! ) ; ! ! #ifdef __cplusplus ! } ! #endif /* __cplusplus */ ! ! #endif /* __XMLSEC_NSS_AKMNGR_H__ */ ! ! *** misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h Mon Jan 12 22:06:14 2004 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h Fri May 11 14:47:19 2007 *************** *** 22,27 **** --- 22,30 ---- #include #include + #include + #include + /** * Init/shutdown */ *************** *** 34,39 **** --- 37,44 ---- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr); XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, + xmlSecNssKeySlotPtr keySlot); XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, const char* uri); XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, *** misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h Fri May 11 14:47:41 2007 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h Fri May 11 14:47:19 2007 *************** *** 1 **** ! dummy --- 1,35 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright .......................... ! */ ! #ifndef __XMLSEC_NSS_CIPHERS_H__ ! #define __XMLSEC_NSS_CIPHERS_H__ ! ! #ifdef __cplusplus ! extern "C" { ! #endif /* __cplusplus */ ! ! #include ! #include ! #include ! ! ! XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, ! PK11SymKey* symkey ) ; ! ! XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; ! ! XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); ! ! ! #ifdef __cplusplus ! } ! #endif /* __cplusplus */ ! ! #endif /* __XMLSEC_NSS_CIPHERS_H__ */ ! ! *** misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h Mon Jan 12 22:06:14 2004 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h Fri May 11 14:47:19 2007 *************** *** 264,269 **** --- 264,278 ---- xmlSecNssTransformRsaPkcs1GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void); + /** + * xmlSecNssTransformRsaOaepId: + * + * The RSA OAEP key transport transform klass. + */ + #define xmlSecNssTransformRsaOaepId \ + xmlSecNssTransformRsaOaepGetKlass() + XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void); + #endif /* XMLSEC_NO_RSA */ *** misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h Wed Jul 30 04:46:35 2003 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h Fri May 11 14:47:19 2007 *************** *** 16,21 **** --- 16,23 ---- #endif /* __cplusplus */ #include + #include + #include /**************************************************************************** * *************** *** 31,36 **** --- 33,40 ---- XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, xmlSecKeyPtr key); + XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, + xmlSecNssKeySlotPtr keySlot); XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, const char *uri, xmlSecKeysMngrPtr keysMngr); *** misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h Fri May 11 14:47:42 2007 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h Fri May 11 14:47:19 2007 *************** *** 1 **** ! dummy --- 1,182 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. ! * ! * Contributor(s): _____________________________ ! * ! */ ! #ifndef __XMLSEC_NSS_TOKENS_H__ ! #define __XMLSEC_NSS_TOKENS_H__ ! ! #include ! ! #include ! #include ! ! #include ! #include ! ! #ifdef __cplusplus ! extern "C" { ! #endif /* __cplusplus */ ! ! /** ! * xmlSecNssKeySlotListId ! * ! * The crypto mechanism list klass ! */ ! #define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() ! XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; ! ! /******************************************* ! * KeySlot interfaces ! *******************************************/ ! /** ! * Internal NSS key slot data ! * @mechanismList: the mechanisms that the slot bound with. ! * @slot: the pkcs slot ! * ! * This context is located after xmlSecPtrList ! */ ! typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; ! typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; ! ! struct _xmlSecNssKeySlot { ! CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ ! PK11SlotInfo* slot ; ! } ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotSetMechList( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE_PTR mechanismList ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotEnableMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE mechanism ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotDisableMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE mechanism ! ) ; ! ! XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR ! xmlSecNssKeySlotGetMechList( ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotSetSlot( ! xmlSecNssKeySlotPtr keySlot , ! PK11SlotInfo* slot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotInitialize( ! xmlSecNssKeySlotPtr keySlot , ! PK11SlotInfo* slot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT void ! xmlSecNssKeySlotFinalize( ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* ! xmlSecNssKeySlotGetSlot( ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr ! xmlSecNssKeySlotCreate() ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotCopy( ! xmlSecNssKeySlotPtr newKeySlot , ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr ! xmlSecNssKeySlotDuplicate( ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT void ! xmlSecNssKeySlotDestroy( ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotBindMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE type ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotSupportMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE type ! ) ; ! ! ! /************************************************************************ ! * PKCS#11 crypto token interfaces ! * ! * A PKCS#11 slot repository will be defined internally. From the ! * repository, a user can specify a particular slot for a certain crypto ! * mechanism. ! * ! * In some situation, some cryptographic operation should act in a user ! * designated devices. The interfaces defined here provide the way. If ! * the user do not initialize the repository distinctly, the interfaces ! * use the default functions provided by NSS itself. ! * ! ************************************************************************/ ! /** ! * Initialize NSS pkcs#11 slot repository ! * ! * Returns 0 if success or -1 if an error occurs. ! */ ! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; ! ! /** ! * Shutdown and destroy NSS pkcs#11 slot repository ! */ ! XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; ! ! /** ! * Get PKCS#11 slot handler ! * @type the mechanism that the slot must support. ! * ! * Returns a pointer to PKCS#11 slot or NULL if an error occurs. ! * ! * Notes: The returned handler must be destroied distinctly. ! */ ! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; ! ! /** ! * Adopt a pkcs#11 slot with a mechanism into the repository ! * @slot: the pkcs#11 slot. ! * @mech: the mechanism. ! * ! * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with ! * this mechanism only can perform on the @slot. ! * ! * Returns 0 if success or -1 if an error occurs. ! */ ! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; ! ! #ifdef __cplusplus ! } ! #endif /* __cplusplus */ ! ! #endif /* __XMLSEC_NSS_TOKENS_H__ */ ! *** misc/xmlsec1-1.2.6/libxml2-config Fri May 11 14:47:49 2007 --- misc/build/xmlsec1-1.2.6/libxml2-config Fri May 11 14:47:19 2007 *************** *** 1 **** ! dummy --- 1,48 ---- ! #! /bin/sh ! ! if test "$SYSTEM_LIBXML" = "YES" ! then xml2-config "$@"; exit 0 ! fi ! ! prefix=${SOLARVERSION}/${INPATH} ! includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external ! libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT} ! ! while test $# -gt 0; do ! case "$1" in ! -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; ! *) optarg= ;; ! esac ! ! case "$1" in ! --prefix=*) ! prefix=$optarg ! includedir=$prefix/include ! libdir=$prefix/lib ! ;; ! ! --prefix) ! echo $prefix ! ;; ! ! --version) ! echo 2.5.4 ! exit 0 ! ;; ! ! --cflags) ! echo -I${includedir} ! ;; ! ! --libs) ! echo -L${libdir} ${LIBXML2LIB} ${ZLIB3RDLIB} -lm ! ;; ! ! *) ! exit 1 ! ;; ! esac ! shift ! done ! ! exit 0 *** misc/xmlsec1-1.2.6/ltmain.sh Thu Aug 26 08:00:15 2004 --- misc/build/xmlsec1-1.2.6/ltmain.sh Fri May 11 14:47:19 2007 *************** *** 1661,1666 **** --- 1661,1671 ---- fi ;; + *.lib) + deplibs="$deplibs $arg" + continue + ;; + *.$libext) # An archive. deplibs="$deplibs $arg" *************** *** 1974,1979 **** --- 1979,1988 ---- continue ;; *.la) lib="$deplib" ;; + *.lib) + deplibs="$deplib $deplibs" + continue + ;; *.$libext) if test "$pass" = conv; then deplibs="$deplib $deplibs" *************** *** 2994,3006 **** ;; freebsd-aout) ! major=".$current" ! versuffix=".$current.$revision"; ;; freebsd-elf) ! major=".$current" ! versuffix=".$current"; ;; irix | nonstopux) --- 3003,3015 ---- ;; freebsd-aout) ! major=.`expr $current - $age` ! versuffix="$major.$age.$revision" ;; freebsd-elf) ! major=.`expr $current - $age` ! versuffix="$major.$age.$revision" ;; irix | nonstopux) *************** *** 3564,3570 **** fi else eval flag=\"$hardcode_libdir_flag_spec\" ! dep_rpath="$dep_rpath $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in --- 3573,3580 ---- fi else eval flag=\"$hardcode_libdir_flag_spec\" ! # what the ... ! # dep_rpath="$dep_rpath $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *** misc/xmlsec1-1.2.6/src/bn.c Mon Jun 21 20:33:27 2004 --- misc/build/xmlsec1-1.2.6/src/bn.c Fri May 11 14:47:19 2007 *************** *** 170,177 **** */ int xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { ! xmlSecSize i, len; xmlSecByte ch; int nn; int ret; --- 170,179 ---- */ int xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { ! xmlSecSize i, len, size; xmlSecByte ch; + xmlSecByte* data; + int positive; int nn; int ret; *************** *** 183,189 **** /* trivial case */ len = xmlStrlen(str); if(len == 0) { ! return(0); } /* The result size could not exceed the input string length --- 185,191 ---- /* trivial case */ len = xmlStrlen(str); if(len == 0) { ! return(0); } /* The result size could not exceed the input string length *************** *** 191,244 **** * In truth, it would be likely less than 1/2 input string length * because each byte is represented by 2 chars. If needed, * buffer size would be increased by Mul/Add functions. */ ! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1); if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnRevLookupTable", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", len / 2 + 1); ! return (-1); } ! for(i = 0; i < len; i++) { ! ch = str[i]; ! if(isspace(ch)) { ! continue; ! } ! ! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); ! nn = xmlSecBnLookupTable[ch]; ! if((nn < 0) || ((xmlSecSize)nn > base)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "char=%c;base=%d", ! ch, base); ! return (-1); ! } ! ! ret = xmlSecBnMul(bn, base); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnMul", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } ! ! ret = xmlSecBnAdd(bn, nn); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnAdd", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } } return(0); --- 193,323 ---- * In truth, it would be likely less than 1/2 input string length * because each byte is represented by 2 chars. If needed, * buffer size would be increased by Mul/Add functions. + * Finally, we can add one byte for 00 or 10 prefix. */ ! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1); if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnRevLookupTable", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", len / 2 + 1); ! return (-1); ! } ! ! /* figure out if it is positive or negative number */ ! positive = 1; ! i = 0; ! while(i < len) { ! ch = str[i++]; ! ! /* skip spaces */ ! if(isspace(ch)) { ! continue; ! } ! ! /* check if it is + or - */ ! if(ch == '+') { ! positive = 1; ! break; ! } else if(ch == '-') { ! positive = 0; ! break; ! } ! ! /* otherwise, it must be start of the number */ ! nn = xmlSecBnLookupTable[ch]; ! if((nn >= 0) && ((xmlSecSize)nn < base)) { ! xmlSecAssert2(i > 0, -1); ! ! /* no sign, positive by default */ ! positive = 1; ! --i; /* make sure that we will look at this character in next loop */ ! break; ! } else { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "char=%c;base=%d", ! ch, base); ! return (-1); ! } ! } ! ! /* now parse the number itself */ ! while(i < len) { ! ch = str[i++]; ! if(isspace(ch)) { ! continue; ! } ! ! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); ! nn = xmlSecBnLookupTable[ch]; ! if((nn < 0) || ((xmlSecSize)nn > base)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "char=%c;base=%d", ! ch, base); ! return (-1); ! } ! ! ret = xmlSecBnMul(bn, base); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnMul", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } ! ! ret = xmlSecBnAdd(bn, nn); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnAdd", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } } ! /* check if we need to add 00 prefix */ ! data = xmlSecBufferGetData(bn); ! size = xmlSecBufferGetSize(bn); ! if((size > 0 && data[0] > 127)||(size==0)) { ! ch = 0; ! ret = xmlSecBufferPrepend(bn, &ch, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBufferPrepend", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } ! } ! ! /* do 2's compliment and add 1 to represent negative value */ ! if(positive == 0) { ! data = xmlSecBufferGetData(bn); ! size = xmlSecBufferGetSize(bn); ! for(i = 0; i < size; ++i) { ! data[i] ^= 0xFF; ! } ! ! ret = xmlSecBnAdd(bn, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnAdd", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } } return(0); *************** *** 256,263 **** */ xmlChar* xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { xmlChar* res; ! xmlSecSize i, len; int nn; xmlChar ch; --- 335,346 ---- */ xmlChar* xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { + xmlSecBn bn2; + int positive = 1; xmlChar* res; ! xmlSecSize i, len, size; ! xmlSecByte* data; ! int ret; int nn; xmlChar ch; *************** *** 265,299 **** xmlSecAssert2(base > 1, NULL); xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); /* Result string len is * len = log base (256) * * Since the smallest base == 2 then we can get away with * len = 8 * */ ! len = 8 * xmlSecBufferGetSize(bn) + 1; res = (xmlChar*)xmlMalloc(len + 1); if(res == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! "len=%d", len); ! return (NULL); } memset(res, 0, len + 1); ! for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) { ! if(xmlSecBnDiv(bn, base, &nn) < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnDiv", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! xmlFree(res); ! return (NULL); ! } ! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); ! res[i] = xmlSecBnRevLookupTable[nn]; } xmlSecAssert2(i < len, NULL); --- 348,433 ---- xmlSecAssert2(base > 1, NULL); xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); + + /* copy bn */ + data = xmlSecBufferGetData(bn); + size = xmlSecBufferGetSize(bn); + ret = xmlSecBnInitialize(&bn2, size); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", size); + return (NULL); + } + + ret = xmlSecBnSetData(&bn2, data, size); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnSetData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", size); + xmlSecBnFinalize(&bn2); + return (NULL); + } + + /* check if it is a negative number or not */ + data = xmlSecBufferGetData(&bn2); + size = xmlSecBufferGetSize(&bn2); + if((size > 0) && (data[0] > 127)) { + /* subtract 1 and do 2's compliment */ + ret = xmlSecBnAdd(&bn2, -1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnAdd", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", size); + xmlSecBnFinalize(&bn2); + return (NULL); + } + for(i = 0; i < size; ++i) { + data[i] ^= 0xFF; + } + + positive = 0; + } else { + positive = 1; + } + /* Result string len is * len = log base (256) * * Since the smallest base == 2 then we can get away with * len = 8 * */ ! len = 8 * size + 1 + 1; res = (xmlChar*)xmlMalloc(len + 1); if(res == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! "len=%d", len); ! xmlSecBnFinalize(&bn2); ! return (NULL); } memset(res, 0, len + 1); ! for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) { ! if(xmlSecBnDiv(&bn2, base, &nn) < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnDiv", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! xmlFree(res); ! xmlSecBnFinalize(&bn2); ! return (NULL); ! } ! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); ! res[i] = xmlSecBnRevLookupTable[nn]; } xmlSecAssert2(i < len, NULL); *************** *** 301,313 **** for(len = i; (len > 1) && (res[len - 1] == '0'); len--); res[len] = '\0'; /* swap the string because we wrote it in reverse order */ for(i = 0; i < len / 2; i++) { ! ch = res[i]; ! res[i] = res[len - i - 1]; ! res[len - i - 1] = ch; } return(res); } --- 435,454 ---- for(len = i; (len > 1) && (res[len - 1] == '0'); len--); res[len] = '\0'; + /* add "-" for negative numbers */ + if(positive == 0) { + res[len] = '-'; + res[++len] = '\0'; + } + /* swap the string because we wrote it in reverse order */ for(i = 0; i < len / 2; i++) { ! ch = res[i]; ! res[i] = res[len - i - 1]; ! res[len - i - 1] = ch; } + xmlSecBnFinalize(&bn2); return(res); } *************** *** 392,398 **** } data = xmlSecBufferGetData(bn); ! for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) { xmlSecAssert2(data != NULL, -1); over = over + multiplier * data[--i]; --- 533,541 ---- } data = xmlSecBufferGetData(bn); ! i = xmlSecBufferGetSize(bn); ! over = 0; ! while(i > 0) { xmlSecAssert2(data != NULL, -1); over = over + multiplier * data[--i]; *************** *** 487,529 **** */ int xmlSecBnAdd(xmlSecBnPtr bn, int delta) { ! int over; xmlSecByte* data; xmlSecSize i; xmlSecByte ch; int ret; xmlSecAssert2(bn != NULL, -1); - xmlSecAssert2(delta >= 0, -1); if(delta == 0) { ! return(0); } data = xmlSecBufferGetData(bn); ! for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) { ! xmlSecAssert2(data != NULL, -1); ! over += data[--i]; ! data[i] = over % 256; ! over = over / 256; ! } ! while(over > 0) { ! ch = over % 256; ! over = over / 256; ! ret = xmlSecBufferPrepend(bn, &ch, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBufferPrepend", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=1"); ! return (-1); ! } } - return(0); } --- 630,686 ---- */ int xmlSecBnAdd(xmlSecBnPtr bn, int delta) { ! int over, tmp; xmlSecByte* data; xmlSecSize i; xmlSecByte ch; int ret; xmlSecAssert2(bn != NULL, -1); if(delta == 0) { ! return(0); } data = xmlSecBufferGetData(bn); ! if(delta > 0) { ! for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) { ! xmlSecAssert2(data != NULL, -1); ! tmp = data[--i]; ! over += tmp; ! data[i] = over % 256; ! over = over / 256; ! } ! while(over > 0) { ! ch = over % 256; ! over = over / 256; ! ret = xmlSecBufferPrepend(bn, &ch, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBufferPrepend", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=1"); ! return (-1); ! } ! } ! } else { ! for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) { ! xmlSecAssert2(data != NULL, -1); ! ! tmp = data[--i]; ! if(tmp < over) { ! data[i] = 0; ! over = (over - tmp) / 256; ! } else { ! data[i] = tmp - over; ! over = 0; ! } ! } } return(0); } *************** *** 787,793 **** } if(addLineBreaks) { ! xmlNodeAddContent(cur, BAD_CAST "\n"); } switch(format) { --- 944,950 ---- } if(addLineBreaks) { ! xmlNodeAddContent(cur, xmlSecStringCR); } switch(format) { *************** *** 833,839 **** } if(addLineBreaks) { ! xmlNodeAddContent(cur, BAD_CAST "\n"); } return(0); --- 990,996 ---- } if(addLineBreaks) { ! xmlNodeAddContent(cur, xmlSecStringCR); } return(0); *** misc/xmlsec1-1.2.6/src/dl.c Wed Oct 29 16:57:20 2003 --- misc/build/xmlsec1-1.2.6/src/dl.c Fri May 11 14:47:19 2007 *************** *** 329,334 **** --- 329,338 ---- xmlSecCryptoDLInit(void) { int ret; + /* use xmlMalloc/xmlFree */ + xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; + xmlsec_lt_dlfree = xmlSecCryptoDLFree; + ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass()); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 350,358 **** } /* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */ - /* use xmlMalloc/xmlFree */ - xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; - xmlsec_lt_dlfree = xmlSecCryptoDLFree; return(0); } --- 354,359 ---- *** misc/xmlsec1-1.2.6/src/mscrypto/Makefile.in Fri May 11 14:47:49 2007 --- misc/build/xmlsec1-1.2.6/src/mscrypto/Makefile.in Fri May 11 14:47:19 2007 *************** *** 1 **** ! dummy --- 1,178 ---- ! # Makefile.in generated by automake 1.8.3 from Makefile.am. ! # @configure_input@ ! ! # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, ! # 2003, 2004 Free Software Foundation, Inc. ! # This Makefile.in is free software; the Free Software Foundation ! # gives unlimited permission to copy and/or distribute it, ! # with or without modifications, as long as this notice is preserved. ! ! # This program is distributed in the hope that it will be useful, ! # but WITHOUT ANY WARRANTY, to the extent permitted by law; without ! # even the implied warranty of MERCHANTABILITY or FITNESS FOR A ! # PARTICULAR PURPOSE. ! ! @SET_MAKE@ ! ! srcdir = @srcdir@ ! top_srcdir = @top_srcdir@ ! top_builddir = ../.. ! LTLIBRARIES = $(lib_LTLIBRARIES) ! am__DEPENDENCIES_1 = ! libxmlsec1_mscrypto_la_DEPENDENCIES = ../libxmlsec1.la \ ! $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ ! $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) ! am__objects_1 = ! am_libxmlsec1_mscrypto_la_OBJECTS = akmngr.lo app.lo certkeys.lo ciphers.lo crypto.lo \ ! digests.lo keysstore.lo kt_rsa.lo signatures.lo symkeys.lo \ ! x509.lo x509vfy.lo $(am__objects_1) ! libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS) ! DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) ! depcomp = $(SHELL) $(top_srcdir)/depcomp ! @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/certkeys.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/keysstore.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/kt_rsa.Plo ./$(DEPDIR)/signatures.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo ! COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ ! $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ! LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ ! $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ! $(AM_CFLAGS) $(CFLAGS) ! CCLD = $(CC) ! LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ! $(AM_LDFLAGS) $(LDFLAGS) -o $@ ! CC = @CC@ ! CCDEPMODE = @CCDEPMODE@ ! CFLAGS = @CFLAGS@ ! CPPFLAGS = @CPPFLAGS@ ! CYGPATH_W = @CYGPATH_W@ ! DEFS = @DEFS@ ! DEPDIR = @DEPDIR@ ! LDFLAGS = @LDFLAGS@ ! LIBS = @LIBS@ ! LIBTOOL = @LIBTOOL@ ! LIBXML_CFLAGS = @LIBXML_CFLAGS@ ! LIBXML_LIBS = @LIBXML_LIBS@ ! MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@ ! MSCRYPTO_LIBS = @MSCRYPTO_LIBS@ ! OBJEXT = @OBJEXT@ ! SHELL = @SHELL@ ! XMLSEC_DEFINES = @XMLSEC_DEFINES@ ! exec_prefix = @exec_prefix@ ! libdir = @libdir@ ! prefix = @prefix@ ! NULL = ! ! INCLUDES = \ ! -DPACKAGE=\"@PACKAGE@\" \ ! -I$(top_srcdir) \ ! -I$(top_srcdir)/include \ ! $(XMLSEC_DEFINES) \ ! $(MSCRYPTO_CFLAGS) \ ! $(LIBXSLT_CFLAGS) \ ! $(LIBXML_CFLAGS) \ ! $(NULL) ! ! lib_LTLIBRARIES = \ ! libxmlsec1-mscrypto.la \ ! $(NULL) ! ! libxmlsec1_mscrypto_la_LIBADD = \ ! ../libxmlsec1.la \ ! $(MSCRYPTO_LIBS) \ ! $(LIBXSLT_LIBS) \ ! $(LIBXML_LIBS) \ ! $(NULL) ! ! libxmlsec1_mscrypto_la_LDFLAGS = \ ! -version-info @XMLSEC_VERSION_INFO@ \ ! $(NULL) ! ! all: all-am ! ! .SUFFIXES: ! .SUFFIXES: .c .lo .o .obj ! ! clean-libLTLIBRARIES: ! -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) ! @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ ! dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ ! test "$$dir" = "$$p" && dir=.; \ ! echo "rm -f \"$${dir}/so_locations\""; \ ! rm -f "$${dir}/so_locations"; \ ! done ! libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES) ! $(LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_LDFLAGS) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS) ! ! mostlyclean-compile: ! -rm -f *.$(OBJEXT) ! ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certkeys.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509vfy.Plo@am__quote@ ! ! .c.o: ! @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ ! @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi ! @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ! @AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ ! @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ! @am__fastdepCC_FALSE@ $(COMPILE) -c $< ! ! .c.obj: ! @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ ! @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi ! @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ! @AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ ! @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ! @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ! ! .c.lo: ! @am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ ! @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi ! @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ! @AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' @AMDEPBACKSLASH@ ! @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ! @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ! ! mostlyclean-libtool: ! -rm -f *.lo ! ! clean-libtool: ! -rm -rf .libs _libs ! ! all-am: Makefile $(LTLIBRARIES) ! ! mostlyclean-generic: ! ! clean-generic: ! ! clean: clean-am ! ! clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ ! mostlyclean-am ! ! mostlyclean: mostlyclean-am ! ! mostlyclean-am: mostlyclean-compile mostlyclean-generic \ ! mostlyclean-libtool ! ! .PHONY: all all-am clean clean-generic \ ! clean-libLTLIBRARIES clean-libtool \ ! maintainer-clean-generic mostlyclean mostlyclean-compile \ ! mostlyclean-generic mostlyclean-libtool ! ! # Tell versions [3.59,3.63) of GNU make to not export all variables. ! # Otherwise a system limit (for SysV at least) may be exceeded. ! .NOEXPORT: *** misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c Fri May 11 14:47:44 2007 --- misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c Fri May 11 14:47:19 2007 *************** *** 1 **** ! dummy --- 1,235 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright......................... ! */ ! #include "globals.h" ! ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! ! /** ! * xmlSecMSCryptoAppliedKeysMngrCreate: ! * @hKeyStore: the pointer to key store. ! * @hCertStore: the pointer to certificate database. ! * ! * Create and load key store and certificate database into keys manager ! * ! * Returns keys manager pointer on success or NULL otherwise. ! */ ! xmlSecKeysMngrPtr ! xmlSecMSCryptoAppliedKeysMngrCreate( ! HCERTSTORE hKeyStore , ! HCERTSTORE hCertStore ! ) { ! xmlSecKeyDataStorePtr certStore = NULL ; ! xmlSecKeysMngrPtr keyMngr = NULL ; ! xmlSecKeyStorePtr keyStore = NULL ; ! ! keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; ! if( keyStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeyStoreCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return NULL ; ! } ! ! /*- ! * At present, MS Crypto engine do not provide a way to setup a key store. ! */ ! if( keyStore != NULL ) { ! /*TODO: binding key store.*/ ! } ! ! keyMngr = xmlSecKeysMngrCreate() ; ! if( keyMngr == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! return NULL ; ! } ! ! /*- ! * Add key store to manager, from now on keys manager destroys the store if ! * needed ! */ ! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecKeysMngrAdoptKeyStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! ! /*- ! * Initialize crypto library specific data in keys manager ! */ ! if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecMSCryptoKeysMngrInit" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! ! /*- ! * Set certificate databse to X509 key data store ! */ ! /*- ! * At present, MS Crypto engine do not provide a way to setup a cert store. ! */ ! ! /*- ! * Set the getKey callback ! */ ! keyMngr->getKey = xmlSecKeysMngrGetKey ; ! ! return keyMngr ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY symKey ! ) { ! /*TODO: import the key into keys manager.*/ ! return(0) ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY pubKey ! ) { ! /*TODO: import the key into keys manager.*/ ! return(0) ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY priKey ! ) { ! /*TODO: import the key into keys manager.*/ ! return(0) ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE keyStore ! ) { ! xmlSecKeyDataStorePtr x509Store ; ! ! xmlSecAssert2( mngr != NULL, -1 ) ; ! xmlSecAssert2( keyStore != NULL, -1 ) ; ! ! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ! if( x509Store == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetDataStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ! "xmlSecMSCryptoX509StoreAdoptKeyStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! return( 0 ) ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE trustedStore ! ) { ! xmlSecKeyDataStorePtr x509Store ; ! ! xmlSecAssert2( mngr != NULL, -1 ) ; ! xmlSecAssert2( trustedStore != NULL, -1 ) ; ! ! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ! if( x509Store == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetDataStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ! "xmlSecMSCryptoX509StoreAdoptKeyStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! return( 0 ) ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE untrustedStore ! ) { ! xmlSecKeyDataStorePtr x509Store ; ! ! xmlSecAssert2( mngr != NULL, -1 ) ; ! xmlSecAssert2( untrustedStore != NULL, -1 ) ; ! ! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ! if( x509Store == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetDataStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ! "xmlSecMSCryptoX509StoreAdoptKeyStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! return( 0 ) ; ! } ! *** misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c Wed Mar 17 06:06:43 2004 --- misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c Fri May 11 14:47:19 2007 *************** *** 41,46 **** --- 41,47 ---- * a public key from xml document is provided, we need HCRYPTKEY.... The focus * now is however directed to certificates. Wouter */ + /** replaced by a wrapper style for WINNT 4.0 struct _xmlSecMSCryptoKeyDataCtx { HCRYPTPROV hProv; BOOL fCallerFreeProv; *************** *** 51,56 **** --- 52,175 ---- HCRYPTKEY hKey; xmlSecKeyDataType type; }; + */ + /*- + * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is + * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support + * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 + */ + struct _mscrypt_key { + HCRYPTKEY hKey ; + int refcnt ; + } ; + + /*- + * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is + * the same as CryptContextAddRef. Because the CryptContextAddRef is not support + * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 + */ + struct _mscrypt_prov { + HCRYPTPROV hProv ; + BOOL freeprov ; + int refcnt ; + } ; + + struct _xmlSecMSCryptoKeyDataCtx { + struct _mscrypt_prov* p_prov ; + LPCTSTR providerName; + DWORD providerType; + PCCERT_CONTEXT pCert; + DWORD dwKeySpec; + struct _mscrypt_key* p_key ; + xmlSecKeyDataType type; + }; + + struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) { + struct _mscrypt_key* pkey ; + + pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ; + if( pkey == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + "mscrypt_create_key" , + NULL , + XMLSEC_ERRORS_R_MALLOC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE + ) ; + } + + pkey->hKey = key ; + pkey->refcnt = 1 ; + + return pkey ; + } + + struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) { + if( key ) + key->refcnt ++ ; + + return key ; + } + + int mscrypt_release_key( struct _mscrypt_key* key ) { + if( key ) { + key->refcnt -- ; + if( !key->refcnt ) { + if( key->hKey ) { + CryptDestroyKey( key->hKey ) ; + key->hKey = 0 ; + } + xmlFree( key ) ; + } else { + return key->refcnt ; + } + } + + return 0 ; + } + + struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) { + struct _mscrypt_prov* pprov ; + + pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ; + if( pprov == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + "mscrypt_create_prov" , + NULL , + XMLSEC_ERRORS_R_MALLOC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE + ) ; + } + + pprov->hProv = prov ; + pprov->freeprov = callerFree ; + pprov->refcnt = 1 ; + + return pprov ; + } + + struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) { + if( prov ) + prov->refcnt ++ ; + + return prov ; + } + + int mscrypt_release_prov( struct _mscrypt_prov* prov ) { + if( prov ) { + prov->refcnt -- ; + if( !prov->refcnt ) { + if( prov->hProv && prov->freeprov ) { + CryptReleaseContext( prov->hProv, 0 ) ; + prov->hProv = 0 ; + } + xmlFree( prov ) ; + } else { + return prov->refcnt ; + } + } + + return 0 ; + } /****************************************************************************** * *************** *** 88,111 **** ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! if (ctx->hKey != 0) { ! CryptDestroyKey(ctx->hKey); ! ctx->hKey = 0; ! } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); ctx->pCert = NULL; } ! if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) { ! CryptReleaseContext(ctx->hProv, 0); ! ctx->hProv = 0; ! ctx->fCallerFreeProv = FALSE; ! } else { ! ctx->hProv = 0; ! ctx->fCallerFreeProv = FALSE; ! } ctx->type = type; --- 207,226 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! if( ctx->p_key != 0 ) { ! mscrypt_release_key( ctx->p_key ) ; ! } ! ctx->p_key = mscrypt_create_key( 0 ) ; if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); ctx->pCert = NULL; } ! if( ( ctx->p_prov ) ) { ! mscrypt_release_prov( ctx->p_prov ) ; ! } ! ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ; ctx->type = type; *************** *** 116,124 **** if (!CryptAcquireCertificatePrivateKey(pCert, CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, ! &(ctx->hProv), &(ctx->dwKeySpec), ! &(ctx->fCallerFreeProv))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "CryptAcquireCertificatePrivateKey", --- 231,239 ---- if (!CryptAcquireCertificatePrivateKey(pCert, CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, ! &(ctx->p_prov->hProv), &(ctx->dwKeySpec), ! &(ctx->p_prov->freeprov))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "CryptAcquireCertificatePrivateKey", *************** *** 127,172 **** return(-1); } } else if((type & xmlSecKeyDataTypePublic) != 0){ ! if (!CryptAcquireContext(&(ctx->hProv), NULL, ! ctx->providerName, ctx->providerType, CRYPT_VERIFYCONTEXT)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CryptAcquireContext", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ctx->dwKeySpec = 0; ! ctx->fCallerFreeProv = TRUE; } else { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_XMLSEC_FAILED, "Unsupported keytype"); ! return(-1); ! } ! ! /* CryptImportPublicKeyInfo is only needed when a real key handle ! * is needed. The key handle is needed for de/encrypting and for ! * verifying of a signature, *not* for signing. We could call ! * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead ! * so no unnessecary calls to CryptImportPublicKeyInfo are being ! * made. WK ! */ ! if(!CryptImportPublicKeyInfo(ctx->hProv, ! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ! &(pCert->pCertInfo->SubjectPublicKeyInfo), ! &(ctx->hKey))) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CryptImportPublicKeyInfo", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } ctx->pCert = pCert; --- 242,280 ---- return(-1); } } else if((type & xmlSecKeyDataTypePublic) != 0){ ! if (!CryptAcquireContext(&(ctx->p_prov->hProv), NULL, ! NULL, /*AF: replaces "ctx->providerName" with "NULL" */ ctx->providerType, CRYPT_VERIFYCONTEXT)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CryptAcquireContext", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ctx->dwKeySpec = 0; ! ctx->p_prov->freeprov = TRUE; ! ! if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv, ! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ! &(pCert->pCertInfo->SubjectPublicKeyInfo), ! &(ctx->p_key->hKey) ) ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CryptImportPublicKeyInfo", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } } else { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_XMLSEC_FAILED, "Unsupported keytype"); ! return(-1); } ctx->pCert = pCert; *************** *** 190,218 **** ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! if(ctx->hKey != 0) { ! CryptDestroyKey(ctx->hKey); ! ctx->hKey = 0; ! } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); ctx->pCert = NULL; } ! if((ctx->hProv != 0) && ctx->fCallerFreeProv) { ! CryptReleaseContext(ctx->hProv, 0); ! ctx->hProv = 0; ! ctx->fCallerFreeProv = FALSE; ! } else { ! ctx->hProv = 0; ! ctx->fCallerFreeProv = FALSE; ! } ! ctx->hProv = hProv; ! ctx->fCallerFreeProv = fCallerFreeProv; ctx->dwKeySpec = dwKeySpec; ! ctx->hKey = hKey; ctx->type = type; return(0); --- 298,323 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! if( ctx->p_key != 0 ) { ! mscrypt_release_key( ctx->p_key ) ; ! ctx->p_key = NULL ; ! } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); ctx->pCert = NULL; } ! if( ( ctx->p_prov ) ) { ! mscrypt_release_prov( ctx->p_prov ) ; ! ctx->p_prov = NULL ; ! } else { ! ctx->p_prov = NULL ; ! } ! ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ; ctx->dwKeySpec = dwKeySpec; ! ctx->p_key = mscrypt_create_key( hKey ) ; ctx->type = type; return(0); *************** *** 238,244 **** ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); ! return(ctx->hKey); } /** --- 343,349 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); ! return( ctx->p_key ? ctx->p_key->hKey : 0 ); } /** *************** *** 273,279 **** ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); ! return(ctx->hProv); } DWORD --- 378,384 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); ! return( ctx->p_prov ? ctx->p_prov->hProv : 0 ); } DWORD *************** *** 316,340 **** XMLSEC_ERRORS_NO_MESSAGE); return(-1); } - } - - if (ctxSrc->hKey != 0) { - if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CryptDuplicateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } } ! if(ctxSrc->hProv != 0) { ! CryptContextAddRef(ctxSrc->hProv, NULL, 0); ! ctxDst->hProv = ctxSrc->hProv; ! ctxDst->fCallerFreeProv = TRUE; ! } else { ! ctxDst->hProv = 0; ! ctxDst->fCallerFreeProv = FALSE; } ctxDst->dwKeySpec = ctxSrc->dwKeySpec; --- 421,456 ---- XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } ! ! if( ctxSrc->p_key ) { ! if( ctxDst->p_key ) ! mscrypt_release_key( ctxDst->p_key ) ; ! ! ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ; ! if( !ctxDst->p_key ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), ! "mscrypt_acquire_key", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } ! ! if( ctxSrc->p_prov ) { ! if( ctxDst->p_prov ) ! mscrypt_release_prov( ctxDst->p_prov ) ; ! ! ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ; ! if( !ctxDst->p_prov ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), ! "mscrypt_acquire_prov", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } } ctxDst->dwKeySpec = ctxSrc->dwKeySpec; *************** *** 355,370 **** ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert(ctx != NULL); ! if (ctx->hKey != 0) { ! CryptDestroyKey(ctx->hKey); } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); } ! if ((ctx->hProv != 0) && ctx->fCallerFreeProv) { ! CryptReleaseContext(ctx->hProv, 0); } memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); --- 471,486 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert(ctx != NULL); ! if( ctx->p_key ) { ! mscrypt_release_key( ctx->p_key ) ; } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); } ! if( ctx->p_prov ) { ! mscrypt_release_prov( ctx->p_prov ) ; } memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); *************** *** 384,397 **** xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); ! } else if (ctx->hKey != 0) { DWORD length = 0; DWORD lenlen = sizeof(DWORD); ! ! if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "CertDuplicateCertificateContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(0); --- 500,513 ---- xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); ! } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) { DWORD length = 0; DWORD lenlen = sizeof(DWORD); ! ! if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "CryptGetKeyParam", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(0); *************** *** 581,587 **** --- 697,707 ---- static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output); static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output); + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { + #else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { + #endif sizeof(xmlSecKeyDataKlass), xmlSecMSCryptoKeyDataSize, *************** *** 938,946 **** ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->hKey != 0, -1); ! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", --- 1058,1067 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->p_key != 0, -1); ! xmlSecAssert2(ctx->p_key->hKey != 0, -1); ! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", *************** *** 960,966 **** } blob = xmlSecBufferGetData(&buf); ! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", --- 1081,1087 ---- } blob = xmlSecBufferGetData(&buf); ! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", *************** *** 1295,1301 **** --- 1416,1426 ---- static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output); + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { + #else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { + #endif sizeof(xmlSecKeyDataKlass), xmlSecMSCryptoKeyDataSize, *************** *** 1797,1805 **** ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->hKey != 0, -1); ! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", --- 1922,1931 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->p_key != 0, -1); ! xmlSecAssert2(ctx->p_key->hKey != 0, -1); ! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", *************** *** 1819,1825 **** } blob = xmlSecBufferGetData(&buf); ! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", --- 1945,1951 ---- } blob = xmlSecBufferGetData(&buf); ! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", *************** *** 2010,2016 **** HCRYPTKEY hKey = 0; DWORD dwKeySpec; DWORD dwSize; - int res = -1; int ret; xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown); --- 2136,2141 ---- *************** *** 2043,2054 **** dwKeySpec = AT_SIGNATURE; dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { ! xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CryptGenKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! goto done; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, --- 2168,2181 ---- dwKeySpec = AT_SIGNATURE; dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { ! xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CryptGenKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! if (hProv != 0) ! CryptReleaseContext(hProv, 0); ! return -1 ; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, *************** *** 2059,2082 **** "xmlSecMSCryptoKeyDataAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! hProv = 0; ! hKey = 0; ! /* success */ ! res = 0; ! ! done: ! if (hProv != 0) { ! CryptReleaseContext(ctx->hProv, 0); } ! if (hKey != 0) { ! CryptDestroyKey(hKey); ! } ! ! return(res); } static xmlSecKeyDataType --- 2186,2202 ---- "xmlSecMSCryptoKeyDataAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! if( hKey != 0 ) ! CryptDestroyKey( hKey ) ; ! if( hProv != 0 ) ! CryptReleaseContext( hProv, 0 ) ; ! return -1 ; } + hProv = 0 ; + hKey = 0 ; ! return 0 ; } static xmlSecKeyDataType *** misc/xmlsec1-1.2.6/src/mscrypto/ciphers.c Fri Sep 26 08:12:51 2003 --- misc/build/xmlsec1-1.2.6/src/mscrypto/ciphers.c Fri May 11 14:47:19 2007 *************** *** 785,791 **** --- 785,795 ---- * AES CBC cipher transforms * ********************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { + #else static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ *************** *** 824,830 **** --- 828,838 ---- return(&xmlSecMSCryptoAes128CbcKlass); } + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { + #else static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ *************** *** 863,869 **** --- 871,881 ---- return(&xmlSecMSCryptoAes192CbcKlass); } + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { + #else static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ *************** *** 906,912 **** --- 918,928 ---- #ifndef XMLSEC_NO_DES + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { + #else static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* size_t klassSize */ xmlSecMSCryptoBlockCipherSize, /* size_t objSize */ *** misc/xmlsec1-1.2.6/src/mscrypto/crypto.c Wed Nov 12 03:38:51 2003 --- misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c Fri May 11 14:47:19 2007 *************** *** 330,342 **** BYTE* xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { BYTE* str = NULL; ! xmlSecAssert2(pszX500 != NULL, NULL); xmlSecAssert2(len != NULL, NULL); if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, ! NULL, NULL, len, NULL)) { /* this might not be an error, string might just not exist */ return(NULL); } --- 330,344 ---- BYTE* xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { BYTE* str = NULL; ! LPCTSTR ppszError = NULL; ! xmlSecAssert2(pszX500 != NULL, NULL); xmlSecAssert2(len != NULL, NULL); if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, ! NULL, NULL, len, &ppszError)) { /* this might not be an error, string might just not exist */ + DWORD dw = GetLastError(); return(NULL); } *** misc/xmlsec1-1.2.6/src/mscrypto/digests.c Tue Sep 30 04:09:51 2003 --- misc/build/xmlsec1-1.2.6/src/mscrypto/digests.c Fri May 11 14:47:19 2007 *************** *** 96,107 **** /* TODO: Check what provider is best suited here.... */ if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } return(0); --- 96,110 ---- /* TODO: Check what provider is best suited here.... */ if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { ! //#i57942# This is also committed in rev 1.4 of this file in the xmlsec project ! if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! } ! return(0); } return(0); *************** *** 298,304 **** --- 301,311 ---- * SHA1 * *****************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { + #else static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* size_t klassSize */ xmlSecMSCryptoDigestSize, /* size_t objSize */ *** misc/xmlsec1-1.2.6/src/mscrypto/keysstore.c Sat Sep 27 05:12:22 2003 --- misc/build/xmlsec1-1.2.6/src/mscrypto/keysstore.c Fri May 11 14:47:19 2007 *************** *** 62,68 **** --- 62,72 ---- const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx); + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { + #else static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { + #endif sizeof(xmlSecKeyStoreKlass), xmlSecMSCryptoKeysStoreSize, *** misc/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c Fri Sep 26 22:29:25 2003 --- misc/build/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c Fri May 11 14:47:19 2007 *************** *** 66,72 **** --- 66,76 ---- static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx); + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { + #else static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */ *** misc/xmlsec1-1.2.6/src/mscrypto/signatures.c Fri Sep 26 22:29:25 2003 --- misc/build/xmlsec1-1.2.6/src/mscrypto/signatures.c Fri May 11 14:47:19 2007 *************** *** 483,489 **** --- 483,493 ---- * RSA-SHA1 signature transform * ***************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { + #else static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ *************** *** 531,537 **** --- 535,545 ---- * ***************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { + #else static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ *** misc/xmlsec1-1.2.6/src/mscrypto/symkeys.c Fri Sep 26 02:58:13 2003 --- misc/build/xmlsec1-1.2.6/src/mscrypto/symkeys.c Fri May 11 14:47:19 2007 *************** *** 72,78 **** --- 72,82 ---- * processing * *************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { + #else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { + #endif sizeof(xmlSecKeyDataKlass), xmlSecKeyDataBinarySize, *************** *** 153,159 **** --- 157,167 ---- * processing * *************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { + #else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { + #endif sizeof(xmlSecKeyDataKlass), xmlSecKeyDataBinarySize, *** misc/xmlsec1-1.2.6/src/mscrypto/x509.c Fri Sep 26 02:58:13 2003 --- misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c Fri May 11 14:47:19 2007 *************** *** 240,246 **** --- 240,250 ---- + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { + #else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { + #endif sizeof(xmlSecKeyDataKlass), xmlSecMSCryptoX509DataSize, *************** *** 1572,1577 **** --- 1576,1582 ---- xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecMSCryptoX509DataCtxPtr ctx; xmlSecKeyDataStorePtr x509Store; + PCCERT_CONTEXT pCert ; int ret; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1); *************** *** 1610,1615 **** --- 1615,1667 ---- return(-1); } + /* + * I'll search key according to KeyReq. + */ + pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; + if( pCert == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CertDuplicateCertificateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + return(-1); + } + + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoCertAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + CertFreeCertificateContext( pCert ) ; + return(-1); + } + pCert = NULL ; + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoCertAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + CertFreeCertificateContext( pCert ) ; + return(-1); + } + pCert = NULL ; + } + + + + /*- + * Get Public key from cert, which does not always work for sign action. + * keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 1619,1624 **** --- 1671,1721 ---- XMLSEC_ERRORS_NO_MESSAGE); return(-1); } + */ + + /*- + * I'll search key according to KeyReq. + */ + pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; + if( pCert == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CertDuplicateCertificateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + return(-1); + } + + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoCertAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + CertFreeCertificateContext( pCert ) ; + return(-1); + } + pCert = NULL ; + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoCertAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + CertFreeCertificateContext( pCert ) ; + return(-1); + } + pCert = NULL ; + } + + /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { *************** *** 1882,1888 **** xmlSecAssert2(nm->pbData != NULL, NULL); xmlSecAssert2(nm->cbData > 0, NULL); ! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0); str = (char *)xmlMalloc(csz); if (NULL == str) { xmlSecError(XMLSEC_ERRORS_HERE, --- 1979,1985 ---- xmlSecAssert2(nm->pbData != NULL, NULL); xmlSecAssert2(nm->cbData > 0, NULL); ! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0); str = (char *)xmlMalloc(csz); if (NULL == str) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 1893,1899 **** return (NULL); } ! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz); if (csz < 1) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, --- 1990,1996 ---- return (NULL); } ! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz); if (csz < 1) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, *************** *** 1904,1920 **** return(NULL); } ! res = xmlStrdup(BAD_CAST str); ! if(res == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlStrdup", ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlFree(str); ! return(NULL); } - xmlFree(str); return(res); } --- 2001,2037 ---- return(NULL); } ! /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead. ! * don't ask me how is it possible not to read something you wrote yourself but also ! * see comment in the xmlSecMSCryptoX509FindCert function. ! */ ! if(strncmp(str, "E=", 2) == 0) { ! res = xmlMalloc(strlen(str) + 13 + 1); ! if(res == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlMalloc", ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! "size=%d", ! strlen(str) + 13 + 1); ! xmlFree(str); ! return(NULL); ! } ! ! memcpy(res, "emailAddress=", 13); ! strcpy(res + 13, BAD_CAST (str + 2)); ! } else { ! res = xmlStrdup(BAD_CAST str); ! if(res == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlStrdup", ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlFree(str); ! return(NULL); ! } } xmlFree(str); return(res); } *************** *** 2153,2159 **** --- 2270,2280 ---- xmlSecSize bufSize, xmlSecKeyInfoCtxPtr keyInfoCtx); + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { + #else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { + #endif sizeof(xmlSecKeyDataKlass), sizeof(xmlSecKeyData), *** misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c Sat Sep 27 05:12:22 2003 --- misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c Fri May 11 14:47:19 2007 *************** *** 70,76 **** --- 70,80 ---- static xmlSecByte * xmlSecMSCryptoX509NameRead (xmlSecByte *str, int len); + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { + #else static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { + #endif sizeof(xmlSecKeyDataStoreKlass), xmlSecMSCryptoX509StoreSize, *************** *** 125,130 **** --- 129,135 ---- xmlChar *issuerName, xmlChar *issuerSerial, xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { xmlSecMSCryptoX509StoreCtxPtr ctx; + PCCERT_CONTEXT pCert ; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); *************** *** 132,141 **** ctx = xmlSecMSCryptoX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->untrusted != NULL, NULL); ! return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski)); ! } static void xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { --- 137,153 ---- ctx = xmlSecMSCryptoX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->untrusted != NULL, NULL); + xmlSecAssert2(ctx->trusted != NULL, NULL); ! pCert = NULL ; ! if( ctx->untrusted != NULL ) ! pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ; ! ! if( ctx->trusted != NULL && pCert == NULL ) ! pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ; + return( pCert ) ; + } static void xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { *************** *** 252,268 **** } static BOOL ! xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs, ! xmlSecKeyInfoCtx* keyInfoCtx) { xmlSecMSCryptoX509StoreCtxPtr ctx; PCCERT_CONTEXT issuerCert = NULL; FILETIME fTime; DWORD flags; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); xmlSecAssert2(cert != NULL, FALSE); xmlSecAssert2(cert->pCertInfo != NULL, FALSE); ! xmlSecAssert2(certs != NULL, FALSE); xmlSecAssert2(keyInfoCtx != NULL, FALSE); ctx = xmlSecMSCryptoX509StoreGetCtx(store); --- 264,285 ---- } static BOOL ! xmlSecMSCryptoX509StoreConstructCertsChain( ! xmlSecKeyDataStorePtr store , ! PCCERT_CONTEXT cert , ! HCERTSTORE certStore , ! xmlSecKeyInfoCtx* keyInfoCtx ! ) { xmlSecMSCryptoX509StoreCtxPtr ctx; PCCERT_CONTEXT issuerCert = NULL; FILETIME fTime; DWORD flags; + BOOL selfSigned ; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); xmlSecAssert2(cert != NULL, FALSE); xmlSecAssert2(cert->pCertInfo != NULL, FALSE); ! xmlSecAssert2(certStore != NULL, FALSE); xmlSecAssert2(keyInfoCtx != NULL, FALSE); ctx = xmlSecMSCryptoX509StoreGetCtx(store); *************** *** 283,342 **** return(FALSE); } ! if (!xmlSecMSCryptoCheckRevocation(certs, cert)) { return(FALSE); } ! /* try the untrusted certs in the chain */ ! issuerCert = CertFindCertificateInStore(certs, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, ! &(cert->pCertInfo->Issuer), NULL); ! if(issuerCert == cert) { ! /* self signed cert, forget it */ ! CertFreeCertificateContext(issuerCert); ! } else if(issuerCert != NULL) { ! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; ! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! CertFreeCertificateContext(issuerCert); ! return(TRUE); } ! /* try the untrusted certs in the store */ ! issuerCert = CertFindCertificateInStore(ctx->untrusted, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &(cert->pCertInfo->Issuer), NULL); ! if(issuerCert == cert) { ! /* self signed cert, forget it */ ! CertFreeCertificateContext(issuerCert); ! } else if(issuerCert != NULL) { ! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; ! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { ! CertFreeCertificateContext(issuerCert); ! return(FALSE); } - CertFreeCertificateContext(issuerCert); - return(TRUE); - } /* try to find issuer cert in the trusted cert in the store */ issuerCert = CertFindCertificateInStore(ctx->trusted, --- 300,384 ---- return(FALSE); } ! if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) { return(FALSE); } ! /*- ! * Firstly try to find the cert in the trusted cert store. We will trust ! * the certificate in the trusted store. ! */ ! issuerCert = CertFindCertificateInStore(ctx->trusted, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, ! &(cert->pCertInfo->Subject), NULL); ! if( issuerCert != NULL ) { ! /* We have found the trusted cert, so return true */ ! CertFreeCertificateContext( issuerCert ) ; ! return( TRUE ) ; } ! /* Check whether the certificate is self signed certificate */ ! selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ; ! ! /* try the untrusted certs in the chain */ ! if( !selfSigned ) { ! issuerCert = CertFindCertificateInStore(certStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &(cert->pCertInfo->Issuer), NULL); ! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { ! /* self signed cert, forget it */ ! CertFreeCertificateContext(issuerCert); ! } else if(issuerCert != NULL) { ! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; ! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! ! CertFreeCertificateContext(issuerCert); ! return(TRUE); ! } ! } ! ! /* try the untrusted certs in the store */ ! if( !selfSigned ) { ! issuerCert = CertFindCertificateInStore(ctx->untrusted, ! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ! 0, ! CERT_FIND_SUBJECT_NAME, ! &(cert->pCertInfo->Issuer), ! NULL); ! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { ! /* self signed cert, forget it */ ! CertFreeCertificateContext(issuerCert); ! } else if(issuerCert != NULL) { ! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; ! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! ! CertFreeCertificateContext(issuerCert); ! return(TRUE); ! } } /* try to find issuer cert in the trusted cert in the store */ issuerCert = CertFindCertificateInStore(ctx->trusted, *************** *** 379,404 **** xmlSecAssert2(certs != NULL, NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); ! while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){ ! PCCERT_CONTEXT nextCert = NULL; ! xmlSecAssert2(cert->pCertInfo != NULL, NULL); ! /* if cert is the issuer of any other cert in the list, then it is ! * to be skipped */ ! nextCert = CertFindCertificateInStore(certs, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ISSUER_NAME, &(cert->pCertInfo->Subject), ! NULL); ! if(nextCert != NULL) { ! CertFreeCertificateContext(nextCert); ! continue; ! } ! if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { ! return(cert); ! } } return (NULL); --- 421,481 ---- xmlSecAssert2(certs != NULL, NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); ! while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) { ! PCCERT_CONTEXT nextCert ; ! unsigned char selected ; ! xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ; ! /* if cert is the issuer of any other cert in the list, then it is ! * to be skipped except that the cert list only have one self-signed ! * certificate. ! */ ! for( selected = 0, nextCert = NULL ; ; ) { ! nextCert = CertFindCertificateInStore( certs, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ISSUER_NAME, &(cert->pCertInfo->Subject), ! nextCert ) ; ! if( nextCert != NULL ) { ! if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) { ! selected = 1 ; ! continue ; ! } else { ! selected = 0 ; ! break ; ! } ! } else { ! selected = 1 ; ! break ; ! } ! } ! ! if( nextCert != NULL ) ! CertFreeCertificateContext( nextCert ) ; ! ! if( !selected ) { ! continue ; ! } ! ! /* JL: OpenOffice.org implements its own certificate verification routine. ! The goal is to seperate validation of the signature ! and the certificate. For example, OOo could show that the document signature is valid, ! but the certificate could not be verified. If we do not prevent the verification of ! the certificate by libxmlsec and the verification fails, then the XML signature will not be ! verified. This would happen, for example, if the root certificate is not installed. ! ! In the store schould only be the certificate from the X509Certificate element ! and the X509IssuerSerial element. The latter is only there ! if the certificate is installed. Both certificates must be the same! ! In case of writing the signature, the store contains only the certificate that ! was created based on the information from the X509IssuerSerial element. */ ! return cert; ! ! /* if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) { ! return( cert ) ; ! } */ } return (NULL); *************** *** 458,466 **** --- 535,660 ---- return(0); } + int + xmlSecMSCryptoX509StoreAdoptKeyStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE keyStore + ) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + xmlSecAssert2( keyStore != NULL, -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->trusted != NULL, -1); + + if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + { + PCCERT_CONTEXT ptCert ; + + ptCert = NULL ; + while( 1 ) { + ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; + if( ptCert == NULL ) + break ; + } + } + + return(0); + } + + int + xmlSecMSCryptoX509StoreAdoptTrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE trustedStore + ) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + xmlSecAssert2( trustedStore != NULL, -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->trusted != NULL, -1); + + if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + { + PCCERT_CONTEXT ptCert ; + + ptCert = NULL ; + while( 1 ) { + ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; + if( ptCert == NULL ) + break ; + } + } + + return(0); + } + + int + xmlSecMSCryptoX509StoreAdoptUntrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE untrustedStore + ) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + xmlSecAssert2( untrustedStore != NULL, -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->untrusted != NULL, -1); + + if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + { + PCCERT_CONTEXT ptCert ; + + ptCert = NULL ; + while( 1 ) { + ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ; + if( ptCert == NULL ) + break ; + } + } + + return(0); + } + static int xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { xmlSecMSCryptoX509StoreCtxPtr ctx; + HCERTSTORE hTrustedMemStore ; + HCERTSTORE hUntrustedMemStore ; + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); ctx = xmlSecMSCryptoX509StoreGetCtx(store); *************** *** 468,503 **** memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); /* create trusted certs store */ ! ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); ! if(ctx->trusted == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "CertOpenStore", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ! /* create trusted certs store */ ! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); ! if(ctx->untrusted == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "CertOpenStore", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); } --- 662,765 ---- memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); + /* create trusted certs store collection */ + ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, + 0, + NULL, + 0, + NULL); + if(ctx->trusted == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertOpenStore", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + /* create trusted certs store */ ! hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); ! if(hTrustedMemStore == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "CertOpenStore", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + ctx->trusted = NULL ; return(-1); } ! /* add the memory trusted certs store to trusted certs store collection */ ! if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CertAddStoreToCollection", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ! ctx->trusted = NULL ; ! return(-1); ! } ! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ! ! /* create untrusted certs store collection */ ! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, ! 0, ! NULL, ! 0, ! NULL); ! if(ctx->untrusted == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CertOpenStore", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ! ctx->trusted = NULL ; ! return(-1); ! } ! ! /* create untrusted certs store */ ! hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); ! if(hUntrustedMemStore == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "CertOpenStore", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); + ctx->trusted = NULL ; + ctx->untrusted = NULL ; return(-1); } + /* add the memory trusted certs store to untrusted certs store collection */ + if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); + ctx->trusted = NULL ; + ctx->untrusted = NULL ; + return(-1); + } + CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); + return(0); } *************** *** 567,576 **** --- 829,869 ---- if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) { xmlSecBn issuerSerialBn; + xmlChar * p; CERT_NAME_BLOB cnb; + CRYPT_INTEGER_BLOB cib; BYTE *cName = NULL; DWORD cNameLen = 0; + + /* aleksey: for some unknown to me reasons, mscrypto wants Email + * instead of emailAddress. This code is not bullet proof and may + * produce incorrect results if someone has "emailAddress=" string + * in one of the fields, but it is best I can suggest to fix this problem. + * Also see xmlSecMSCryptoX509NameWrite function. + */ + while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) { + memcpy(p, " Email=", 13); + } + + + /* get issuer name */ + cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + issuerName, + CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, + &cNameLen); + if(cName == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecMSCryptoCertStrToName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return (NULL); + } + cnb.pbData = cName; + cnb.cbData = cNameLen; + + /* get serial number */ ret = xmlSecBnInitialize(&issuerSerialBn, 0); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 578,583 **** --- 871,877 ---- "xmlSecBnInitialize", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(cName); return(NULL); } *************** *** 589,614 **** XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecBnFinalize(&issuerSerialBn); ! return(NULL); } ! cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ! issuerName, ! CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ! &cNameLen); ! if(cName == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "xmlSecMSCryptoCertStrToName", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecBnFinalize(&issuerSerialBn); ! return (NULL); } ! cnb.pbData = cName; ! cnb.cbData = cNameLen; ! while((pCert = CertFindCertificateInStore(store, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0, CERT_FIND_ISSUER_NAME, --- 883,912 ---- XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecBnFinalize(&issuerSerialBn); ! xmlFree(cName); ! return(NULL); } ! /* I have no clue why at a sudden a swap is needed to ! * convert from lsb... This code is purely based upon ! * trial and error :( WK ! */ ! ret = xmlSecBnReverse(&issuerSerialBn); ! if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "xmlSecBnReverse", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecBnFinalize(&issuerSerialBn); ! xmlFree(cName); ! return(NULL); } ! cib.pbData = xmlSecBufferGetData(&issuerSerialBn); ! cib.cbData = xmlSecBufferGetSize(&issuerSerialBn); ! ! while((pCert = CertFindCertificateInStore(store, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0, CERT_FIND_ISSUER_NAME, *************** *** 622,631 **** if((pCert->pCertInfo != NULL) && (pCert->pCertInfo->SerialNumber.pbData != NULL) && (pCert->pCertInfo->SerialNumber.cbData > 0) && ! (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData, ! pCert->pCertInfo->SerialNumber.cbData))) { ! ! break; } } xmlFree(cName); --- 920,928 ---- if((pCert->pCertInfo != NULL) && (pCert->pCertInfo->SerialNumber.pbData != NULL) && (pCert->pCertInfo->SerialNumber.cbData > 0) && ! (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE) ! ) { ! break; } } xmlFree(cName); *** misc/xmlsec1-1.2.6/src/nss/Makefile.am Tue Sep 16 11:43:03 2003 --- misc/build/xmlsec1-1.2.6/src/nss/Makefile.am Fri May 11 14:47:19 2007 *************** *** 20,40 **** $(NULL) libxmlsec1_nss_la_SOURCES =\ app.c \ bignum.c \ ciphers.c \ crypto.c \ digests.c \ hmac.c \ pkikeys.c \ signatures.c \ symkeys.c \ x509.c \ x509vfy.c \ - keysstore.c \ - kt_rsa.c \ - kw_des.c \ - kw_aes.c \ $(NULL) libxmlsec1_nss_la_LIBADD = \ --- 20,41 ---- $(NULL) libxmlsec1_nss_la_SOURCES =\ + akmngr.c \ app.c \ bignum.c \ ciphers.c \ crypto.c \ digests.c \ hmac.c \ + keysstore.c \ + keytrans.c \ + keywrapers.c \ pkikeys.c \ signatures.c \ symkeys.c \ + tokens.c \ x509.c \ x509vfy.c \ $(NULL) libxmlsec1_nss_la_LIBADD = \ *** misc/xmlsec1-1.2.6/src/nss/Makefile.in Thu Aug 26 08:00:32 2004 --- misc/build/xmlsec1-1.2.6/src/nss/Makefile.in Fri May 11 14:47:19 2007 *************** *** 54,62 **** $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__objects_1 = ! am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \ digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ ! x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \ $(am__objects_1) libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) --- 54,62 ---- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__objects_1 = ! am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \ digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ ! x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \ $(am__objects_1) libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) *************** *** 65,75 **** @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ --- 65,75 ---- @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ *************** *** 321,341 **** $(NULL) libxmlsec1_nss_la_SOURCES = \ app.c \ bignum.c \ ciphers.c \ crypto.c \ digests.c \ hmac.c \ pkikeys.c \ signatures.c \ symkeys.c \ x509.c \ x509vfy.c \ - keysstore.c \ - kt_rsa.c \ - kw_des.c \ - kw_aes.c \ $(NULL) libxmlsec1_nss_la_LIBADD = \ --- 321,342 ---- $(NULL) libxmlsec1_nss_la_SOURCES = \ + akmngr.c \ app.c \ bignum.c \ ciphers.c \ crypto.c \ digests.c \ hmac.c \ + keysstore.c \ + keytrans.c \ + keywrappers.c \ pkikeys.c \ signatures.c \ symkeys.c \ + tokens.c \ x509.c \ x509vfy.c \ $(NULL) libxmlsec1_nss_la_LIBADD = \ *************** *** 418,423 **** --- 419,425 ---- distclean-compile: -rm -f *.tab.c + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ *************** *** 425,433 **** @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ --- 427,435 ---- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ *** misc/xmlsec1-1.2.6/src/nss/akmngr.c Fri May 11 14:47:44 2007 --- misc/build/xmlsec1-1.2.6/src/nss/akmngr.c Fri May 11 14:47:19 2007 *************** *** 1 **** ! dummy --- 1,384 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright......................... ! */ ! #include "globals.h" ! ! #include ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! #include ! #include ! ! /** ! * xmlSecNssAppliedKeysMngrCreate: ! * @slot: array of pointers to NSS PKCS#11 slot infomation. ! * @cSlots: number of slots in the array ! * @handler: the pointer to NSS certificate database. ! * ! * Create and load NSS crypto slot and certificate database into keys manager ! * ! * Returns keys manager pointer on success or NULL otherwise. ! */ ! xmlSecKeysMngrPtr ! xmlSecNssAppliedKeysMngrCreate( ! PK11SlotInfo** slots, ! int cSlots, ! CERTCertDBHandle* handler ! ) { ! xmlSecKeyDataStorePtr certStore = NULL ; ! xmlSecKeysMngrPtr keyMngr = NULL ; ! xmlSecKeyStorePtr keyStore = NULL ; ! int islot = 0; ! keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; ! if( keyStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeyStoreCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return NULL ; ! } ! ! for (islot = 0; islot < cSlots; islot++) ! { ! xmlSecNssKeySlotPtr keySlot ; ! ! /* Create a key slot */ ! keySlot = xmlSecNssKeySlotCreate() ; ! if( keySlot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecNssKeySlotCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! return NULL ; ! } ! ! /* Set slot */ ! if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecNssKeySlotSetSlot" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! xmlSecNssKeySlotDestroy( keySlot ) ; ! return NULL ; ! } ! ! /* Adopt keySlot */ ! if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecNssKeysStoreAdoptKeySlot" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! xmlSecNssKeySlotDestroy( keySlot ) ; ! return NULL ; ! } ! } ! ! keyMngr = xmlSecKeysMngrCreate() ; ! if( keyMngr == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! return NULL ; ! } ! ! /*- ! * Add key store to manager, from now on keys manager destroys the store if ! * needed ! */ ! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecKeysMngrAdoptKeyStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! ! /*- ! * Initialize crypto library specific data in keys manager ! */ ! if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! ! /*- ! * Set certificate databse to X509 key data store ! */ ! /** ! * Because Tej's implementation of certDB use the default DB, so I ignore ! * the certDB handler at present. I'll modify the cert store sources to ! * accept particular certDB instead of default ones. ! certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; ! if( certStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecKeysMngrGetDataStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! ! if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecNssKeyDataStoreX509SetCertDb" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! */ ! ! /*- ! * Set the getKey callback ! */ ! keyMngr->getKey = xmlSecKeysMngrGetKey ; ! ! return keyMngr ; ! } ! ! int ! xmlSecNssAppliedKeysMngrSymKeyLoad( ! xmlSecKeysMngrPtr mngr , ! PK11SymKey* symKey ! ) { ! xmlSecKeyPtr key ; ! xmlSecKeyDataPtr data ; ! xmlSecKeyStorePtr keyStore ; ! ! xmlSecAssert2( mngr != NULL , -1 ) ; ! xmlSecAssert2( symKey != NULL , -1 ) ; ! ! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ! if( keyStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetKeysStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ! ! data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; ! if( data == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! ! key = xmlSecKeyCreate() ; ! if( key == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecKeySetValue( key , data ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDestroy( key ) ; ! return(-1) ; ! } ! ! return(0) ; ! } ! ! int ! xmlSecNssAppliedKeysMngrPubKeyLoad( ! xmlSecKeysMngrPtr mngr , ! SECKEYPublicKey* pubKey ! ) { ! xmlSecKeyPtr key ; ! xmlSecKeyDataPtr data ; ! xmlSecKeyStorePtr keyStore ; ! ! xmlSecAssert2( mngr != NULL , -1 ) ; ! xmlSecAssert2( pubKey != NULL , -1 ) ; ! ! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ! if( keyStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetKeysStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ! ! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; ! if( data == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssPKIAdoptKey" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! ! key = xmlSecKeyCreate() ; ! if( key == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecKeySetValue( key , data ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDestroy( key ) ; ! return(-1) ; ! } ! ! return(0) ; ! } ! ! int ! xmlSecNssAppliedKeysMngrPriKeyLoad( ! xmlSecKeysMngrPtr mngr , ! SECKEYPrivateKey* priKey ! ) { ! xmlSecKeyPtr key ; ! xmlSecKeyDataPtr data ; ! xmlSecKeyStorePtr keyStore ; ! ! xmlSecAssert2( mngr != NULL , -1 ) ; ! xmlSecAssert2( priKey != NULL , -1 ) ; ! ! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ! if( keyStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetKeysStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ! ! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; ! if( data == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssPKIAdoptKey" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! ! key = xmlSecKeyCreate() ; ! if( key == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecKeySetValue( key , data ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDestroy( key ) ; ! return(-1) ; ! } ! ! return(0) ; ! } ! *** misc/xmlsec1-1.2.6/src/nss/ciphers.c Fri Sep 26 02:58:15 2003 --- misc/build/xmlsec1-1.2.6/src/nss/ciphers.c Fri May 11 14:47:19 2007 *************** *** 1,838 **** ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright (C) 2002-2003 Aleksey Sanin ! * Copyright (c) 2003 America Online, Inc. All rights reserved. ! */ #include "globals.h" #include - #include #include - #include #include #include #include #include #include #include ! #define XMLSEC_NSS_MAX_KEY_SIZE 32 ! #define XMLSEC_NSS_MAX_IV_SIZE 32 ! #define XMLSEC_NSS_MAX_BLOCK_SIZE 32 ! ! /************************************************************************** ! * ! * Internal Nss Block cipher CTX * ! *****************************************************************************/ ! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, ! *xmlSecNssBlockCipherCtxPtr; struct _xmlSecNssBlockCipherCtx { ! CK_MECHANISM_TYPE cipher; ! PK11Context* cipherCtx; ! xmlSecKeyDataId keyId; ! int keyInitialized; ! int ctxInitialized; ! xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; ! xmlSecSize keySize; ! xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; ! xmlSecSize ivSize; ! }; ! static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, ! xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx); ! static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, ! xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx); ! static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, ! xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx); ! static int ! xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx) { ! SECItem keyItem; ! SECItem ivItem; ! PK11SlotInfo* slot; ! PK11SymKey* symKey; ! int ivLen; ! SECStatus rv; ! int ret; ! ! xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->cipher != 0, -1); ! xmlSecAssert2(ctx->cipherCtx == NULL, -1); ! xmlSecAssert2(ctx->keyInitialized != 0, -1); ! xmlSecAssert2(ctx->ctxInitialized == 0, -1); ! xmlSecAssert2(in != NULL, -1); ! xmlSecAssert2(out != NULL, -1); ! xmlSecAssert2(transformCtx != NULL, -1); ! ! ivLen = PK11_GetIVLength(ctx->cipher); ! xmlSecAssert2(ivLen > 0, -1); ! xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); ! ! if(encrypt) { ! /* generate random iv */ ! rv = PK11_GenerateRandom(ctx->iv, ivLen); ! if(rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_GenerateRandom", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d", ivLen); ! return(-1); ! } ! ! /* write iv to the output */ ! ret = xmlSecBufferAppend(out, ctx->iv, ivLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferAppend", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", ivLen); ! return(-1); ! } ! ! } else { ! /* if we don't have enough data, exit and hope that ! * we'll have iv next time */ ! if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { ! return(0); ! } ! ! /* copy iv to our buffer*/ ! xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); ! memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); ! ! /* and remove from input */ ! ret = xmlSecBufferRemoveHead(in, ivLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferRemoveHead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", ivLen); ! return(-1); } ! } ! memset(&keyItem, 0, sizeof(keyItem)); ! keyItem.data = ctx->key; ! keyItem.len = ctx->keySize; ! memset(&ivItem, 0, sizeof(ivItem)); ! ivItem.data = ctx->iv; ! ivItem.len = ctx->ivSize; ! ! slot = PK11_GetBestSlot(ctx->cipher, NULL); ! if(slot == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_GetBestSlot", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, ! CKA_SIGN, &keyItem, NULL); ! if(symKey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_ImportSymKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! PK11_FreeSlot(slot); ! return(-1); ! } ! ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, ! (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, ! symKey, &ivItem); ! if(ctx->cipherCtx == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_CreateContextBySymKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! PK11_FreeSymKey(symKey); ! PK11_FreeSlot(slot); ! return(-1); } ! ! ctx->ctxInitialized = 1; ! PK11_FreeSymKey(symKey); ! PK11_FreeSlot(slot); ! return(0); } ! static int ! xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx) { ! xmlSecSize inSize, inBlocks, outSize; ! int blockLen; ! int outLen = 0; ! xmlSecByte* outBuf; ! SECStatus rv; ! int ret; ! ! xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->cipher != 0, -1); ! xmlSecAssert2(ctx->cipherCtx != NULL, -1); ! xmlSecAssert2(ctx->ctxInitialized != 0, -1); ! xmlSecAssert2(in != NULL, -1); ! xmlSecAssert2(out != NULL, -1); ! xmlSecAssert2(transformCtx != NULL, -1); ! blockLen = PK11_GetBlockSize(ctx->cipher, NULL); ! xmlSecAssert2(blockLen > 0, -1); ! inSize = xmlSecBufferGetSize(in); ! outSize = xmlSecBufferGetSize(out); ! ! if(inSize < (xmlSecSize)blockLen) { ! return(0); ! } ! if(encrypt) { ! inBlocks = inSize / ((xmlSecSize)blockLen); ! } else { ! /* we want to have the last block in the input buffer ! * for padding check */ ! inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); ! } ! inSize = inBlocks * ((xmlSecSize)blockLen); ! /* we write out the input size plus may be one block */ ! ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferSetMaxSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", outSize + inSize + blockLen); ! return(-1); ! } ! outBuf = xmlSecBufferGetData(out) + outSize; ! ! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, ! xmlSecBufferGetData(in), inSize); ! if(rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_CipherOp", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! xmlSecAssert2((xmlSecSize)outLen == inSize, -1); ! ! /* set correct output buffer size */ ! ret = xmlSecBufferSetSize(out, outSize + outLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferSetSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", outSize + outLen); ! return(-1); ! } ! ! /* remove the processed block from input */ ! ret = xmlSecBufferRemoveHead(in, inSize); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferRemoveHead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", inSize); ! return(-1); ! } ! return(0); } ! static int ! xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, ! xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx) { ! xmlSecSize inSize, outSize; ! int blockLen, outLen = 0; ! xmlSecByte* inBuf; ! xmlSecByte* outBuf; ! SECStatus rv; ! int ret; ! ! xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->cipher != 0, -1); ! xmlSecAssert2(ctx->cipherCtx != NULL, -1); ! xmlSecAssert2(ctx->ctxInitialized != 0, -1); ! xmlSecAssert2(in != NULL, -1); ! xmlSecAssert2(out != NULL, -1); ! xmlSecAssert2(transformCtx != NULL, -1); ! ! blockLen = PK11_GetBlockSize(ctx->cipher, NULL); ! xmlSecAssert2(blockLen > 0, -1); ! inSize = xmlSecBufferGetSize(in); ! outSize = xmlSecBufferGetSize(out); ! if(encrypt != 0) { ! xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); ! ! /* create padding */ ! ret = xmlSecBufferSetMaxSize(in, blockLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferSetMaxSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", blockLen); ! return(-1); ! } ! inBuf = xmlSecBufferGetData(in); ! ! /* generate random padding */ ! if((xmlSecSize)blockLen > (inSize + 1)) { ! rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); ! if(rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_GenerateRandom", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d", blockLen - inSize - 1); ! return(-1); ! } ! } ! inBuf[blockLen - 1] = blockLen - inSize; ! inSize = blockLen; ! } else { ! if(inSize != (xmlSecSize)blockLen) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "data=%d;block=%d", inSize, blockLen); ! return(-1); } - } - - /* process last block */ - ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + 2 * blockLen); - return(-1); - } - outBuf = xmlSecBufferGetData(out) + outSize; ! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, ! xmlSecBufferGetData(in), inSize); ! if(rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_CipherOp", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! xmlSecAssert2((xmlSecSize)outLen == inSize, -1); ! ! if(encrypt == 0) { ! /* check padding */ ! if(outLen < outBuf[blockLen - 1]) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "padding=%d;buffer=%d", ! outBuf[blockLen - 1], outLen); ! return(-1); ! } ! outLen -= outBuf[blockLen - 1]; ! } ! ! /* set correct output buffer size */ ! ret = xmlSecBufferSetSize(out, outSize + outLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferSetSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", outSize + outLen); ! return(-1); ! } ! /* remove the processed block from input */ ! ret = xmlSecBufferRemoveHead(in, inSize); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferRemoveHead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", inSize); ! return(-1); ! } ! return(0); } ! ! /****************************************************************************** ! * ! * EVP Block Cipher transforms * ! * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure * ! *****************************************************************************/ ! #define xmlSecNssBlockCipherSize \ ! (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) ! #define xmlSecNssBlockCipherGetCtx(transform) \ ! ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) ! ! static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); ! static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); ! static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, ! xmlSecKeyReqPtr keyReq); ! static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, ! xmlSecKeyPtr key); ! static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, ! int last, ! xmlSecTransformCtxPtr transformCtx); ! static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); ! ! ! static int ! xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { ! #ifndef XMLSEC_NO_DES ! if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { ! return(1); ! } ! #endif /* XMLSEC_NO_DES */ ! #ifndef XMLSEC_NO_AES ! if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || ! xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || ! xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { ! ! return(1); ! } ! #endif /* XMLSEC_NO_AES */ ! ! return(0); } ! static int ! xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { ! xmlSecNssBlockCipherCtxPtr ctx; ! ! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); ! ctx = xmlSecNssBlockCipherGetCtx(transform); ! xmlSecAssert2(ctx != NULL, -1); ! ! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); ! #ifndef XMLSEC_NO_DES ! if(transform->id == xmlSecNssTransformDes3CbcId) { ! ctx->cipher = CKM_DES3_CBC; ! ctx->keyId = xmlSecNssKeyDataDesId; ! ctx->keySize = 24; ! } else ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if(transform->id == xmlSecNssTransformAes128CbcId) { ! ctx->cipher = CKM_AES_CBC; ! ctx->keyId = xmlSecNssKeyDataAesId; ! ctx->keySize = 16; ! } else if(transform->id == xmlSecNssTransformAes192CbcId) { ! ctx->cipher = CKM_AES_CBC; ! ctx->keyId = xmlSecNssKeyDataAesId; ! ctx->keySize = 24; ! } else if(transform->id == xmlSecNssTransformAes256CbcId) { ! ctx->cipher = CKM_AES_CBC; ! ctx->keyId = xmlSecNssKeyDataAesId; ! ctx->keySize = 32; ! } else ! #endif /* XMLSEC_NO_AES */ ! ! if(1) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_INVALID_TRANSFORM, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! return(0); } ! static void ! xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { ! xmlSecNssBlockCipherCtxPtr ctx; ! ! xmlSecAssert(xmlSecNssBlockCipherCheckId(transform)); ! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize)); ! ctx = xmlSecNssBlockCipherGetCtx(transform); ! xmlSecAssert(ctx != NULL); ! if(ctx->cipherCtx != NULL) { ! PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); ! } ! ! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); } ! static int ! xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { ! xmlSecNssBlockCipherCtxPtr ctx; ! ! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); ! xmlSecAssert2(keyReq != NULL, -1); ! ! ctx = xmlSecNssBlockCipherGetCtx(transform); ! xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->keyId != NULL, -1); ! ! keyReq->keyId = ctx->keyId; ! keyReq->keyType = xmlSecKeyDataTypeSymmetric; ! if(transform->operation == xmlSecTransformOperationEncrypt) { ! keyReq->keyUsage = xmlSecKeyUsageEncrypt; ! } else { ! keyReq->keyUsage = xmlSecKeyUsageDecrypt; ! } ! keyReq->keyBitsSize = 8 * ctx->keySize; ! return(0); ! } ! static int ! xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ! xmlSecNssBlockCipherCtxPtr ctx; ! xmlSecBufferPtr buffer; ! ! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); ! xmlSecAssert2(key != NULL, -1); ! ! ctx = xmlSecNssBlockCipherGetCtx(transform); ! xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->cipher != 0, -1); ! xmlSecAssert2(ctx->keyInitialized == 0, -1); ! xmlSecAssert2(ctx->keyId != NULL, -1); ! xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); ! ! xmlSecAssert2(ctx->keySize > 0, -1); ! xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); ! ! buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); ! xmlSecAssert2(buffer != NULL, -1); ! ! if(xmlSecBufferGetSize(buffer) < ctx->keySize) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, ! "keySize=%d;expected=%d", ! xmlSecBufferGetSize(buffer), ctx->keySize); ! return(-1); ! } ! ! xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); ! memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); ! ! ctx->keyInitialized = 1; ! return(0); } static int ! xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { ! xmlSecNssBlockCipherCtxPtr ctx; ! xmlSecBufferPtr in, out; ! int ret; ! ! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); ! xmlSecAssert2(transformCtx != NULL, -1); ! ! in = &(transform->inBuf); ! out = &(transform->outBuf); ! ! ctx = xmlSecNssBlockCipherGetCtx(transform); ! xmlSecAssert2(ctx != NULL, -1); ! if(transform->status == xmlSecTransformStatusNone) { ! transform->status = xmlSecTransformStatusWorking; ! } ! ! if(transform->status == xmlSecTransformStatusWorking) { ! if(ctx->ctxInitialized == 0) { ! ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, ! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, ! xmlSecTransformGetName(transform), transformCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! "xmlSecNssBlockCipherCtxInit", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } ! if((ctx->ctxInitialized == 0) && (last != 0)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "not enough data to initialize transform"); ! return(-1); ! } ! ! if(ctx->ctxInitialized != 0) { ! ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, ! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, ! xmlSecTransformGetName(transform), transformCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! "xmlSecNssBlockCipherCtxUpdate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } ! ! if(last) { ! ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, ! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, ! xmlSecTransformGetName(transform), transformCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! "xmlSecNssBlockCipherCtxFinal", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! transform->status = xmlSecTransformStatusFinished; ! } ! } else if(transform->status == xmlSecTransformStatusFinished) { ! /* the only way we can get here is if there is no input */ ! xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); ! } else if(transform->status == xmlSecTransformStatusNone) { ! /* the only way we can get here is if there is no enough data in the input */ ! xmlSecAssert2(last == 0, -1); ! } else { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_INVALID_STATUS, ! "status=%d", transform->status); ! return(-1); ! } ! ! return(0); } ! #ifndef XMLSEC_NO_AES ! /********************************************************************* * ! * AES CBC cipher transforms * ! ********************************************************************/ static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ ! ! xmlSecNameAes128Cbc, /* const xmlChar* name; */ ! xmlSecHrefAes128Cbc, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; /** ! * xmlSecNssTransformAes128CbcGetKlass: ! * ! * AES 128 CBC encryption transform klass. ! * ! * Returns pointer to AES 128 CBC encryption transform. ! */ ! xmlSecTransformId ! xmlSecNssTransformAes128CbcGetKlass(void) { ! return(&xmlSecNssAes128CbcKlass); } - static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ - - xmlSecNameAes192Cbc, /* const xmlChar* name; */ - xmlSecHrefAes192Cbc, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ - }; - /** ! * xmlSecNssTransformAes192CbcGetKlass: ! * ! * AES 192 CBC encryption transform klass. ! * ! * Returns pointer to AES 192 CBC encryption transform. ! */ ! xmlSecTransformId ! xmlSecNssTransformAes192CbcGetKlass(void) { ! return(&xmlSecNssAes192CbcKlass); } - static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ - - xmlSecNameAes256Cbc, /* const xmlChar* name; */ - xmlSecHrefAes256Cbc, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ - }; - /** ! * xmlSecNssTransformAes256CbcGetKlass: ! * ! * AES 256 CBC encryption transform klass. ! * ! * Returns pointer to AES 256 CBC encryption transform. ! */ ! xmlSecTransformId ! xmlSecNssTransformAes256CbcGetKlass(void) { ! return(&xmlSecNssAes256CbcKlass); } ! #endif /* XMLSEC_NO_AES */ ! ! #ifndef XMLSEC_NO_DES ! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ ! ! xmlSecNameDes3Cbc, /* const xmlChar* name; */ ! xmlSecHrefDes3Cbc, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! /** ! * xmlSecNssTransformDes3CbcGetKlass: * ! * Triple DES CBC encryption transform klass. ! * ! * Returns pointer to Triple DES encryption transform. */ ! xmlSecTransformId ! xmlSecNssTransformDes3CbcGetKlass(void) { ! return(&xmlSecNssDes3CbcKlass); } ! #endif /* XMLSEC_NO_DES */ --- 1,967 ---- ! /* -- C Source File -- **/ #include "globals.h" + #include #include #include #include #include + #include + #include #include + #include #include #include #include + #include ! /** ! * Internal Nss Block Cipher Context * ! * This context is designed for repositing a block cipher for transform ! */ ! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; ! typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; ! struct _xmlSecNssBlockCipherCtx { ! CK_MECHANISM_TYPE cipher ; ! PK11SymKey* symkey ; ! PK11Context* cipherCtx ; ! xmlSecKeyDataId keyId ; ! } ; ! ! #define xmlSecNssBlockCipherSize \ ! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) ! ! #define xmlSecNssBlockCipherGetCtx( transform ) \ ! ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ! ! static int ! xmlSecNssBlockCipherCheckId( ! xmlSecTransformPtr transform ! ) { ! #ifndef XMLSEC_NO_DES ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) { ! return 1 ; } ! #endif /* XMLSEC_NO_DES */ ! #ifndef XMLSEC_NO_AES ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) || ! xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) || ! xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) { ! return 1 ; } ! #endif /* XMLSEC_NO_AES */ ! ! return 0 ; } ! static int ! xmlSecNssBlockCipherFetchCtx( ! xmlSecNssBlockCipherCtxPtr context , ! xmlSecTransformId id ! ) { ! xmlSecAssert2( context != NULL, -1 ) ; ! ! #ifndef XMLSEC_NO_DES ! if( id == xmlSecNssTransformDes3CbcId ) { ! context->cipher = CKM_DES3_CBC ; ! context->keyId = xmlSecNssKeyDataDesId ; ! } else ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if( id == xmlSecNssTransformAes128CbcId ) { ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! if( id == xmlSecNssTransformAes192CbcId ) { ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! if( id == xmlSecNssTransformAes256CbcId ) { ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! #endif /* XMLSEC_NO_AES */ ! ! if( 1 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! return 0 ; ! } ! /** ! * xmlSecTransformInitializeMethod: ! * @transform: the pointer to transform object. ! * ! * The transform specific initialization method. ! * ! * Returns 0 on success or a negative value otherwise. ! */ ! static int ! xmlSecNssBlockCipherInitialize( ! xmlSecTransformPtr transform ! ) { ! xmlSecNssBlockCipherCtxPtr context = NULL ; ! ! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ! ! context = xmlSecNssBlockCipherGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherFetchCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! context->symkey = NULL ; ! context->cipherCtx = NULL ; ! return 0 ; } ! /** ! * xmlSecTransformFinalizeMethod: ! * @transform: the pointer to transform object. ! * ! * The transform specific destroy method. ! */ ! static void ! xmlSecNssBlockCipherFinalize( ! xmlSecTransformPtr transform ! ) { ! xmlSecNssBlockCipherCtxPtr context = NULL ; ! xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ; ! xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ; ! context = xmlSecNssBlockCipherGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return ; } ! if( context->cipherCtx != NULL ) { ! PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ; ! context->cipherCtx = NULL ; ! } ! if( context->symkey != NULL ) { ! PK11_FreeSymKey( context->symkey ) ; ! context->symkey = NULL ; ! } ! context->cipher = CKM_INVALID_MECHANISM ; ! context->keyId = NULL ; } ! /** ! * xmlSecTransformSetKeyRequirementsMethod: ! * @transform: the pointer to transform object. ! * @keyReq: the pointer to key requirements structure. * ! * Transform specific method to set transform's key requirements. * ! * Returns 0 on success or a negative value otherwise. ! */ ! static int ! xmlSecNssBlockCipherSetKeyReq( ! xmlSecTransformPtr transform , ! xmlSecKeyReqPtr keyReq ! ) { ! xmlSecNssBlockCipherCtxPtr context = NULL ; ! xmlSecSize cipherSize = 0 ; ! ! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ! xmlSecAssert2( keyReq != NULL , -1 ) ; ! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ! ! context = xmlSecNssBlockCipherGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! keyReq->keyId = context->keyId ; ! keyReq->keyType = xmlSecKeyDataTypeSymmetric ; ! ! if( transform->operation == xmlSecTransformOperationEncrypt ) { ! keyReq->keyUsage = xmlSecKeyUsageEncrypt ; ! } else { ! keyReq->keyUsage = xmlSecKeyUsageDecrypt ; ! } ! ! /* ! if( context->symkey != NULL ) ! cipherSize = PK11_GetKeyLength( context->symkey ) ; ! keyReq->keyBitsSize = cipherSize * 8 ; ! */ ! return 0 ; } ! /** ! * xmlSecTransformSetKeyMethod: ! * @transform: the pointer to transform object. ! * @key: the pointer to key. ! * ! * The transform specific method to set the key for use. ! * ! * Returns 0 on success or a negative value otherwise. ! */ ! static int ! xmlSecNssBlockCipherSetKey( ! xmlSecTransformPtr transform , ! xmlSecKeyPtr key ! ) { ! xmlSecNssBlockCipherCtxPtr context = NULL ; ! xmlSecKeyDataPtr keyData = NULL ; ! PK11SymKey* symkey = NULL ; ! CK_ATTRIBUTE_TYPE operation ; ! int ivLen ; ! ! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ! xmlSecAssert2( key != NULL , -1 ) ; ! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ! ! context = xmlSecNssBlockCipherGetCtx( transform ) ; ! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ! ! keyData = xmlSecKeyGetValue( key ) ; ! if( keyData == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ! "xmlSecKeyGetValue" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ! "xmlSecNssSymKeyDataGetKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! context->symkey = symkey ; ! return 0 ; } ! /** ! * Block cipher transform init ! */ ! static int ! xmlSecNssBlockCipherCtxInit( ! xmlSecNssBlockCipherCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! const xmlChar* cipherName , ! xmlSecTransformCtxPtr transformCtx ! ) { ! SECItem ivItem ; ! SECItem* secParam = NULL ; ! xmlSecBufferPtr ivBuf = NULL ; ! int ivLen ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! ivLen = PK11_GetIVLength( ctx->cipher ) ; ! if( ivLen < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetIVLength" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( encrypt ) { ! if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_GenerateRandom" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! ! if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! } else { ! if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetData" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! ! if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! } ! ! ivItem.data = xmlSecBufferGetData( ivBuf ) ; ! ivItem.len = xmlSecBufferGetSize( ivBuf ) ; ! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_ParamFromIV" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! ! ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; ! if( ctx->cipherCtx == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! SECITEM_FreeItem( secParam , PR_TRUE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! SECITEM_FreeItem( secParam , PR_TRUE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return 0 ; } ! /** ! * Block cipher transform update ! */ ! static int ! xmlSecNssBlockCipherCtxUpdate( ! xmlSecNssBlockCipherCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! const xmlChar* cipherName , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecSize inSize ; ! xmlSecSize outSize ; ! xmlSecSize inBlocks ; ! int blockSize ; ! int outLen ; ! xmlSecByte* outBuf ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! inSize = xmlSecBufferGetSize( in ) ; ! outSize = xmlSecBufferGetSize( out ) ; ! ! inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; ! inSize = inBlocks * blockSize ; ! ! if( inSize < blockSize ) { ! return 0 ; ! } ! ! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetMaxSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! outBuf = xmlSecBufferGetData( out ) + outSize ; ! ! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_CipherOp" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! return 0 ; } + /** + * Block cipher transform final + */ static int ! xmlSecNssBlockCipherCtxFinal( ! xmlSecNssBlockCipherCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! const xmlChar* cipherName , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecSize inSize ; ! xmlSecSize outSize ; ! int blockSize ; ! int outLen ; ! xmlSecByte* inBuf ; ! xmlSecByte* outBuf ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! inSize = xmlSecBufferGetSize( in ) ; ! outSize = xmlSecBufferGetSize( out ) ; ! ! /******************************************************************/ ! if( encrypt != 0 ) { ! xmlSecAssert2( inSize < blockSize, -1 ) ; ! ! /* create padding */ ! if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetMaxSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! inBuf = xmlSecBufferGetData( in ) ; ! ! /* generate random */ ! if( blockSize > ( inSize + 1 ) ) { ! if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_GenerateRandom" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! inBuf[blockSize-1] = blockSize - inSize ; ! inSize = blockSize ; ! } else { ! if( inSize != blockSize ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! /* process the last block */ ! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetMaxSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! outBuf = xmlSecBufferGetData( out ) + outSize ; ! ! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_CipherOp" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( encrypt == 0 ) { ! /* check padding */ ! if( outLen < outBuf[blockSize-1] ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! outLen -= outBuf[blockSize-1] ; ! } ! /******************************************************************/ ! ! /****************************************************************** ! if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetMaxSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! outBuf = xmlSecBufferGetData( out ) + outSize ; ! ! if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_DigestFinal" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ******************************************************************/ ! ! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! /* PK11_Finalize( ctx->cipherCtx ) ;*/ ! PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ; ! ctx->cipherCtx = NULL ; ! return 0 ; } ! ! /** ! * xmlSecTransformExecuteMethod: ! * @transform: the pointer to transform object. ! * @last: the flag: if set to 1 then it's the last data chunk. ! * @transformCtx: the pointer to transform context object. * ! * Transform specific method to process a chunk of data. * ! * Returns 0 on success or a negative value otherwise. ! */ ! static int ! xmlSecNssBlockCipherExecute( ! xmlSecTransformPtr transform , ! int last , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecNssBlockCipherCtxPtr context = NULL ; ! xmlSecBufferPtr inBuf = NULL ; ! xmlSecBufferPtr outBuf = NULL ; ! const xmlChar* cipherName ; ! int operation ; ! int rtv ; ! ! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! context = xmlSecNssBlockCipherGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! inBuf = &( transform->inBuf ) ; ! outBuf = &( transform->outBuf ) ; ! ! if( transform->status == xmlSecTransformStatusNone ) { ! transform->status = xmlSecTransformStatusWorking ; ! } ! ! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ! cipherName = xmlSecTransformGetName( transform ) ; ! ! if( transform->status == xmlSecTransformStatusWorking ) { ! if( context->cipherCtx == NULL ) { ! rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherCtxInit" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! if( context->cipherCtx == NULL && last != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "No enough data to intialize transform" ) ; ! return -1 ; ! } ! ! if( context->cipherCtx != NULL ) { ! rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherCtxUpdate" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! if( last ) { ! rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherCtxFinal" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! transform->status = xmlSecTransformStatusFinished ; ! } ! } else if( transform->status == xmlSecTransformStatusFinished ) { ! if( xmlSecBufferGetSize( inBuf ) != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return -1 ; ! } ! } else { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return -1 ; ! } ! ! return 0 ; ! } ! ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecTransformKlass xmlSecNssAes128CbcKlass = { ! #else static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { ! #endif ! sizeof( xmlSecTransformKlass ) , ! xmlSecNssBlockCipherSize , ! ! xmlSecNameAes128Cbc , ! xmlSecHrefAes128Cbc , ! xmlSecTransformUsageEncryptionMethod , ! ! xmlSecNssBlockCipherInitialize , ! xmlSecNssBlockCipherFinalize , ! NULL , ! NULL , ! ! xmlSecNssBlockCipherSetKeyReq , ! xmlSecNssBlockCipherSetKey , ! NULL , ! xmlSecTransformDefaultGetDataType , ! ! xmlSecTransformDefaultPushBin , ! xmlSecTransformDefaultPopBin , ! NULL , ! NULL , ! xmlSecNssBlockCipherExecute , ! ! NULL , ! NULL ! } ; ! ! ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecTransformKlass xmlSecNssAes192CbcKlass = { ! #else ! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { ! #endif ! sizeof( xmlSecTransformKlass ) , ! xmlSecNssBlockCipherSize , ! ! xmlSecNameAes192Cbc , ! xmlSecHrefAes192Cbc , ! xmlSecTransformUsageEncryptionMethod , ! ! xmlSecNssBlockCipherInitialize , ! xmlSecNssBlockCipherFinalize , ! NULL , ! NULL , ! ! xmlSecNssBlockCipherSetKeyReq , ! xmlSecNssBlockCipherSetKey , ! NULL , ! xmlSecTransformDefaultGetDataType , ! ! xmlSecTransformDefaultPushBin , ! xmlSecTransformDefaultPopBin , ! NULL , ! NULL , ! xmlSecNssBlockCipherExecute , ! ! NULL , ! NULL ! } ; ! ! ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecTransformKlass xmlSecNssAes256CbcKlass = { ! #else ! static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { ! #endif ! sizeof( xmlSecTransformKlass ) , ! xmlSecNssBlockCipherSize , ! ! xmlSecNameAes256Cbc , ! xmlSecHrefAes256Cbc , ! xmlSecTransformUsageEncryptionMethod , ! ! xmlSecNssBlockCipherInitialize , ! xmlSecNssBlockCipherFinalize , ! NULL , ! NULL , ! ! xmlSecNssBlockCipherSetKeyReq , ! xmlSecNssBlockCipherSetKey , ! NULL , ! xmlSecTransformDefaultGetDataType , ! ! xmlSecTransformDefaultPushBin , ! xmlSecTransformDefaultPopBin , ! NULL , ! NULL , ! xmlSecNssBlockCipherExecute , ! ! NULL , ! NULL ! } ; ! ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecTransformKlass xmlSecNssDes3CbcKlass = { ! #else ! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { ! #endif ! sizeof( xmlSecTransformKlass ) , ! xmlSecNssBlockCipherSize , ! ! xmlSecNameDes3Cbc , ! xmlSecHrefDes3Cbc , ! xmlSecTransformUsageEncryptionMethod , ! ! xmlSecNssBlockCipherInitialize , ! xmlSecNssBlockCipherFinalize , ! NULL , ! NULL , ! ! xmlSecNssBlockCipherSetKeyReq , ! xmlSecNssBlockCipherSetKey , ! NULL , ! xmlSecTransformDefaultGetDataType , ! ! xmlSecTransformDefaultPushBin , ! xmlSecTransformDefaultPopBin , ! NULL , ! NULL , ! xmlSecNssBlockCipherExecute , ! ! NULL , ! NULL ! } ; /** ! * xmlSecNssTransformAes128CbcGetKlass ! * ! * Get the AES128_CBC transform klass ! * ! * Return AES128_CBC transform klass ! */ ! xmlSecTransformId ! xmlSecNssTransformAes128CbcGetKlass( void ) { ! return ( &xmlSecNssAes128CbcKlass ) ; } /** ! * xmlSecNssTransformAes192CbcGetKlass ! * ! * Get the AES192_CBC transform klass ! * ! * Return AES192_CBC transform klass ! */ ! xmlSecTransformId ! xmlSecNssTransformAes192CbcGetKlass( void ) { ! return ( &xmlSecNssAes192CbcKlass ) ; } /** ! * xmlSecNssTransformAes256CbcGetKlass ! * ! * Get the AES256_CBC transform klass ! * ! * Return AES256_CBC transform klass ! */ ! xmlSecTransformId ! xmlSecNssTransformAes256CbcGetKlass( void ) { ! return ( &xmlSecNssAes256CbcKlass ) ; } ! /** ! * xmlSecNssTransformDes3CbcGetKlass * ! * Get the DES3_CBC transform klass ! * ! * Return DES3_CBC transform klass */ ! xmlSecTransformId ! xmlSecNssTransformDes3CbcGetKlass( void ) { ! return ( &xmlSecNssDes3CbcKlass ) ; } ! *** misc/xmlsec1-1.2.6/src/nss/crypto.c Wed Oct 29 16:57:25 2003 --- misc/build/xmlsec1-1.2.6/src/nss/crypto.c Fri May 11 14:47:20 2007 *************** *** 130,135 **** --- 130,136 ---- /** * High level routines form xmlsec command line utility */ + /* gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit; gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown; gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit; *************** *** 143,152 **** gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; ! #endif /* XMLSEC_NO_X509 */ gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; return(gXmlSecNssFunctions); } --- 144,172 ---- gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; ! #endif gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; + */ + + gXmlSecNssFunctions->cryptoAppInit = NULL ; + gXmlSecNssFunctions->cryptoAppShutdown = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ; + #ifndef XMLSEC_NO_X509 + gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ; + gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ; + gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ; + gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ; + gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ; + gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ; + #endif /* XMLSEC_NO_X509 */ + gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ; + gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ; return(gXmlSecNssFunctions); } *** misc/xmlsec1-1.2.6/src/nss/digests.c Fri Sep 26 02:58:15 2003 --- misc/build/xmlsec1-1.2.6/src/nss/digests.c Fri May 11 14:47:20 2007 *************** *** 21,27 **** #include #include - #include #include #define XMLSEC_NSS_MAX_DIGEST_SIZE 32 --- 21,26 ---- *************** *** 107,113 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SECOID_FindOIDByTag", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 106,112 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SECOID_FindOIDByTag", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 117,123 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateDigestContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 116,122 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateDigestContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 208,214 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } transform->status = xmlSecTransformStatusWorking; --- 207,213 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } transform->status = xmlSecTransformStatusWorking; *************** *** 225,231 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 224,230 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 246,252 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } xmlSecAssert2(ctx->dgstSize > 0, -1); --- 245,251 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } xmlSecAssert2(ctx->dgstSize > 0, -1); *************** *** 285,291 **** --- 284,294 ---- * SHA1 Digest transforms * *****************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecNssSha1Klass = { + #else static xmlSecTransformKlass xmlSecNssSha1Klass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssDigestSize, /* xmlSecSize objSize */ *** misc/xmlsec1-1.2.6/src/nss/hmac.c Fri Sep 26 02:58:15 2003 --- misc/build/xmlsec1-1.2.6/src/nss/hmac.c Fri May 11 14:47:20 2007 *************** *** 23,30 **** #include #include - #include #include #define XMLSEC_NSS_MAX_HMAC_SIZE 128 --- 23,30 ---- #include #include #include + #include #define XMLSEC_NSS_MAX_HMAC_SIZE 128 *************** *** 241,253 **** keyItem.data = xmlSecBufferGetData(buffer); keyItem.len = xmlSecBufferGetSize(buffer); ! slot = PK11_GetBestSlot(ctx->digestType, NULL); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! "PK11_GetBestSlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 241,253 ---- keyItem.data = xmlSecBufferGetData(buffer); keyItem.len = xmlSecBufferGetSize(buffer); ! slot = xmlSecNssSlotGet(ctx->digestType); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! "xmlSecNssSlotGet", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 258,264 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_ImportSymKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); PK11_FreeSlot(slot); return(-1); } --- 258,264 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_ImportSymKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); PK11_FreeSlot(slot); return(-1); } *************** *** 269,275 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateContextBySymKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); PK11_FreeSymKey(symKey); PK11_FreeSlot(slot); return(-1); --- 269,275 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateContextBySymKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); PK11_FreeSymKey(symKey); PK11_FreeSlot(slot); return(-1); *************** *** 368,374 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } transform->status = xmlSecTransformStatusWorking; --- 368,374 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } transform->status = xmlSecTransformStatusWorking; *************** *** 385,391 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 385,391 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 408,414 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } xmlSecAssert2(dgstSize > 0, -1); --- 408,414 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } xmlSecAssert2(dgstSize > 0, -1); *************** *** 459,465 **** --- 459,469 ---- /** * HMAC SHA1 */ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecNssHmacSha1Klass = { + #else static xmlSecTransformKlass xmlSecNssHmacSha1Klass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssHmacSize, /* xmlSecSize objSize */ *************** *** 501,507 **** --- 505,515 ---- /** * HMAC Ripemd160 */ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { + #else static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssHmacSize, /* xmlSecSize objSize */ *************** *** 543,549 **** --- 551,561 ---- /** * HMAC Md5 */ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecNssHmacMd5Klass = { + #else static xmlSecTransformKlass xmlSecNssHmacMd5Klass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssHmacSize, /* xmlSecSize objSize */ *** misc/xmlsec1-1.2.6/src/nss/keysstore.c Fri Sep 26 02:58:15 2003 --- misc/build/xmlsec1-1.2.6/src/nss/keysstore.c Fri May 11 14:47:20 2007 *************** *** 1,119 **** /** * XMLSec library * - * Nss keys store that uses Simple Keys Store under the hood. Uses the - * Nss DB as a backing store for the finding keys, but the NSS DB is - * not written to by the keys store. - * So, if store->findkey is done and the key is not found in the simple - * keys store, the NSS DB is looked up. - * If store is called to adopt a key, that key is not written to the NSS - * DB. - * Thus, the NSS DB can be used to pre-load keys and becomes an alternate - * source of keys for xmlsec - * * This is free software; see Copyright file in the source * distribution for precise wording. * ! * Copyright (c) 2003 America Online, Inc. All rights reserved. */ - #include "globals.h" ! #include #include ! #include ! #include ! #include ! #include - #include #include ! #include ! #include ! #include ! #include ! #include #include #include ! #include #include ! /**************************************************************************** * ! * Nss Keys Store. Uses Simple Keys Store under the hood ! * ! * Simple Keys Store ptr is located after xmlSecKeyStore * ! ***************************************************************************/ ! #define xmlSecNssKeysStoreSize \ ! (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) ! ! #define xmlSecNssKeysStoreGetSS(store) \ ! ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ ! (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ ! (xmlSecKeyStorePtr*)NULL) ! ! static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); ! static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); ! static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, ! const xmlChar* name, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { ! sizeof(xmlSecKeyStoreKlass), ! xmlSecNssKeysStoreSize, ! /* data */ ! BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ ! ! /* constructors/destructor */ ! xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ ! xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ ! xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ ! ! /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! /** ! * xmlSecNssKeysStoreGetKlass: ! * ! * The Nss list based keys store klass. * ! * Returns Nss list based keys store klass. */ ! xmlSecKeyStoreId ! xmlSecNssKeysStoreGetKlass(void) { ! return(&xmlSecNssKeysStoreKlass); } ! /** ! * xmlSecNssKeysStoreAdoptKey: ! * @store: the pointer to Nss keys store. ! * @key: the pointer to key. ! * ! * Adds @key to the @store. * ! * Returns 0 on success or a negative value if an error occurs. */ ! int ! xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { ! xmlSecKeyStorePtr *ss; ! ! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); ! xmlSecAssert2((key != NULL), -1); ! ss = xmlSecNssKeysStoreGetSS(store); ! xmlSecAssert2(((ss != NULL) && (*ss != NULL) && ! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); ! return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); } /** * xmlSecNssKeysStoreLoad: * @store: the pointer to Nss keys store. --- 1,522 ---- /** * XMLSec library * * This is free software; see Copyright file in the source * distribution for precise wording. * ! * Copyright................................ */ ! /** ! * NSS key store uses a key list and a slot list as the key repository. NSS slot ! * list is a backup repository for the finding keys. If a key is not found from ! * the key list, the NSS slot list is looked up. ! * ! * Any key in the key list will not save to pkcs11 slot. When a store to called ! * to adopt a key, the key is resident in the key list; While a store to called ! * to set a is resident in the key list; While a store to called to set a slot ! * list, which means that the keys in the listed slot can be used for xml sign- ! * nature or encryption. ! * ! * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. ! * ! * The framework will decrease the user interfaces to administrate xmlSec crypto ! * engine. He can only focus on NSS layer functions. For examples, after the ! * user set up a slot list handler to the keys store, he do not need to do any ! * other work atop xmlSec interfaces, his action on the slot list handler, such ! * as add a token to, delete a token from the list, will directly effect the key ! * store behaviors. ! * ! * For example, a scenariio: ! * 0. Create a slot list;( NSS interfaces ) ! * 1. Create a keys store;( xmlSec interfaces ) ! * 2. Set slot list with the keys store;( xmlSec Interfaces ) ! * 3. Add a slot to the slot list;( NSS interfaces ) ! * 4. Perform xml signature; ( xmlSec Interfaces ) ! * 5. Deleter a slot from the slot list;( NSS interfaces ) ! * 6. Perform xml encryption; ( xmlSec Interfaces ) ! * 7. Perform xml signature;( xmlSec Interfaces ) ! * 8. Destroy the keys store;( xmlSec Interfaces ) ! * 8. Destroy the slot list.( NSS Interfaces ) ! */ ! ! #include "globals.h" #include ! #include ! #include ! #include ! #include #include ! #include #include + #include + #include + #include #include #include ! #include ! #include #include ! /** ! * Internal NSS key store context * ! * This context is located after xmlSecKeyStore ! */ ! typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; ! typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; ! ! struct _xmlSecNssKeysStoreCtx { ! xmlSecPtrListPtr keyList ; ! xmlSecPtrListPtr slotList ; ! } ; ! ! #define xmlSecNssKeysStoreSize \ ! ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) ! ! #define xmlSecNssKeysStoreGetCtx( data ) \ ! ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) ! ! int xmlSecNssKeysStoreAdoptKeySlot( ! xmlSecKeyStorePtr store , ! xmlSecNssKeySlotPtr keySlot ! ) { ! xmlSecNssKeysStoreCtxPtr context = NULL ; ! ! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecNssKeysStoreGetCtx" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( context->slotList == NULL ) { ! if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListCheckId" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListAdd" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! return 0 ; ! } ! ! int xmlSecNssKeysStoreAdoptKey( ! xmlSecKeyStorePtr store , ! xmlSecKeyPtr key ! ) { ! xmlSecNssKeysStoreCtxPtr context = NULL ; ! ! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecNssKeysStoreGetCtx" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( context->keyList == NULL ) { ! if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListCheckId" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListAdd" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! return 0 ; ! } ! ! /** ! * xmlSecKeyStoreInitializeMethod: ! * @store: the store. * ! * Keys store specific initialization method. ! * ! * Returns 0 on success or a negative value if an error occurs. ! */ ! static int ! xmlSecNssKeysStoreInitialize( ! xmlSecKeyStorePtr store ! ) { ! xmlSecNssKeysStoreCtxPtr context = NULL ; ! ! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecNssKeysStoreGetCtx" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! context->keyList = NULL ; ! context->slotList = NULL ; ! return 0 ; ! } ! /** ! * xmlSecKeyStoreFinalizeMethod: ! * @store: the store. * ! * Keys store specific finalization (destroy) method. */ ! void ! xmlSecNssKeysStoreFinalize( ! xmlSecKeyStorePtr store ! ) { ! xmlSecNssKeysStoreCtxPtr context = NULL ; ! ! xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; ! xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecNssKeysStoreGetCtx" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return ; ! } ! ! if( context->keyList != NULL ) { ! xmlSecPtrListDestroy( context->keyList ) ; ! context->keyList = NULL ; ! } ! ! if( context->slotList != NULL ) { ! xmlSecPtrListDestroy( context->slotList ) ; ! context->slotList = NULL ; ! } } ! xmlSecKeyPtr ! xmlSecNssKeysStoreFindKeyFromSlot( ! PK11SlotInfo* slot, ! const xmlChar* name, ! xmlSecKeyInfoCtxPtr keyInfoCtx ! ) { ! xmlSecKeyPtr key = NULL ; ! xmlSecKeyDataPtr data = NULL ; ! int length ; ! ! xmlSecAssert2( slot != NULL , NULL ) ; ! xmlSecAssert2( name != NULL , NULL ) ; ! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; ! ! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { ! PK11SymKey* symKey ; ! PK11SymKey* curKey ; ! ! /* Find symmetric key from the slot by name */ ! symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; ! for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { ! /* Check the key request */ ! length = PK11_GetKeyLength( curKey ) ; ! length *= 8 ; ! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ! ( length > 0 ) && ! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ! continue ; ! ! /* We find a eligible key */ ! data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; ! if( data == NULL ) { ! /* Do nothing */ ! } ! break ; ! } ! ! /* Destroy the sym key list */ ! for( curKey = symKey ; curKey != NULL ; ) { ! symKey = curKey ; ! curKey = PK11_GetNextSymKey( symKey ) ; ! PK11_FreeSymKey( symKey ) ; ! } ! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { ! SECKEYPublicKeyList* pubKeyList ; ! SECKEYPublicKey* pubKey ; ! SECKEYPublicKeyListNode* curPub ; ! ! /* Find asymmetric key from the slot by name */ ! pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; ! pubKey = NULL ; ! curPub = PUBKEY_LIST_HEAD(pubKeyList); ! for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { ! /* Check the key request */ ! length = SECKEY_PublicKeyStrength( curPub->key ) ; ! length *= 8 ; ! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ! ( length > 0 ) && ! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ! continue ; ! ! /* We find a eligible key */ ! pubKey = curPub->key ; ! break ; ! } ! ! if( pubKey != NULL ) { ! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; ! if( data == NULL ) { ! /* Do nothing */ ! } ! } ! ! /* Destroy the public key list */ ! SECKEY_DestroyPublicKeyList( pubKeyList ) ; ! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ! SECKEYPrivateKeyList* priKeyList = NULL ; ! SECKEYPrivateKey* priKey = NULL ; ! SECKEYPrivateKeyListNode* curPri ; ! ! /* Find asymmetric key from the slot by name */ ! priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; ! priKey = NULL ; ! curPri = PRIVKEY_LIST_HEAD(priKeyList); ! for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { ! /* Check the key request */ ! length = PK11_SignatureLen( curPri->key ) ; ! length *= 8 ; ! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ! ( length > 0 ) && ! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ! continue ; ! ! /* We find a eligible key */ ! priKey = curPri->key ; ! break ; ! } ! ! if( priKey != NULL ) { ! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; ! if( data == NULL ) { ! /* Do nothing */ ! } ! } ! ! /* Destroy the private key list */ ! SECKEY_DestroyPrivateKeyList( priKeyList ) ; ! } ! ! /* If we have gotten the key value */ ! if( data != NULL ) { ! if( ( key = xmlSecKeyCreate() ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeyCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyDataDestroy( data ) ; ! return NULL ; ! } ! ! if( xmlSecKeySetValue( key , data ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeySetValue" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyDestroy( key ) ; ! xmlSecKeyDataDestroy( data ) ; ! return NULL ; ! } ! } ! ! return(key); ! } ! ! /** ! * xmlSecKeyStoreFindKeyMethod: ! * @store: the store. ! * @name: the desired key name. ! * @keyInfoCtx: the pointer to key info context. * ! * Keys store specific find method. The caller is responsible for destroying ! * the returned key using #xmlSecKeyDestroy method. ! * ! * Returns the pointer to a key or NULL if key is not found or an error occurs. */ ! static xmlSecKeyPtr ! xmlSecNssKeysStoreFindKey( ! xmlSecKeyStorePtr store , ! const xmlChar* name , ! xmlSecKeyInfoCtxPtr keyInfoCtx ! ) { ! xmlSecNssKeysStoreCtxPtr context = NULL ; ! xmlSecKeyPtr key = NULL ; ! xmlSecNssKeySlotPtr keySlot = NULL ; ! xmlSecSize pos ; ! xmlSecSize size ; ! ! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; ! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; ! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecNssKeysStoreGetCtx" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return NULL ; ! } ! ! /*- ! * Look for key at keyList at first. ! */ ! if( context->keyList != NULL ) { ! size = xmlSecPtrListGetSize( context->keyList ) ; ! for( pos = 0 ; pos < size ; pos ++ ) { ! key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; ! if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { ! return xmlSecKeyDuplicate( key ) ; ! } ! } ! } ! ! /*- ! * Find the key from slotList ! */ ! if( context->slotList != NULL ) { ! PK11SlotInfo* slot = NULL ; ! ! size = xmlSecPtrListGetSize( context->slotList ) ; ! for( pos = 0 ; pos < size ; pos ++ ) { ! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; ! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ! if( slot == NULL ) { ! continue ; ! } else { ! key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; ! if( key == NULL ) { ! continue ; ! } else { ! return( key ) ; ! } ! } ! } ! } ! ! /*- ! * Create a session key if we can not find the key from keyList and slotList ! */ ! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { ! key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; ! if( key == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecKeySetValue" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return NULL ; ! } ! ! return key ; ! } ! ! /** ! * We have no way to find the key any more. ! */ ! return NULL ; ! } ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { ! #else ! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { ! #endif ! sizeof( xmlSecKeyStoreKlass ) , ! xmlSecNssKeysStoreSize , ! BAD_CAST "implicit_nss_keys_store" , ! xmlSecNssKeysStoreInitialize , ! xmlSecNssKeysStoreFinalize , ! xmlSecNssKeysStoreFindKey , ! NULL , ! NULL ! } ; ! /** ! * xmlSecNssKeysStoreGetKlass: ! * ! * The simple list based keys store klass. ! * ! * Returns simple list based keys store klass. ! */ ! xmlSecKeyStoreId ! xmlSecNssKeysStoreGetKlass( void ) { ! return &xmlSecNssKeysStoreKlass ; } + + /************************** + * Application routines + */ /** * xmlSecNssKeysStoreLoad: * @store: the pointer to Nss keys store. *************** *** 125,132 **** * Returns 0 on success or a negative value if an error occurs. */ int ! xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, ! xmlSecKeysMngrPtr keysMngr) { xmlDocPtr doc; xmlNodePtr root; xmlNodePtr cur; --- 528,538 ---- * Returns 0 on success or a negative value if an error occurs. */ int ! xmlSecNssKeysStoreLoad( ! xmlSecKeyStorePtr store, ! const char *uri, ! xmlSecKeysMngrPtr keysMngr ! ) { xmlDocPtr doc; xmlNodePtr root; xmlNodePtr cur; *************** *** 252,505 **** */ int xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { ! xmlSecKeyStorePtr *ss; ! ! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); ! xmlSecAssert2((filename != NULL), -1); ! ! ss = xmlSecNssKeysStoreGetSS(store); ! xmlSecAssert2(((ss != NULL) && (*ss != NULL) && ! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); ! ! return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); ! } ! ! static int ! xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { ! xmlSecKeyStorePtr *ss; ! ! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); ! ss = xmlSecNssKeysStoreGetSS(store); ! xmlSecAssert2((*ss == NULL), -1); ! *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); ! if(*ss == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecKeyStoreCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "xmlSecSimpleKeysStoreId"); ! return(-1); } - - return(0); - } - - static void - xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { - xmlSecKeyStorePtr *ss; - - xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); - - ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert((ss != NULL) && (*ss != NULL)); ! xmlSecKeyStoreDestroy(*ss); ! } ! ! static xmlSecKeyPtr ! xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, ! xmlSecKeyInfoCtxPtr keyInfoCtx) { ! xmlSecKeyStorePtr* ss; ! xmlSecKeyPtr key = NULL; ! xmlSecKeyPtr retval = NULL; ! xmlSecKeyReqPtr keyReq = NULL; ! CERTCertificate *cert = NULL; ! SECKEYPublicKey *pubkey = NULL; ! SECKEYPrivateKey *privkey = NULL; ! xmlSecKeyDataPtr data = NULL; ! xmlSecKeyDataPtr x509Data = NULL; ! int ret; ! ! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); ! xmlSecAssert2(keyInfoCtx != NULL, NULL); ! ! ss = xmlSecNssKeysStoreGetSS(store); ! xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); ! ! key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); ! if (key != NULL) { ! return (key); ! } ! /* Try to find the key in the NSS DB, and construct an xmlSecKey. ! * we must have a name to lookup keys in NSS DB. ! */ ! if (name == NULL) { ! goto done; ! } ! /* what type of key are we looking for? ! * TBD: For now, we'll look only for public/private keys using the ! * name as a cert nickname. Later on, we can attempt to find ! * symmetric keys using PK11_FindFixedKey ! */ ! keyReq = &(keyInfoCtx->keyReq); ! if (keyReq->keyType & ! (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { ! cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); ! if (cert == NULL) { ! goto done; ! } ! ! if (keyReq->keyType & xmlSecKeyDataTypePublic) { ! pubkey = CERT_ExtractPublicKey(cert); ! if (pubkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CERT_ExtractPublicKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; } - } ! if (keyReq->keyType & xmlSecKeyDataTypePrivate) { ! privkey = PK11_FindKeyByAnyCert(cert, NULL); ! if (privkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_FindKeyByAnyCert", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; } } ! data = xmlSecNssPKIAdoptKey(privkey, pubkey); ! if(data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssPKIAdoptKey", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! privkey = NULL; ! pubkey = NULL; ! ! key = xmlSecKeyCreate(); ! if (key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! return (NULL); ! } ! ! x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); ! if(x509Data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "transform=%s", ! xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); ! goto done; ! } ! ! ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); ! if (ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKeyDataX509AdoptKeyCert", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "data=%s", ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); ! goto done; ! } ! cert = CERT_DupCertificate(cert); ! if (cert == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CERT_DupCertificate", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "data=%s", ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); ! goto done; ! } ! ! ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); ! if (ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKeyDataX509AdoptCert", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "data=%s", ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); ! goto done; } - cert = NULL; ! ret = xmlSecKeySetValue(key, data); ! if (ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeySetValue", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "data=%s", ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); ! goto done; ! } ! data = NULL; ! ret = xmlSecKeyAdoptData(key, x509Data); ! if (ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyAdoptData", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "data=%s", ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); ! goto done; ! } ! x509Data = NULL; ! ! retval = key; ! key = NULL; ! } ! ! done: ! if (cert != NULL) { ! CERT_DestroyCertificate(cert); ! } ! if (pubkey != NULL) { ! SECKEY_DestroyPublicKey(pubkey); ! } ! if (privkey != NULL) { ! SECKEY_DestroyPrivateKey(privkey); ! } ! if (data != NULL) { ! xmlSecKeyDataDestroy(data); ! } ! if (x509Data != NULL) { ! xmlSecKeyDataDestroy(x509Data); ! } ! if (key != NULL) { ! xmlSecKeyDestroy(key); } ! ! /* now that we have a key, make sure it is valid and let the simple ! * store adopt it */ ! if (retval) { ! if (xmlSecKeyIsValid(retval)) { ! ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval); ! if (ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecSimpleKeysStoreAdoptKey", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDestroy(retval); ! retval = NULL; ! } ! } else { ! xmlSecKeyDestroy(retval); ! retval = NULL; ! } ! } ! ! return (retval); } --- 658,804 ---- */ int xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { ! xmlSecKeyInfoCtx keyInfoCtx; ! xmlSecNssKeysStoreCtxPtr context ; ! xmlSecPtrListPtr list; ! xmlSecKeyPtr key; ! xmlSecSize i, keysSize; ! xmlDocPtr doc; ! xmlNodePtr cur; ! xmlSecKeyDataPtr data; ! xmlSecPtrListPtr idsList; ! xmlSecKeyDataId dataId; ! xmlSecSize idsSize, j; ! int ret; ! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ; ! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; ! xmlSecAssert2(filename != NULL, -1); ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! xmlSecAssert2( context != NULL, -1 ); ! ! list = context->keyList ; ! xmlSecAssert2( list != NULL, -1 ); ! xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); ! /* create doc */ ! doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); ! if(doc == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecCreateTree", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } ! idsList = xmlSecKeyDataIdsGet(); ! xmlSecAssert2(idsList != NULL, -1); ! ! keysSize = xmlSecPtrListGetSize(list); ! idsSize = xmlSecPtrListGetSize(idsList); ! for(i = 0; i < keysSize; ++i) { ! key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); ! xmlSecAssert2(key != NULL, -1); ! ! cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); ! if(cur == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecAddChild", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); ! xmlFreeDoc(doc); ! return(-1); ! } ! /* special data key name */ ! if(xmlSecKeyGetName(key) != NULL) { ! if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecAddChild", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeKeyName)); ! xmlFreeDoc(doc); ! return(-1); ! } ! } ! ! /* create nodes for other keys data */ ! for(j = 0; j < idsSize; ++j) { ! dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); ! xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); ! if(dataId->dataNodeName == NULL) { ! continue; ! } ! ! data = xmlSecKeyGetData(key, dataId); ! if(data == NULL) { ! continue; } ! if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecAddChild", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "node=%s", ! xmlSecErrorsSafeString(dataId->dataNodeName)); ! xmlFreeDoc(doc); ! return(-1); } } ! ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); ! if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecKeyInfoCtxInitialize", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! xmlFreeDoc(doc); ! return(-1); } ! keyInfoCtx.mode = xmlSecKeyInfoModeWrite; ! keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; ! keyInfoCtx.keyReq.keyType = type; ! keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; ! /* finally write key in the node */ ! ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); ! if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecKeyInfoNodeWrite", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyInfoCtxFinalize(&keyInfoCtx); ! xmlFreeDoc(doc); ! return(-1); ! } ! xmlSecKeyInfoCtxFinalize(&keyInfoCtx); } ! ! /* now write result */ ! ret = xmlSaveFormatFile(filename, doc, 1); ! if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSaveFormatFile", ! XMLSEC_ERRORS_R_XML_FAILED, ! "filename=%s", ! xmlSecErrorsSafeString(filename)); ! xmlFreeDoc(doc); ! return(-1); ! } ! ! xmlFreeDoc(doc); ! return(0); } + *** misc/xmlsec1-1.2.6/src/nss/keytrans.c Fri May 11 14:47:46 2007 --- misc/build/xmlsec1-1.2.6/src/nss/keytrans.c Fri May 11 14:47:20 2007 *************** *** 1 **** ! dummy --- 1,752 ---- ! /** ! * ! * XMLSec library ! * ! * AES Algorithm support ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright ................................. ! */ ! #include "globals.h" ! ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! ! /********************************************************************* ! * ! * key transform transforms ! * ! ********************************************************************/ ! typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ; ! typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ; ! ! #define xmlSecNssKeyTransportSize \ ! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) ! ! #define xmlSecNssKeyTransportGetCtx( transform ) \ ! ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ! ! struct _xmlSecNssKeyTransportCtx { ! CK_MECHANISM_TYPE cipher ; ! SECKEYPublicKey* pubkey ; ! SECKEYPrivateKey* prikey ; ! xmlSecKeyDataId keyId ; ! xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ ! } ; ! ! static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform); ! static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform); ! static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, ! xmlSecKeyReqPtr keyReq); ! static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, ! xmlSecKeyPtr key); ! static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, ! int last, ! xmlSecTransformCtxPtr transformCtx); ! static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform); ! ! static int ! xmlSecNssKeyTransportCheckId( ! xmlSecTransformPtr transform ! ) { ! #ifndef XMLSEC_NO_RSA ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) || ! xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) { ! ! return(1); ! } ! #endif /* XMLSEC_NO_RSA */ ! ! return(0); ! } ! ! static int ! xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { ! xmlSecNssKeyTransportCtxPtr context ; ! int ret; ! ! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); ! ! context = xmlSecNssKeyTransportGetCtx( transform ) ; ! xmlSecAssert2( context != NULL , -1 ) ; ! ! #ifndef XMLSEC_NO_RSA ! if( transform->id == xmlSecNssTransformRsaPkcs1Id ) { ! context->cipher = CKM_RSA_PKCS ; ! context->keyId = xmlSecNssKeyDataRsaId ; ! } else if( transform->id == xmlSecNssTransformRsaOaepId ) { ! context->cipher = CKM_RSA_PKCS_OAEP ; ! context->keyId = xmlSecNssKeyDataRsaId ; ! } else ! #endif /* XMLSEC_NO_RSA */ ! ! if( 1 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! context->pubkey = NULL ; ! context->prikey = NULL ; ! context->material = NULL ; ! ! return(0); ! } ! ! static void ! xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) { ! xmlSecNssKeyTransportCtxPtr context ; ! ! xmlSecAssert(xmlSecNssKeyTransportCheckId(transform)); ! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize)); ! ! context = xmlSecNssKeyTransportGetCtx( transform ) ; ! xmlSecAssert( context != NULL ) ; ! ! if( context->pubkey != NULL ) { ! SECKEY_DestroyPublicKey( context->pubkey ) ; ! context->pubkey = NULL ; ! } ! ! if( context->prikey != NULL ) { ! SECKEY_DestroyPrivateKey( context->prikey ) ; ! context->prikey = NULL ; ! } ! ! if( context->material != NULL ) { ! xmlSecBufferDestroy(context->material); ! context->material = NULL ; ! } ! } ! ! static int ! xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { ! xmlSecNssKeyTransportCtxPtr context ; ! xmlSecSize cipherSize = 0 ; ! ! ! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(keyReq != NULL, -1); ! ! context = xmlSecNssKeyTransportGetCtx( transform ) ; ! xmlSecAssert2( context != NULL , -1 ) ; ! ! keyReq->keyId = context->keyId; ! if(transform->operation == xmlSecTransformOperationEncrypt) { ! keyReq->keyUsage = xmlSecKeyUsageEncrypt; ! keyReq->keyType = xmlSecKeyDataTypePublic; ! } else { ! keyReq->keyUsage = xmlSecKeyUsageDecrypt; ! keyReq->keyType = xmlSecKeyDataTypePrivate; ! } ! ! return(0); ! } ! ! static int ! xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ! xmlSecNssKeyTransportCtxPtr context = NULL ; ! xmlSecKeyDataPtr keyData = NULL ; ! SECKEYPublicKey* pubkey = NULL ; ! SECKEYPrivateKey* prikey = NULL ; ! ! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(key != NULL, -1); ! ! context = xmlSecNssKeyTransportGetCtx( transform ) ; ! if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyTransportGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ! ! keyData = xmlSecKeyGetValue( key ) ; ! if( keyData == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ! "xmlSecKeyGetValue" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if(transform->operation == xmlSecTransformOperationEncrypt) { ! if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ! "xmlSecNssPKIKeyDataGetPubKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! context->pubkey = pubkey ; ! } else { ! if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ! "xmlSecNssPKIKeyDataGetPrivKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! context->prikey = prikey ; ! } ! ! return(0) ; ! } ! ! /** ! * key wrap transform ! */ ! static int ! xmlSecNssKeyTransportCtxInit( ! xmlSecNssKeyTransportCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecSize blockSize ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! if( ctx->material != NULL ) { ! xmlSecBufferDestroy( ctx->material ) ; ! ctx->material = NULL ; ! } ! ! if( ctx->pubkey != NULL ) { ! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; ! } else if( ctx->prikey != NULL ) { ! blockSize = PK11_SignatureLen( ctx->prikey ) ; ! } else { ! blockSize = -1 ; ! } ! ! if( blockSize < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! ctx->material = xmlSecBufferCreate( blockSize ) ; ! if( ctx->material == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* read raw key material into context */ ! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetData" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! return(0); ! } ! ! /** ! * key wrap transform update ! */ ! static int ! xmlSecNssKeyTransportCtxUpdate( ! xmlSecNssKeyTransportCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! /* read raw key material and append into context */ ! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! return(0); ! } ! ! /** ! * Block cipher transform final ! */ ! static int ! xmlSecNssKeyTransportCtxFinal( ! xmlSecNssKeyTransportCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! SECKEYPublicKey* targetKey ; ! PK11SymKey* symKey ; ! PK11SlotInfo* slot ; ! SECItem oriskv ; ! xmlSecSize blockSize ; ! xmlSecBufferPtr result ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! /* read raw key material and append into context */ ! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* Now we get all of the key materail */ ! /* from now on we will wrap or unwrap the key */ ! if( ctx->pubkey != NULL ) { ! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; ! } else if( ctx->prikey != NULL ) { ! blockSize = PK11_SignatureLen( ctx->prikey ) ; ! } else { ! blockSize = -1 ; ! } ! ! if( blockSize < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! result = xmlSecBufferCreate( blockSize * 2 ) ; ! if( result == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! oriskv.type = siBuffer ; ! oriskv.data = xmlSecBufferGetData( ctx->material ) ; ! oriskv.len = xmlSecBufferGetSize( ctx->material ) ; ! ! if( encrypt != 0 ) { ! CK_OBJECT_HANDLE id ; ! SECItem wrpskv ; ! ! /* Create template symmetric key from material */ ! if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) { ! slot = xmlSecNssSlotGet( ctx->cipher ) ; ! if( slot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSlotGet" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! ! id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; ! if( id == CK_INVALID_HANDLE ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_ImportPublicKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! PK11_FreeSlot( slot ) ; ! return(-1); ! } ! } ! ! /* pay attention to mechanism */ ! symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; ! if( symKey == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_ImportSymKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! PK11_FreeSlot( slot ) ; ! return(-1); ! } ! ! wrpskv.type = siBuffer ; ! wrpskv.data = xmlSecBufferGetData( result ) ; ! wrpskv.len = xmlSecBufferGetMaxSize( result ) ; ! ! if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_PubWrapSymKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! xmlSecBufferDestroy(result); ! PK11_FreeSlot( slot ) ; ! return(-1); ! } ! ! if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! xmlSecBufferDestroy(result); ! PK11_FreeSlot( slot ) ; ! return(-1); ! } ! PK11_FreeSymKey( symKey ) ; ! PK11_FreeSlot( slot ) ; ! } else { ! SECItem* keyItem ; ! CK_OBJECT_HANDLE id1 ; ! ! /* pay attention to mechanism */ ! if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_PubUnwrapSymKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! ! /* Extract raw data from symmetric key */ ! if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_ExtractKeyValue" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! ! if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetKeyData" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! ! if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_PubUnwrapSymKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! PK11_FreeSymKey( symKey ) ; ! } ! ! /* Write output */ ! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! xmlSecBufferDestroy(result); ! ! return(0); ! } ! ! static int ! xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { ! xmlSecNssKeyTransportCtxPtr context = NULL ; ! xmlSecBufferPtr inBuf, outBuf ; ! int operation ; ! int rtv ; ! ! xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; ! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! context = xmlSecNssKeyTransportGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyTransportGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! inBuf = &( transform->inBuf ) ; ! outBuf = &( transform->outBuf ) ; ! ! if( transform->status == xmlSecTransformStatusNone ) { ! transform->status = xmlSecTransformStatusWorking ; ! } ! ! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ! if( transform->status == xmlSecTransformStatusWorking ) { ! if( context->material == NULL ) { ! rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyTransportCtxInit" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! } ! ! if( context->material == NULL && last != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "No enough data to intialize transform" ) ; ! return(-1); ! } ! ! if( context->material != NULL ) { ! rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyTransportCtxUpdate" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! } ! ! if( last ) { ! rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyTransportCtxFinal" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! transform->status = xmlSecTransformStatusFinished ; ! } ! } else if( transform->status == xmlSecTransformStatusFinished ) { ! if( xmlSecBufferGetSize( inBuf ) != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return(-1); ! } ! } else { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return(-1); ! } ! ! return(0); ! } ! ! ! #ifndef XMLSEC_NO_RSA ! ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { ! #else ! static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { ! #endif ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ ! ! xmlSecNameRsaPkcs1, /* const xmlChar* name; */ ! xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecTransformKlass xmlSecNssRsaOaepKlass = { ! #else ! static xmlSecTransformKlass xmlSecNssRsaOaepKlass = { ! #endif ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ ! ! xmlSecNameRsaOaep, /* const xmlChar* name; */ ! xmlSecHrefRsaOaep, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! /** ! * xmlSecNssTransformRsaPkcs1GetKlass: ! * ! * The RSA-PKCS1 key transport transform klass. ! * ! * Returns RSA-PKCS1 key transport transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformRsaPkcs1GetKlass(void) { ! return(&xmlSecNssRsaPkcs1Klass); ! } ! ! /** ! * xmlSecNssTransformRsaOaepGetKlass: ! * ! * The RSA-PKCS1 key transport transform klass. ! * ! * Returns RSA-PKCS1 key transport transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformRsaOaepGetKlass(void) { ! return(&xmlSecNssRsaOaepKlass); ! } ! ! #endif /* XMLSEC_NO_RSA */ ! *** misc/xmlsec1-1.2.6/src/nss/keywrapers.c Fri May 11 14:47:46 2007 --- misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c Fri May 11 14:47:20 2007 *************** *** 1 **** ! dummy --- 1,1213 ---- ! /** ! * ! * XMLSec library ! * ! * AES Algorithm support ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright ................................. ! */ ! #include "globals.h" ! ! #include ! #include ! #include ! ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! #include ! ! #include ! #include ! ! #define XMLSEC_NSS_AES128_KEY_SIZE 16 ! #define XMLSEC_NSS_AES192_KEY_SIZE 24 ! #define XMLSEC_NSS_AES256_KEY_SIZE 32 ! #define XMLSEC_NSS_DES3_KEY_SIZE 24 ! #define XMLSEC_NSS_DES3_KEY_LENGTH 24 ! #define XMLSEC_NSS_DES3_IV_LENGTH 8 ! #define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 ! ! static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { ! 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 ! }; ! ! /********************************************************************* ! * ! * key wrap transforms ! * ! ********************************************************************/ ! typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; ! typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; ! ! #define xmlSecNssKeyWrapSize \ ! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) ! ! #define xmlSecNssKeyWrapGetCtx( transform ) \ ! ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ! ! struct _xmlSecNssKeyWrapCtx { ! CK_MECHANISM_TYPE cipher ; ! PK11SymKey* symkey ; ! xmlSecKeyDataId keyId ; ! xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ ! } ; ! ! static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); ! static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); ! static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, ! xmlSecKeyReqPtr keyReq); ! static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, ! xmlSecKeyPtr key); ! static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, ! int last, ! xmlSecTransformCtxPtr transformCtx); ! static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); ! ! static int ! xmlSecNssKeyWrapCheckId( ! xmlSecTransformPtr transform ! ) { ! #ifndef XMLSEC_NO_DES ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { ! return(1); ! } ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || ! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || ! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { ! ! return(1); ! } ! #endif /* XMLSEC_NO_AES */ ! ! return(0); ! } ! ! static xmlSecSize ! xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { ! #ifndef XMLSEC_NO_DES ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { ! return(XMLSEC_NSS_DES3_KEY_SIZE); ! } else ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { ! return(XMLSEC_NSS_AES128_KEY_SIZE); ! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { ! return(XMLSEC_NSS_AES192_KEY_SIZE); ! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { ! return(XMLSEC_NSS_AES256_KEY_SIZE); ! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { ! return(XMLSEC_NSS_AES256_KEY_SIZE); ! } else ! #endif /* XMLSEC_NO_AES */ ! ! if(1) ! return(0); ! } ! ! ! static int ! xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { ! xmlSecNssKeyWrapCtxPtr context ; ! int ret; ! ! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ! ! context = xmlSecNssKeyWrapGetCtx( transform ) ; ! xmlSecAssert2( context != NULL , -1 ) ; ! ! #ifndef XMLSEC_NO_DES ! if( transform->id == xmlSecNssTransformKWDes3Id ) { ! context->cipher = CKM_DES3_CBC ; ! context->keyId = xmlSecNssKeyDataDesId ; ! } else ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if( transform->id == xmlSecNssTransformKWAes128Id ) { ! /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! if( transform->id == xmlSecNssTransformKWAes192Id ) { ! /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! if( transform->id == xmlSecNssTransformKWAes256Id ) { ! /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! #endif /* XMLSEC_NO_AES */ ! ! ! if( 1 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! context->symkey = NULL ; ! context->material = NULL ; ! ! return(0); ! } ! ! static void ! xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { ! xmlSecNssKeyWrapCtxPtr context ; ! ! xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); ! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); ! ! context = xmlSecNssKeyWrapGetCtx( transform ) ; ! xmlSecAssert( context != NULL ) ; ! ! if( context->symkey != NULL ) { ! PK11_FreeSymKey( context->symkey ) ; ! context->symkey = NULL ; ! } ! ! if( context->material != NULL ) { ! xmlSecBufferDestroy(context->material); ! context->material = NULL ; ! } ! } ! ! static int ! xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { ! xmlSecNssKeyWrapCtxPtr context ; ! xmlSecSize cipherSize = 0 ; ! ! ! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(keyReq != NULL, -1); ! ! context = xmlSecNssKeyWrapGetCtx( transform ) ; ! xmlSecAssert2( context != NULL , -1 ) ; ! ! keyReq->keyId = context->keyId; ! keyReq->keyType = xmlSecKeyDataTypeSymmetric; ! if(transform->operation == xmlSecTransformOperationEncrypt) { ! keyReq->keyUsage = xmlSecKeyUsageEncrypt; ! } else { ! keyReq->keyUsage = xmlSecKeyUsageDecrypt; ! } ! ! keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; ! ! return(0); ! } ! ! static int ! xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ! xmlSecNssKeyWrapCtxPtr context = NULL ; ! xmlSecKeyDataPtr keyData = NULL ; ! PK11SymKey* symkey = NULL ; ! ! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(key != NULL, -1); ! ! context = xmlSecNssKeyWrapGetCtx( transform ) ; ! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyWrapGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ! ! keyData = xmlSecKeyGetValue( key ) ; ! if( keyData == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ! "xmlSecKeyGetValue" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ! "xmlSecNssSymKeyDataGetKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! context->symkey = symkey ; ! ! return(0) ; ! } ! ! /** ! * key wrap transform ! */ ! static int ! xmlSecNssKeyWrapCtxInit( ! xmlSecNssKeyWrapCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecSize blockSize ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! if( ctx->material != NULL ) { ! xmlSecBufferDestroy( ctx->material ) ; ! ctx->material = NULL ; ! } ! ! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! ctx->material = xmlSecBufferCreate( blockSize ) ; ! if( ctx->material == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* read raw key material into context */ ! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetData" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! return(0); ! } ! ! /** ! * key wrap transform update ! */ ! static int ! xmlSecNssKeyWrapCtxUpdate( ! xmlSecNssKeyWrapCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! /* read raw key material and append into context */ ! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! return(0); ! } ! ! static int ! xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { ! xmlSecSize s; ! xmlSecSize i; ! xmlSecByte c; ! ! xmlSecAssert2(buf != NULL, -1); ! ! s = size / 2; ! --size; ! for(i = 0; i < s; ++i) { ! c = buf[i]; ! buf[i] = buf[size - i]; ! buf[size - i] = c; ! } ! return(0); ! } ! ! static xmlSecByte * ! xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, ! xmlSecByte *out, xmlSecSize outSize) ! { ! PK11Context *context = NULL; ! SECStatus s; ! xmlSecByte *digest = NULL; ! unsigned int len; ! ! xmlSecAssert2(in != NULL, NULL); ! xmlSecAssert2(out != NULL, NULL); ! xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); ! ! /* Create a context for hashing (digesting) */ ! context = PK11_CreateDigestContext(SEC_OID_SHA1); ! if (context == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_CreateDigestContext", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code = %d", PORT_GetError()); ! goto done; ! } ! ! s = PK11_DigestBegin(context); ! if (s != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_DigestBegin", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code = %d", PORT_GetError()); ! goto done; ! } ! ! s = PK11_DigestOp(context, in, inSize); ! if (s != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_DigestOp", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code = %d", PORT_GetError()); ! goto done; ! } ! ! s = PK11_DigestFinal(context, out, &len, outSize); ! if (s != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_DigestFinal", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code = %d", PORT_GetError()); ! goto done; ! } ! xmlSecAssert2(len == SHA1_LENGTH, NULL); ! ! digest = out; ! ! done: ! if (context != NULL) { ! PK11_DestroyContext(context, PR_TRUE); ! } ! return (digest); ! } ! ! static int ! xmlSecNssKWDes3Encrypt( ! PK11SymKey* symKey , ! CK_MECHANISM_TYPE cipherMech , ! const xmlSecByte* iv , ! xmlSecSize ivSize , ! const xmlSecByte* in , ! xmlSecSize inSize , ! xmlSecByte* out , ! xmlSecSize outSize , ! int enc ! ) { ! PK11Context* EncContext = NULL; ! SECItem ivItem ; ! SECItem* secParam = NULL ; ! int tmp1_outlen; ! unsigned int tmp2_outlen; ! int result_len = -1; ! SECStatus rv; ! ! xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( symKey != NULL , -1 ) ; ! xmlSecAssert2(iv != NULL, -1); ! xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); ! xmlSecAssert2(in != NULL, -1); ! xmlSecAssert2(inSize > 0, -1); ! xmlSecAssert2(out != NULL, -1); ! xmlSecAssert2(outSize >= inSize, -1); ! ! /* Prepare IV */ ! ivItem.data = ( unsigned char* )iv ; ! ivItem.len = ivSize ; ! ! secParam = PK11_ParamFromIV(cipherMech, &ivItem); ! if (secParam == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_ParamFromIV", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "Error code = %d", PORT_GetError()); ! goto done; ! } ! ! EncContext = PK11_CreateContextBySymKey(cipherMech, ! enc ? CKA_ENCRYPT : CKA_DECRYPT, ! symKey, secParam); ! if (EncContext == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_CreateContextBySymKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "Error code = %d", PORT_GetError()); ! goto done; ! } ! ! tmp1_outlen = tmp2_outlen = 0; ! rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, ! (unsigned char *)in, inSize); ! if (rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_CipherOp", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "Error code = %d", PORT_GetError()); ! goto done; ! } ! ! rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, ! &tmp2_outlen, outSize-tmp1_outlen); ! if (rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_DigestFinal", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "Error code = %d", PORT_GetError()); ! goto done; ! } ! ! result_len = tmp1_outlen + tmp2_outlen; ! ! done: ! if (secParam) { ! SECITEM_FreeItem(secParam, PR_TRUE); ! } ! if (EncContext) { ! PK11_DestroyContext(EncContext, PR_TRUE); ! } ! ! return(result_len); ! } ! ! static int ! xmlSecNssKeyWrapDesOp( ! xmlSecNssKeyWrapCtxPtr ctx , ! int encrypt , ! xmlSecBufferPtr result ! ) { ! xmlSecByte sha1[SHA1_LENGTH]; ! xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; ! xmlSecByte* in; ! xmlSecSize inSize; ! xmlSecByte* out; ! xmlSecSize outSize; ! xmlSecSize s; ! int ret; ! SECStatus status; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( result != NULL , -1 ) ; ! ! in = xmlSecBufferGetData(ctx->material); ! inSize = xmlSecBufferGetSize(ctx->material) ; ! out = xmlSecBufferGetData(result); ! outSize = xmlSecBufferGetMaxSize(result) ; ! if( encrypt ) { ! /* step 2: calculate sha1 and CMS */ ! if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssComputeSHA1", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! /* step 3: construct WKCKS */ ! memcpy(out, in, inSize); ! memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); ! ! /* step 4: generate random iv */ ! status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); ! if(status != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_GenerateRandom", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code = %d", PORT_GetError()); ! return(-1); ! } ! ! /* step 5: first encryption, result is TEMP1 */ ! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ! iv, XMLSEC_NSS_DES3_IV_LENGTH, ! out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, ! out, outSize, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3Encrypt", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! /* step 6: construct TEMP2=IV || TEMP1 */ ! memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, ! inSize + XMLSEC_NSS_DES3_IV_LENGTH); ! memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); ! s = ret + XMLSEC_NSS_DES3_IV_LENGTH; ! ! /* step 7: reverse octets order, result is TEMP3 */ ! ret = xmlSecNssKWDes3BufferReverse(out, s); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3BufferReverse", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! /* step 8: second encryption with static IV */ ! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, ! out, s, ! out, outSize, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3Encrypt", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! s = ret; ! ! if( xmlSecBufferSetSize( result , s ) < 0 ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBufferSetSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } else { ! /* step 2: first decryption with static IV, result is TEMP3 */ ! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, ! in, inSize, ! out, outSize, 0); ! if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3Encrypt", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! s = ret; ! ! /* step 3: reverse octets order in TEMP3, result is TEMP2 */ ! ret = xmlSecNssKWDes3BufferReverse(out, s); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3BufferReverse", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ ! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ! out, XMLSEC_NSS_DES3_IV_LENGTH, ! out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, ! out, outSize, 0); ! if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3Encrypt", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! s = ret - XMLSEC_NSS_DES3_IV_LENGTH; ! ! /* steps 6 and 7: calculate SHA1 and validate it */ ! if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssComputeSHA1", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "SHA1 does not match"); ! return(-1); ! } ! ! if( xmlSecBufferSetSize( result , s ) < 0 ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBufferSetSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } ! ! return(0); ! } ! ! static int ! xmlSecNssKeyWrapAesOp( ! xmlSecNssKeyWrapCtxPtr ctx , ! int encrypt , ! xmlSecBufferPtr result ! ) { ! PK11Context* cipherCtx = NULL; ! SECItem ivItem ; ! SECItem* secParam = NULL ; ! xmlSecSize inSize ; ! xmlSecSize inBlocks ; ! int blockSize ; ! int midSize ; ! int finSize ; ! xmlSecByte* out ; ! xmlSecSize outSize; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( result != NULL , -1 ) ; ! ! /* Do not set any IV */ ! memset(&ivItem, 0, sizeof(ivItem)); ! ! /* Get block size */ ! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! inSize = xmlSecBufferGetSize( ctx->material ) ; ! if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetMaxSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* Get Param for context initialization */ ! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_ParamFromIV" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; ! if( cipherCtx == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_CreateContextBySymKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! SECITEM_FreeItem( secParam , PR_TRUE ) ; ! return(-1); ! } ! ! out = xmlSecBufferGetData(result) ; ! outSize = xmlSecBufferGetMaxSize(result) ; ! if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_CipherOp" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_DigestFinal" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! return 0 ; ! } ! ! /** ! * Block cipher transform final ! */ ! static int ! xmlSecNssKeyWrapCtxFinal( ! xmlSecNssKeyWrapCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! PK11SymKey* targetKey ; ! xmlSecSize blockSize ; ! xmlSecBufferPtr result ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! /* read raw key material and append into context */ ! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* Now we get all of the key materail */ ! /* from now on we will wrap or unwrap the key */ ! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! result = xmlSecBufferCreate( blockSize ) ; ! if( result == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! switch( ctx->cipher ) { ! case CKM_DES3_CBC : ! if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssKeyWrapDesOp" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! break ; ! /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ ! case CKM_AES_CBC : ! if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssKeyWrapAesOp" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! break ; ! } ! ! /* Write output */ ! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! xmlSecBufferDestroy(result); ! ! return(0); ! } ! ! static int ! xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { ! xmlSecNssKeyWrapCtxPtr context = NULL ; ! xmlSecBufferPtr inBuf, outBuf ; ! int operation ; ! int rtv ; ! ! xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; ! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! context = xmlSecNssKeyWrapGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyWrapGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! inBuf = &( transform->inBuf ) ; ! outBuf = &( transform->outBuf ) ; ! ! if( transform->status == xmlSecTransformStatusNone ) { ! transform->status = xmlSecTransformStatusWorking ; ! } ! ! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ! if( transform->status == xmlSecTransformStatusWorking ) { ! if( context->material == NULL ) { ! rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyWrapCtxInit" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! } ! ! if( context->material == NULL && last != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "No enough data to intialize transform" ) ; ! return(-1); ! } ! ! if( context->material != NULL ) { ! rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyWrapCtxUpdate" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! } ! ! if( last ) { ! rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyWrapCtxFinal" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! transform->status = xmlSecTransformStatusFinished ; ! } ! } else if( transform->status == xmlSecTransformStatusFinished ) { ! if( xmlSecBufferGetSize( inBuf ) != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return(-1); ! } ! } else { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return(-1); ! } ! ! return(0); ! } ! ! #ifndef XMLSEC_NO_AES ! ! ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { ! #else ! static xmlSecTransformKlass xmlSecNssKWAes128Klass = { ! #endif ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ! ! xmlSecNameKWAes128, /* const xmlChar* name; */ ! xmlSecHrefKWAes128, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { ! #else ! static xmlSecTransformKlass xmlSecNssKWAes192Klass = { ! #endif ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ! ! xmlSecNameKWAes192, /* const xmlChar* name; */ ! xmlSecHrefKWAes192, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { ! #else ! static xmlSecTransformKlass xmlSecNssKWAes256Klass = { ! #endif ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ! ! xmlSecNameKWAes256, /* const xmlChar* name; */ ! xmlSecHrefKWAes256, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! /** ! * xmlSecNssTransformKWAes128GetKlass: ! * ! * The AES-128 key wrapper transform klass. ! * ! * Returns AES-128 key wrapper transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformKWAes128GetKlass(void) { ! return(&xmlSecNssKWAes128Klass); ! } ! ! /** ! * xmlSecNssTransformKWAes192GetKlass: ! * ! * The AES-192 key wrapper transform klass. ! * ! * Returns AES-192 key wrapper transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformKWAes192GetKlass(void) { ! return(&xmlSecNssKWAes192Klass); ! } ! ! /** ! * ! * The AES-256 key wrapper transform klass. ! * ! * Returns AES-256 key wrapper transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformKWAes256GetKlass(void) { ! return(&xmlSecNssKWAes256Klass); ! } ! ! #endif /* XMLSEC_NO_AES */ ! ! ! #ifndef XMLSEC_NO_DES ! ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { ! #else ! static xmlSecTransformKlass xmlSecNssKWDes3Klass = { ! #endif ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ! ! xmlSecNameKWDes3, /* const xmlChar* name; */ ! xmlSecHrefKWDes3, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! /** ! * xmlSecNssTransformKWDes3GetKlass: ! * ! * The Triple DES key wrapper transform klass. ! * ! * Returns Triple DES key wrapper transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformKWDes3GetKlass(void) { ! return(&xmlSecNssKWDes3Klass); ! } ! ! #endif /* XMLSEC_NO_DES */ ! *** misc/xmlsec1-1.2.6/src/nss/pkikeys.c Wed Mar 17 06:06:45 2004 --- misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c Fri May 11 14:47:20 2007 *************** *** 5,10 **** --- 5,11 ---- * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. + * Copyright ........................... */ #include "globals.h" *************** *** 24,29 **** --- 25,31 ---- #include #include #include + #include /************************************************************************** * *************** *** 98,111 **** { xmlSecAssert(ctx != NULL); if (ctx->privkey != NULL) { ! SECKEY_DestroyPrivateKey(ctx->privkey); ! ctx->privkey = NULL; } ! if (ctx->pubkey) ! { ! SECKEY_DestroyPublicKey(ctx->pubkey); ! ctx->pubkey = NULL; } } --- 100,112 ---- { xmlSecAssert(ctx != NULL); if (ctx->privkey != NULL) { ! SECKEY_DestroyPrivateKey(ctx->privkey); ! ctx->privkey = NULL; } ! if (ctx->pubkey) { ! SECKEY_DestroyPublicKey(ctx->pubkey); ! ctx->pubkey = NULL; } } *************** *** 115,143 **** xmlSecNssPKIKeyDataCtxPtr ctxSrc) { xmlSecNSSPKIKeyDataCtxFree(ctxDst); if (ctxSrc->privkey != NULL) { ! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); ! if(ctxDst->privkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SECKEY_CopyPrivateKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } } if (ctxSrc->pubkey != NULL) { ! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); ! if(ctxDst->pubkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SECKEY_CopyPublicKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } } return (0); } --- 116,147 ---- xmlSecNssPKIKeyDataCtxPtr ctxSrc) { xmlSecNSSPKIKeyDataCtxFree(ctxDst); + ctxDst->privkey = NULL ; + ctxDst->pubkey = NULL ; if (ctxSrc->privkey != NULL) { ! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); ! if(ctxDst->privkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SECKEY_CopyPrivateKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! return(-1); ! } } if (ctxSrc->pubkey != NULL) { ! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); ! if(ctxDst->pubkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SECKEY_CopyPublicKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! return(-1); ! } } + return (0); } *************** *** 147,166 **** SECKEYPublicKey *pubkey) { xmlSecNssPKIKeyDataCtxPtr ctx; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); if (ctx->privkey) { ! SECKEY_DestroyPrivateKey(ctx->privkey); } ctx->privkey = privkey; if (ctx->pubkey) { ! SECKEY_DestroyPublicKey(ctx->pubkey); } ctx->pubkey = pubkey; --- 151,191 ---- SECKEYPublicKey *pubkey) { xmlSecNssPKIKeyDataCtxPtr ctx; + KeyType pubType = nullKey ; + KeyType priType = nullKey ; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); + if( privkey != NULL ) { + priType = SECKEY_GetPrivateKeyType( privkey ) ; + } + + if( pubkey != NULL ) { + pubType = SECKEY_GetPublicKeyType( pubkey ) ; + } + + if( priType != nullKey && pubType != nullKey ) { + if( pubType != priType ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "different type of private and public key" ) ; + return -1 ; + } + } + ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); if (ctx->privkey) { ! SECKEY_DestroyPrivateKey(ctx->privkey); } ctx->privkey = privkey; if (ctx->pubkey) { ! SECKEY_DestroyPublicKey(ctx->pubkey); } ctx->pubkey = pubkey; *************** *** 183,243 **** { xmlSecKeyDataPtr data = NULL; int ret; ! KeyType kt; ! ! if (pubkey != NULL) { ! kt = SECKEY_GetPublicKeyType(pubkey); ! } else { ! kt = SECKEY_GetPrivateKeyType(privkey); ! pubkey = SECKEY_ConvertToPublicKey(privkey); ! } ! switch(kt) { #ifndef XMLSEC_NO_RSA case rsaKey: ! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); ! if(data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "xmlSecNssKeyDataRsaId"); ! return(NULL); ! } ! break; #endif /* XMLSEC_NO_RSA */ #ifndef XMLSEC_NO_DSA case dsaKey: ! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); ! if(data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "xmlSecNssKeyDataDsaId"); ! return(NULL); ! } ! break; #endif /* XMLSEC_NO_DSA */ default: ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_TYPE, ! "PKI key type %d not supported", kt); ! return(NULL); } xmlSecAssert2(data != NULL, NULL); ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssPKIKeyDataAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy(data); ! return(NULL); } return(data); } --- 208,282 ---- { xmlSecKeyDataPtr data = NULL; int ret; ! KeyType pubType = nullKey ; ! KeyType priType = nullKey ; ! if( privkey != NULL ) { ! priType = SECKEY_GetPrivateKeyType( privkey ) ; ! } ! ! if( pubkey != NULL ) { ! pubType = SECKEY_GetPublicKeyType( pubkey ) ; ! } ! ! if( priType != nullKey && pubType != nullKey ) { ! if( pubType != priType ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! "different type of private and public key" ) ; ! return( NULL ) ; ! } ! } ! ! pubType = priType != nullKey ? priType : pubType ; ! switch(pubType) { #ifndef XMLSEC_NO_RSA case rsaKey: ! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); ! if(data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "xmlSecNssKeyDataRsaId"); ! return(NULL); ! } ! break; #endif /* XMLSEC_NO_RSA */ #ifndef XMLSEC_NO_DSA case dsaKey: ! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); ! if(data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "xmlSecNssKeyDataDsaId"); ! return(NULL); ! } ! break; #endif /* XMLSEC_NO_DSA */ default: ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_TYPE, ! "PKI key type %d not supported", pubType); ! return(NULL); } xmlSecAssert2(data != NULL, NULL); ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssPKIKeyDataAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy(data); ! return(NULL); } return(data); } *************** *** 263,269 **** xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->pubkey != NULL, NULL); ! ret = SECKEY_CopyPublicKey(ctx->pubkey); return(ret); } --- 302,308 ---- xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->pubkey != NULL, NULL); ! ret = SECKEY_CopyPublicKey(ctx->pubkey); return(ret); } *************** *** 312,320 **** xmlSecAssert2(ctx != NULL, nullKey); if (ctx->pubkey != NULL) { ! kt = SECKEY_GetPublicKeyType(ctx->pubkey); } else { ! kt = SECKEY_GetPrivateKeyType(ctx->privkey); } return(kt); } --- 351,359 ---- xmlSecAssert2(ctx != NULL, nullKey); if (ctx->pubkey != NULL) { ! kt = SECKEY_GetPublicKeyType(ctx->pubkey); } else { ! kt = SECKEY_GetPrivateKeyType(ctx->privkey); } return(kt); } *************** *** 453,459 **** --- 492,502 ---- static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data, FILE* output); + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { + #else static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { + #endif sizeof(xmlSecKeyDataKlass), xmlSecNssPKIKeyDataSize, *************** *** 553,565 **** goto done; } ! slot = PK11_GetBestSlot(CKM_DSA, NULL); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "PK11_GetBestSlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ret = -1; goto done; } --- 596,608 ---- goto done; } ! slot = xmlSecNssSlotGet(CKM_DSA); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssSlotGet", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ret = -1; goto done; } *************** *** 570,576 **** xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_NewArena", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ret = -1; goto done; } --- 613,619 ---- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_NewArena", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ret = -1; goto done; } *************** *** 582,588 **** xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_ArenaZAlloc", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; --- 625,631 ---- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_ArenaZAlloc", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; *************** *** 750,770 **** goto done; } data = NULL; - ret = 0; done: if (slot != NULL) { ! PK11_FreeSlot(slot); } ! if (ret != 0) { ! if (pubkey != NULL) { ! SECKEY_DestroyPublicKey(pubkey); ! } ! if (data != NULL) { ! xmlSecKeyDataDestroy(data); ! } } return(ret); } --- 793,813 ---- goto done; } data = NULL; ret = 0; done: if (slot != NULL) { ! PK11_FreeSlot(slot); } ! ! if (pubkey != NULL) { ! SECKEY_DestroyPublicKey(pubkey); ! } ! ! if (data != NULL) { ! xmlSecKeyDataDestroy(data); } + return(ret); } *************** *** 783,789 **** ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { /* we can have only private key or public key */ --- 826,832 ---- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { /* we can have only private key or public key */ *************** *** 905,911 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_PQG_ParamGen", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d", sizeBits); goto done; } --- 948,955 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_PQG_ParamGen", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d, error code=%d", sizeBits, PORT_GetError()); ! ret = -1; goto done; } *************** *** 915,925 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_PQG_VerifyParams", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d", sizeBits); goto done; } ! slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubkey, PR_FALSE, PR_TRUE, NULL); --- 959,970 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_PQG_VerifyParams", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d, error code=%d", sizeBits, PORT_GetError()); ! ret = -1; goto done; } ! slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubkey, PR_FALSE, PR_TRUE, NULL); *************** *** 929,936 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_GenerateKeyPair", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); goto done; } --- 974,982 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_GenerateKeyPair", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); + ret = -1; goto done; } *************** *** 943,971 **** XMLSEC_ERRORS_NO_MESSAGE); goto done; } ! ret = 0; done: if (slot != NULL) { ! PK11_FreeSlot(slot); } if (pqgParams != NULL) { ! PK11_PQG_DestroyParams(pqgParams); } if (pqgVerify != NULL) { ! PK11_PQG_DestroyVerify(pqgVerify); ! } ! if (ret == 0) { ! return (0); } if (pubkey != NULL) { ! SECKEY_DestroyPublicKey(pubkey); } if (privkey != NULL) { ! SECKEY_DestroyPrivateKey(privkey); } ! return(-1); } static xmlSecKeyDataType --- 989,1020 ---- XMLSEC_ERRORS_NO_MESSAGE); goto done; } ! privkey = NULL ; ! pubkey = NULL ; ret = 0; done: if (slot != NULL) { ! PK11_FreeSlot(slot); } + if (pqgParams != NULL) { ! PK11_PQG_DestroyParams(pqgParams); } + if (pqgVerify != NULL) { ! PK11_PQG_DestroyVerify(pqgVerify); } + if (pubkey != NULL) { ! SECKEY_DestroyPublicKey(pubkey); } + if (privkey != NULL) { ! SECKEY_DestroyPrivateKey(privkey); } ! ! return(ret); } static xmlSecKeyDataType *************** *** 975,985 **** xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); if (ctx->privkey != NULL) { ! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); ! } else { ! return(xmlSecKeyDataTypePublic); } return(xmlSecKeyDataTypeUnknown); --- 1024,1034 ---- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ if (ctx->privkey != NULL) { ! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); ! } else if( ctx->pubkey != NULL ) { ! return(xmlSecKeyDataTypePublic); } return(xmlSecKeyDataTypeUnknown); *************** *** 992,998 **** xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } --- 1041,1047 ---- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } *************** *** 1084,1090 **** --- 1133,1143 ---- static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data, FILE* output); + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { + #else static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { + #endif sizeof(xmlSecKeyDataKlass), xmlSecNssPKIKeyDataSize, *************** *** 1181,1193 **** goto done; } ! slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "PK11_GetBestSlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ret = -1; goto done; } --- 1234,1246 ---- goto done; } ! slot = xmlSecNssSlotGet(CKM_RSA_PKCS); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssSlotGet", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ret = -1; goto done; } *************** *** 1198,1204 **** xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_NewArena", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ret = -1; goto done; } --- 1251,1257 ---- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_NewArena", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ret = -1; goto done; } *************** *** 1210,1216 **** xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_ArenaZAlloc", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; --- 1263,1269 ---- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_ArenaZAlloc", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; *************** *** 1349,1355 **** ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { --- 1402,1408 ---- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { *************** *** 1420,1426 **** params.keySizeInBits = sizeBits; params.pe = 65537; ! slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, &pubkey, PR_FALSE, PR_TRUE, NULL); --- 1473,1479 ---- params.keySizeInBits = sizeBits; params.pe = 65537; ! slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, &pubkey, PR_FALSE, PR_TRUE, NULL); *************** *** 1430,1436 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_GenerateKeyPair", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); goto done; } --- 1483,1489 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_GenerateKeyPair", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); goto done; } *************** *** 1472,1478 **** ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); if (ctx->privkey != NULL) { return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); } else { --- 1525,1531 ---- ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ if (ctx->privkey != NULL) { return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); } else { *************** *** 1490,1496 **** ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } --- 1543,1549 ---- ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } *** misc/xmlsec1-1.2.6/src/nss/signatures.c Fri Sep 26 02:58:15 2003 --- misc/build/xmlsec1-1.2.6/src/nss/signatures.c Fri May 11 14:47:20 2007 *************** *** 199,205 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_NewContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } else { --- 199,205 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_NewContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } else { *************** *** 222,228 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_CreateContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } --- 222,228 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_CreateContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } *************** *** 282,288 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Update, VFY_End", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { xmlSecError(XMLSEC_ERRORS_HERE, --- 282,288 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Update, VFY_End", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 341,347 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_Begin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } else { --- 341,347 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_Begin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } else { *************** *** 351,357 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Begin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } --- 351,357 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Begin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } *************** *** 368,374 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_Update", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } else { --- 368,374 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_Update", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } else { *************** *** 378,384 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Update", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } --- 378,384 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Update", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } *************** *** 404,410 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_End", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 404,410 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_End", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 459,465 **** --- 459,469 ---- * ***************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecNssDsaSha1Klass = { + #else static xmlSecTransformKlass xmlSecNssDsaSha1Klass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssSignatureSize, /* xmlSecSize objSize */ *************** *** 506,512 **** --- 510,520 ---- * RSA-SHA1 signature transform * ***************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecTransformKlass xmlSecNssRsaSha1Klass = { + #else static xmlSecTransformKlass xmlSecNssRsaSha1Klass = { + #endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssSignatureSize, /* xmlSecSize objSize */ *** misc/xmlsec1-1.2.6/src/nss/symkeys.c Mon Jul 21 05:12:52 2003 --- misc/build/xmlsec1-1.2.6/src/nss/symkeys.c Fri May 11 14:47:20 2007 *************** *** 15,192 **** #include #include #include #include #include #include #include #include #include /***************************************************************************** * ! * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary * ****************************************************************************/ ! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); ! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, ! xmlSecKeyDataPtr src); ! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); ! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlNodePtr node, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlNodePtr node, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! const xmlSecByte* buf, ! xmlSecSize bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlSecByte** buf, ! xmlSecSize* bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, ! xmlSecSize sizeBits, ! xmlSecKeyDataType type); ! ! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); ! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); ! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, ! FILE* output); ! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, ! FILE* output); ! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); #define xmlSecNssSymKeyDataCheckId(data) \ (xmlSecKeyDataIsValid((data)) && \ xmlSecNssSymKeyDataKlassCheck((data)->id)) static int xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); ! ! return(xmlSecKeyDataBinaryValueInitialize(data)); } static int xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); xmlSecAssert2(dst->id == src->id, -1); ! ! return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); } static void xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! ! xmlSecKeyDataBinaryValueFinalize(data); } static int xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { ! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ! return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); } static int xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ! return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); } static int xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ! const xmlSecByte* buf, xmlSecSize bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx) { ! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ! return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); } static int xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlSecByte** buf, xmlSecSize* bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ! return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); } static int xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { ! xmlSecBufferPtr buffer; ! xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); xmlSecAssert2(sizeBits > 0, -1); ! buffer = xmlSecKeyDataBinaryValueGetBuffer(data); ! xmlSecAssert2(buffer != NULL, -1); ! ! return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); } static xmlSecKeyDataType xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { ! xmlSecBufferPtr buffer; xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); ! buffer = xmlSecKeyDataBinaryValueGetBuffer(data); ! xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); ! return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); } static xmlSecSize xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); ! ! return(xmlSecKeyDataBinaryValueGetSize(data)); } static void xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! xmlSecKeyDataBinaryValueDebugDump(data, output); } static void xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! xmlSecKeyDataBinaryValueDebugXmlDump(data, output); } static int xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { #ifndef XMLSEC_NO_DES if(klass == xmlSecNssKeyDataDesId) { ! return(1); } #endif /* XMLSEC_NO_DES */ #ifndef XMLSEC_NO_AES if(klass == xmlSecNssKeyDataAesId) { ! return(1); } #endif /* XMLSEC_NO_AES */ #ifndef XMLSEC_NO_HMAC if(klass == xmlSecNssKeyDataHmacId) { ! return(1); } #endif /* XMLSEC_NO_HMAC */ --- 15,851 ---- #include #include + #include + #include + #include #include + #include #include #include #include #include #include + #include + #include /***************************************************************************** * ! * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey * ****************************************************************************/ ! typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; ! typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; ! ! struct _xmlSecNssSymKeyDataCtx { ! CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ ! PK11SlotInfo* slot ; /* the key resident slot */ ! PK11SymKey* symkey ; /* the symmetic key */ ! } ; ! ! #define xmlSecNssSymKeyDataSize \ ! ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) ! ! #define xmlSecNssSymKeyDataGetCtx( data ) \ ! ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) ! ! ! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); ! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, ! xmlSecKeyDataPtr src); ! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); ! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlNodePtr node, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlNodePtr node, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! const xmlSecByte* buf, ! xmlSecSize bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlSecByte** buf, ! xmlSecSize* bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, ! xmlSecSize sizeBits, ! xmlSecKeyDataType type); ! ! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); ! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); ! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, ! FILE* output); ! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, ! FILE* output); ! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); #define xmlSecNssSymKeyDataCheckId(data) \ (xmlSecKeyDataIsValid((data)) && \ xmlSecNssSymKeyDataKlassCheck((data)->id)) + /** + * xmlSecNssSymKeyDataAdoptKey: + * @data: the pointer to symmetric key data. + * @symkey: the symmetric key + * + * Set the value of symmetric key data. + * + * Returns 0 on success or a negative value if an error occurs. + */ + int + xmlSecNssSymKeyDataAdoptKey( + xmlSecKeyDataPtr data , + PK11SymKey* symkey + ) { + xmlSecNssSymKeyDataCtxPtr context = NULL ; + + xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; + xmlSecAssert2( symkey != NULL, -1 ) ; + + context = xmlSecNssSymKeyDataGetCtx( data ) ; + xmlSecAssert2(context != NULL, -1); + + context->cipher = PK11_GetMechanism( symkey ) ; + + if( context->slot != NULL ) { + PK11_FreeSlot( context->slot ) ; + context->slot = NULL ; + } + context->slot = PK11_GetSlotFromKey( symkey ) ; + + if( context->symkey != NULL ) { + PK11_FreeSymKey( context->symkey ) ; + context->symkey = NULL ; + } + context->symkey = PK11_ReferenceSymKey( symkey ) ; + + return 0 ; + } + + xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( + PK11SymKey* symKey + ) { + xmlSecKeyDataPtr data = NULL ; + CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; + + xmlSecAssert2( symKey != NULL , NULL ) ; + + mechanism = PK11_GetMechanism( symKey ) ; + switch( mechanism ) { + case CKM_DES3_KEY_GEN : + case CKM_DES3_CBC : + case CKM_DES3_MAC : + data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyDataCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "xmlSecNssKeyDataDesId" ) ; + return NULL ; + } + break ; + case CKM_AES_KEY_GEN : + case CKM_AES_CBC : + case CKM_AES_MAC : + data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyDataCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "xmlSecNssKeyDataDesId" ) ; + return NULL ; + } + break ; + default : + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "Unsupported mechanism" ) ; + return NULL ; + } + + if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataAdoptKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyDataDestroy( data ) ; + return NULL ; + } + + return data ; + } + + + PK11SymKey* + xmlSecNssSymKeyDataGetKey( + xmlSecKeyDataPtr data + ) { + xmlSecNssSymKeyDataCtxPtr ctx; + PK11SymKey* symkey ; + + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); + + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, NULL); + + if( ctx->symkey != NULL ) { + symkey = PK11_ReferenceSymKey( ctx->symkey ) ; + } else { + symkey = NULL ; + } + + return(symkey); + } + static int xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { + xmlSecNssSymKeyDataCtxPtr ctx; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); ! xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); ! ! ctx = xmlSecNssSymKeyDataGetCtx(data); ! xmlSecAssert2(ctx != NULL, -1); ! ! memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); ! ! /* Set the block cipher mechanism */ ! #ifndef XMLSEC_NO_DES ! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { ! ctx->cipher = CKM_DES3_KEY_GEN; ! } else ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { ! ctx->cipher = CKM_AES_KEY_GEN; ! } else ! #endif /* XMLSEC_NO_AES */ ! ! if(1) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! "Unsupported block cipher" ) ; ! return(-1) ; ! } ! ! return(0); } static int xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecNssSymKeyDataCtxPtr ctxDst; + xmlSecNssSymKeyDataCtxPtr ctxSrc; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); xmlSecAssert2(dst->id == src->id, -1); ! ! ctxDst = xmlSecNssSymKeyDataGetCtx(dst); ! xmlSecAssert2(ctxDst != NULL, -1); ! ! ctxSrc = xmlSecNssSymKeyDataGetCtx(src); ! xmlSecAssert2(ctxSrc != NULL, -1); ! ! ctxDst->cipher = ctxSrc->cipher ; ! ! if( ctxSrc->slot != NULL ) { ! if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { ! PK11_FreeSlot( ctxDst->slot ) ; ! ctxDst->slot = NULL ; ! } ! ! if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) ! ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; ! } else { ! if( ctxDst->slot != NULL ) { ! PK11_FreeSlot( ctxDst->slot ) ; ! ctxDst->slot = NULL ; ! } ! } ! ! if( ctxSrc->symkey != NULL ) { ! if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { ! PK11_FreeSymKey( ctxDst->symkey ) ; ! ctxDst->symkey = NULL ; ! } ! ! if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) ! ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; ! } else { ! if( ctxDst->symkey != NULL ) { ! PK11_FreeSymKey( ctxDst->symkey ) ; ! ctxDst->symkey = NULL ; ! } ! } ! ! return(0); } static void xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { + xmlSecNssSymKeyDataCtxPtr ctx; + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); ! ! ctx = xmlSecNssSymKeyDataGetCtx(data); ! xmlSecAssert(ctx != NULL); ! ! if( ctx->slot != NULL ) { ! PK11_FreeSlot( ctx->slot ) ; ! ctx->slot = NULL ; ! } ! ! if( ctx->symkey != NULL ) { ! PK11_FreeSymKey( ctx->symkey ) ; ! ctx->symkey = NULL ; ! } ! ! ctx->cipher = CKM_INVALID_MECHANISM ; } static int xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { ! PK11SymKey* symKey ; ! PK11SlotInfo* slot ; ! xmlSecBufferPtr keyBuf; ! xmlSecSize len; ! xmlSecKeyDataPtr data; ! xmlSecNssSymKeyDataCtxPtr ctx; ! SECItem keyItem ; ! int ret; ! ! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); ! xmlSecAssert2(key != NULL, -1); ! xmlSecAssert2(node != NULL, -1); ! xmlSecAssert2(keyInfoCtx != NULL, -1); ! ! /* Create a new KeyData from a id */ ! data = xmlSecKeyDataCreate(id); ! if(data == NULL ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! ctx = xmlSecNssSymKeyDataGetCtx(data); ! xmlSecAssert2(ctx != NULL, -1); ! ! /* Create a buffer for raw symmetric key value */ ! if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! /* Read the raw key value */ ! if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecBufferDestroy( keyBuf ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! /* Get slot */ ! slot = xmlSecNssSlotGet(ctx->cipher); ! if( slot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssSlotGet" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecBufferDestroy( keyBuf ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! /* Wrap the raw key value SECItem */ ! keyItem.type = siBuffer ; ! keyItem.data = xmlSecBufferGetData( keyBuf ) ; ! keyItem.len = xmlSecBufferGetSize( keyBuf ) ; ! ! /* Import the raw key into slot temporalily and get the key handler*/ ! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; ! if( symKey == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "PK11_ImportSymKey" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! PK11_FreeSlot( slot ) ; ! xmlSecBufferDestroy( keyBuf ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! PK11_FreeSlot( slot ) ; ! ! /* raw key material has been copied into symKey, it isn't used any more */ ! xmlSecBufferDestroy( keyBuf ) ; ! /* Adopt the symmetric key into key data */ ! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyDataBinaryValueSetBuffer", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! PK11_FreeSymKey( symKey ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1); ! } ! /* symKey has been duplicated into data, it isn't used any more */ ! PK11_FreeSymKey( symKey ) ; ! ! /* Check value */ ! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyReqMatchKeyValue", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy( data ) ; ! return(0); ! } ! ! ret = xmlSecKeySetValue(key, data); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeySetValue", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy( data ) ; ! return(-1); ! } ! ! return(0); } static int xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { ! PK11SymKey* symKey ; ! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + /* Get symmetric key from "key" */ + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); + if( symKey != NULL ) { + SECItem* keyItem ; + xmlSecBufferPtr keyBuf ; + + /* Extract raw key data from symmetric key */ + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_ExtractKeyValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + /* Get raw key data from "symKey" */ + keyItem = PK11_GetKeyData( symKey ) ; + if(keyItem == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_GetKeyData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + /* Create key data buffer with raw kwy material */ + keyBuf = xmlSecBufferCreate(keyItem->len) ; + if(keyBuf == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; + + /* Write raw key material into current xml node */ + if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferBase64NodeContentWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBufferDestroy(keyBuf); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + xmlSecBufferDestroy(keyBuf); + PK11_FreeSymKey( symKey ) ; + } ! return 0 ; } static int xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ! const xmlSecByte* buf, xmlSecSize bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx) { ! PK11SymKey* symKey ; ! PK11SlotInfo* slot ; ! xmlSecKeyDataPtr data; ! xmlSecNssSymKeyDataCtxPtr ctx; ! SECItem keyItem ; ! int ret; ! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); ! xmlSecAssert2(key != NULL, -1); ! xmlSecAssert2(buf != NULL, -1); ! xmlSecAssert2(bufSize != 0, -1); ! xmlSecAssert2(keyInfoCtx != NULL, -1); ! ! /* Create a new KeyData from a id */ ! data = xmlSecKeyDataCreate(id); ! if(data == NULL ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! ctx = xmlSecNssSymKeyDataGetCtx(data); ! xmlSecAssert2(ctx != NULL, -1); ! ! /* Get slot */ ! slot = xmlSecNssSlotGet(ctx->cipher); ! if( slot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssSlotGet" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! /* Wrap the raw key value SECItem */ ! keyItem.type = siBuffer ; ! keyItem.data = buf ; ! keyItem.len = bufSize ; ! ! /* Import the raw key into slot temporalily and get the key handler*/ ! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; ! if( symKey == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "PK11_ImportSymKey" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSlot( slot ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! /* Adopt the symmetric key into key data */ ! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyDataBinaryValueSetBuffer", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! PK11_FreeSlot( slot ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1); ! } ! /* symKey has been duplicated into data, it isn't used any more */ ! PK11_FreeSymKey( symKey ) ; ! PK11_FreeSlot( slot ) ; ! ! /* Check value */ ! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyReqMatchKeyValue", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy( data ) ; ! return(0); ! } ! ! ret = xmlSecKeySetValue(key, data); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeySetValue", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy( data ) ; ! return(-1); ! } ! ! return(0); } static int xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlSecByte** buf, xmlSecSize* bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx) { ! PK11SymKey* symKey ; ! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(buf != NULL, -1); + xmlSecAssert2(bufSize != 0, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + /* Get symmetric key from "key" */ + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); + if( symKey != NULL ) { + SECItem* keyItem ; + + /* Extract raw key data from symmetric key */ + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_ExtractKeyValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + /* Get raw key data from "symKey" */ + keyItem = PK11_GetKeyData( symKey ) ; + if(keyItem == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_GetKeyData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + *bufSize = keyItem->len; + *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); + if( *buf == NULL ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + NULL, + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + memcpy((*buf), keyItem->data, (*bufSize)); + PK11_FreeSymKey( symKey ) ; + } ! return 0 ; } static int xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { ! PK11SymKey* symkey ; ! PK11SlotInfo* slot ; ! xmlSecNssSymKeyDataCtxPtr ctx; ! int ret; ! xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); xmlSecAssert2(sizeBits > 0, -1); ! ctx = xmlSecNssSymKeyDataGetCtx(data); ! xmlSecAssert2(ctx != NULL, -1); ! ! if( sizeBits % 8 != 0 ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! NULL, ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "Symmetric key size must be octuple"); ! return(-1); ! } ! ! /* Get slot */ ! slot = xmlSecNssSlotGet(ctx->cipher); ! if( slot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! "xmlSecNssSlotGet" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! ! if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ! "PK11_Authenticate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSlot( slot ) ; ! return -1 ; ! } ! ! symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; ! if( symkey == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ! "PK11_KeyGen" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSlot( slot ) ; ! return -1 ; ! } ! ! if( ctx->slot != NULL ) { ! PK11_FreeSlot( ctx->slot ) ; ! ctx->slot = NULL ; ! } ! ctx->slot = slot ; ! ! if( ctx->symkey != NULL ) { ! PK11_FreeSymKey( ctx->symkey ) ; ! ctx->symkey = NULL ; ! } ! ctx->symkey = symkey ; ! ! return 0 ; } static xmlSecKeyDataType xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { ! xmlSecNssSymKeyDataCtxPtr context = NULL ; ! xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; ! context = xmlSecNssSymKeyDataGetCtx( data ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ! "xmlSecNssSymKeyDataGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return xmlSecKeyDataTypeUnknown ; ! } ! ! if( context->symkey != NULL ) { ! type |= xmlSecKeyDataTypeSymmetric ; ! } else { ! type |= xmlSecKeyDataTypeUnknown ; ! } ! return type ; } static xmlSecSize xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { + xmlSecNssSymKeyDataCtxPtr context ; + unsigned int length = 0 ; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); ! xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; ! ! context = xmlSecNssSymKeyDataGetCtx( data ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ! "xmlSecNssSymKeyDataGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return 0 ; ! } ! ! if( context->symkey != NULL ) { ! length = PK11_GetKeyLength( context->symkey ) ; ! length *= 8 ; ! } ! ! return length ; } static void xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! /* print only size, everything else is sensitive */ ! fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , ! xmlSecKeyDataGetSize(data)) ; } static void xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! /* print only size, everything else is sensitive */ ! fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , ! xmlSecKeyDataGetSize(data)) ; } static int xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { #ifndef XMLSEC_NO_DES if(klass == xmlSecNssKeyDataDesId) { ! return(1); } #endif /* XMLSEC_NO_DES */ #ifndef XMLSEC_NO_AES if(klass == xmlSecNssKeyDataAesId) { ! return(1); } #endif /* XMLSEC_NO_AES */ #ifndef XMLSEC_NO_HMAC if(klass == xmlSecNssKeyDataHmacId) { ! return(1); } #endif /* XMLSEC_NO_HMAC */ *************** *** 199,240 **** * processing * *************************************************************************/ static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { sizeof(xmlSecKeyDataKlass), ! xmlSecKeyDataBinarySize, /* data */ xmlSecNameAESKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefAESKeyValue, /* const xmlChar* href; */ ! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** --- 858,903 ---- * processing * *************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { + #else static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { + #endif sizeof(xmlSecKeyDataKlass), ! xmlSecNssSymKeyDataSize, /* data */ xmlSecNameAESKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefAESKeyValue, /* const xmlChar* href; */ ! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** *************** *** 251,259 **** /** * xmlSecNssKeyDataAesSet: ! * @data: the pointer to AES key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of AES key data. * --- 914,922 ---- /** * xmlSecNssKeyDataAesSet: ! * @data: the pointer to AES key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of AES key data. * *************** *** 280,321 **** * processing * *************************************************************************/ static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { sizeof(xmlSecKeyDataKlass), ! xmlSecKeyDataBinarySize, /* data */ xmlSecNameDESKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefDESKeyValue, /* const xmlChar* href; */ ! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** --- 943,988 ---- * processing * *************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { + #else static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { + #endif sizeof(xmlSecKeyDataKlass), ! xmlSecNssSymKeyDataSize, /* data */ xmlSecNameDESKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefDESKeyValue, /* const xmlChar* href; */ ! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** *************** *** 332,340 **** /** * xmlSecNssKeyDataDesSet: ! * @data: the pointer to DES key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of DES key data. * --- 999,1007 ---- /** * xmlSecNssKeyDataDesSet: ! * @data: the pointer to DES key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of DES key data. * *************** *** 362,403 **** * processing * *************************************************************************/ static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { sizeof(xmlSecKeyDataKlass), ! xmlSecKeyDataBinarySize, /* data */ xmlSecNameHMACKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ ! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** --- 1029,1074 ---- * processing * *************************************************************************/ + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { + #else static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { + #endif sizeof(xmlSecKeyDataKlass), ! xmlSecNssSymKeyDataSize, /* data */ xmlSecNameHMACKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ ! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** *************** *** 414,422 **** /** * xmlSecNssKeyDataHmacSet: ! * @data: the pointer to HMAC key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of HMAC key data. * --- 1085,1093 ---- /** * xmlSecNssKeyDataHmacSet: ! * @data: the pointer to HMAC key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of HMAC key data. * *** misc/xmlsec1-1.2.6/src/nss/tokens.c Fri May 11 14:47:47 2007 --- misc/build/xmlsec1-1.2.6/src/nss/tokens.c Fri May 11 14:47:20 2007 *************** *** 1 **** ! dummy --- 1,548 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright.................................. ! * ! * Contributor(s): _____________________________ ! * ! */ ! ! /** ! * In order to ensure that particular crypto operation is performed on ! * particular crypto device, a subclass of xmlSecList is used to store slot and ! * mechanism information. ! * ! * In the list, a slot is bound with a mechanism. If the mechanism is available, ! * this mechanism only can perform on the slot; otherwise, it can perform on ! * every eligibl slot in the list. ! * ! * When try to find a slot for a particular mechanism, the slot bound with ! * avaliable mechanism will be looked up firstly. ! */ ! #include "globals.h" ! #include ! ! #include ! #include ! #include ! ! #include ! ! int ! xmlSecNssKeySlotSetMechList( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE_PTR mechanismList ! ) { ! int counter ; ! ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! ! if( keySlot->mechanismList != CK_NULL_PTR ) { ! xmlFree( keySlot->mechanismList ) ; ! ! for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ! keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ! if( keySlot->mechanismList == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ); ! } ! for( ; counter >= 0 ; counter -- ) ! *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; ! } ! ! return( 0 ); ! } ! ! int ! xmlSecNssKeySlotEnableMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE mechanism ! ) { ! int counter ; ! CK_MECHANISM_TYPE_PTR newList ; ! ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! ! if( mechanism != CKM_INVALID_MECHANISM ) { ! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ! newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ! if( newList == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ); ! } ! *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; ! *( newList + counter ) = mechanism ; ! for( counter -= 1 ; counter >= 0 ; counter -- ) ! *( newList + counter ) = *( keySlot->mechanismList + counter ) ; ! ! xmlFree( keySlot->mechanismList ) ; ! keySlot->mechanismList = newList ; ! } ! ! return(0); ! } ! ! int ! xmlSecNssKeySlotDisableMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE mechanism ! ) { ! int counter ; ! ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! ! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ! if( *( keySlot->mechanismList + counter ) == mechanism ) { ! for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ! *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; ! } ! ! break ; ! } ! } ! ! return(0); ! } ! ! CK_MECHANISM_TYPE_PTR ! xmlSecNssKeySlotGetMechList( ! xmlSecNssKeySlotPtr keySlot ! ) { ! if( keySlot != NULL ) ! return keySlot->mechanismList ; ! else ! return NULL ; ! } ! ! int ! xmlSecNssKeySlotSetSlot( ! xmlSecNssKeySlotPtr keySlot , ! PK11SlotInfo* slot ! ) { ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! ! if( slot != NULL && keySlot->slot != slot ) { ! if( keySlot->slot != NULL ) ! PK11_FreeSlot( keySlot->slot ) ; ! ! if( keySlot->mechanismList != NULL ) { ! xmlFree( keySlot->mechanismList ) ; ! keySlot->mechanismList = NULL ; ! } ! ! keySlot->slot = PK11_ReferenceSlot( slot ) ; ! } ! ! return(0); ! } ! ! int ! xmlSecNssKeySlotInitialize( ! xmlSecNssKeySlotPtr keySlot , ! PK11SlotInfo* slot ! ) { ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! xmlSecAssert2( keySlot->slot == NULL , -1 ) ; ! xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; ! ! if( slot != NULL ) { ! keySlot->slot = PK11_ReferenceSlot( slot ) ; ! } ! ! return(0); ! } ! ! void ! xmlSecNssKeySlotFinalize( ! xmlSecNssKeySlotPtr keySlot ! ) { ! xmlSecAssert( keySlot != NULL ) ; ! ! if( keySlot->mechanismList != NULL ) { ! xmlFree( keySlot->mechanismList ) ; ! keySlot->mechanismList = NULL ; ! } ! ! if( keySlot->slot != NULL ) { ! PK11_FreeSlot( keySlot->slot ) ; ! keySlot->slot = NULL ; ! } ! ! } ! ! PK11SlotInfo* ! xmlSecNssKeySlotGetSlot( ! xmlSecNssKeySlotPtr keySlot ! ) { ! if( keySlot != NULL ) ! return keySlot->slot ; ! else ! return NULL ; ! } ! ! xmlSecNssKeySlotPtr ! xmlSecNssKeySlotCreate() { ! xmlSecNssKeySlotPtr keySlot ; ! ! /* Allocates a new xmlSecNssKeySlot and fill the fields */ ! keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; ! if( keySlot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( NULL ); ! } ! memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; ! ! return( keySlot ) ; ! } ! ! int ! xmlSecNssKeySlotCopy( ! xmlSecNssKeySlotPtr newKeySlot , ! xmlSecNssKeySlotPtr keySlot ! ) { ! CK_MECHANISM_TYPE_PTR mech ; ! int counter ; ! ! xmlSecAssert2( newKeySlot != NULL , -1 ) ; ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! ! if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { ! if( newKeySlot->slot != NULL ) ! PK11_FreeSlot( newKeySlot->slot ) ; ! ! newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; ! } ! ! if( keySlot->mechanismList != CK_NULL_PTR ) { ! xmlFree( newKeySlot->mechanismList ) ; ! ! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ! newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ! if( newKeySlot->mechanismList == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ); ! } ! for( ; counter >= 0 ; counter -- ) ! *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; ! } ! ! return( 0 ); ! } ! ! xmlSecNssKeySlotPtr ! xmlSecNssKeySlotDuplicate( ! xmlSecNssKeySlotPtr keySlot ! ) { ! xmlSecNssKeySlotPtr newKeySlot ; ! int ret ; ! ! xmlSecAssert2( keySlot != NULL , NULL ) ; ! ! newKeySlot = xmlSecNssKeySlotCreate() ; ! if( newKeySlot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( NULL ); ! } ! ! if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( NULL ); ! } ! ! return( newKeySlot ); ! } ! ! void ! xmlSecNssKeySlotDestroy( ! xmlSecNssKeySlotPtr keySlot ! ) { ! xmlSecAssert( keySlot != NULL ) ; ! ! if( keySlot->mechanismList != NULL ) ! xmlFree( keySlot->mechanismList ) ; ! ! if( keySlot->slot != NULL ) ! PK11_FreeSlot( keySlot->slot ) ; ! ! xmlFree( keySlot ) ; ! } ! ! int ! xmlSecNssKeySlotBindMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE type ! ) { ! int counter ; ! ! xmlSecAssert2( keySlot != NULL , 0 ) ; ! xmlSecAssert2( keySlot->slot != NULL , 0 ) ; ! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; ! ! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ! if( *( keySlot->mechanismList + counter ) == type ) ! return(1) ; ! } ! ! return( 0 ) ; ! } ! ! int ! xmlSecNssKeySlotSupportMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE type ! ) { ! xmlSecAssert2( keySlot != NULL , 0 ) ; ! xmlSecAssert2( keySlot->slot != NULL , 0 ) ; ! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; ! ! if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { ! return(1); ! } else ! return(0); ! } ! ! void ! xmlSecNssKeySlotDebugDump( ! xmlSecNssKeySlotPtr keySlot , ! FILE* output ! ) { ! xmlSecAssert( keySlot != NULL ) ; ! xmlSecAssert( output != NULL ) ; ! ! fprintf( output, "== KEY SLOT\n" ); ! } ! ! void ! xmlSecNssKeySlotDebugXmlDump( ! xmlSecNssKeySlotPtr keySlot , ! FILE* output ! ) { ! } ! ! /** ! * Key Slot List ! */ ! #ifdef __MINGW32__ // for runtime-pseudo-reloc ! static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { ! #else ! static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { ! #endif ! BAD_CAST "mechanism-list", ! (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, ! (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, ! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, ! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, ! }; ! ! xmlSecPtrListId ! xmlSecNssKeySlotListGetKlass(void) { ! return(&xmlSecNssKeySlotPtrListKlass); ! } ! ! ! /*- ! * Global PKCS#11 crypto token repository -- Key slot list ! */ ! static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; ! ! PK11SlotInfo* ! xmlSecNssSlotGet( ! CK_MECHANISM_TYPE type ! ) { ! PK11SlotInfo* slot = NULL ; ! xmlSecNssKeySlotPtr keySlot ; ! xmlSecSize ksSize ; ! xmlSecSize ksPos ; ! char flag ; ! ! if( _xmlSecNssKeySlotList == NULL ) { ! slot = PK11_GetBestSlot( type , NULL ) ; ! } else { ! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; ! ! /*- ! * Firstly, checking whether the mechanism is bound with a special slot. ! * If no bound slot, we try to find the first eligible slot in the list. ! */ ! for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { ! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; ! if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { ! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ! flag = 2 ; ! } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { ! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ! flag = 1 ; ! } ! ! if( flag == 2 ) ! break ; ! } ! if( slot != NULL ) ! slot = PK11_ReferenceSlot( slot ) ; ! } ! ! if( slot != NULL && PK11_NeedLogin( slot ) ) { ! if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSlot( slot ) ; ! return( NULL ); ! } ! } ! ! return slot ; ! } ! ! int ! xmlSecNssSlotInitialize( ! void ! ) { ! if( _xmlSecNssKeySlotList != NULL ) { ! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; ! _xmlSecNssKeySlotList = NULL ; ! } ! ! _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; ! if( _xmlSecNssKeySlotList == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ); ! } ! ! return(0); ! } ! ! void ! xmlSecNssSlotShutdown( ! void ! ) { ! if( _xmlSecNssKeySlotList != NULL ) { ! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; ! _xmlSecNssKeySlotList = NULL ; ! } ! } ! ! int ! xmlSecNssSlotAdopt( ! PK11SlotInfo* slot, ! CK_MECHANISM_TYPE type ! ) { ! xmlSecNssKeySlotPtr keySlot ; ! xmlSecSize ksSize ; ! xmlSecSize ksPos ; ! char flag ; ! ! xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; ! xmlSecAssert2( slot != NULL, -1 ) ; ! ! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; ! ! /*- ! * Firstly, checking whether the slot is in the repository already. ! */ ! flag = 0 ; ! for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { ! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; ! /* If find the slot in the list */ ! if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { ! /* If mechnism type is valid, bind the slot with the mechanism */ ! if( type != CKM_INVALID_MECHANISM ) { ! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! } ! ! flag = 1 ; ! } ! } ! ! /* If the slot do not in the list, add a new item to the list */ ! if( flag == 0 ) { ! /* Create a new KeySlot */ ! keySlot = xmlSecNssKeySlotCreate() ; ! if( keySlot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* Initialize the keySlot with a slot */ ! if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecNssKeySlotDestroy( keySlot ) ; ! return(-1); ! } ! ! /* If mechnism type is valid, bind the slot with the mechanism */ ! if( type != CKM_INVALID_MECHANISM ) { ! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecNssKeySlotDestroy( keySlot ) ; ! return(-1); ! } ! } ! ! /* Add keySlot into the list */ ! if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecNssKeySlotDestroy( keySlot ) ; ! return(-1); ! } ! } ! ! return(0); ! } ! *** misc/xmlsec1-1.2.6/src/nss/x509.c Fri Sep 26 05:53:09 2003 --- misc/build/xmlsec1-1.2.6/src/nss/x509.c Fri May 11 14:47:20 2007 *************** *** 34,40 **** #include #include #include - #include #include #include --- 34,39 ---- *************** *** 61,97 **** static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx); - static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf, xmlSecSize size); static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf); --- 60,80 ---- *************** *** 104,112 **** xmlSecKeyInfoCtxPtr keyInfoCtx); static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, int base64LineWrap); - static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); - static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); - static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, FILE* output); static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, --- 87,92 ---- *************** *** 254,260 **** --- 234,244 ---- + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { + #else static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { + #endif sizeof(xmlSecKeyDataKlass), xmlSecNssX509DataSize, *************** *** 378,384 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_NewCertList", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } --- 362,368 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_NewCertList", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } *************** *** 389,395 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_AddCertToListTail", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ctx->numCerts++; --- 373,379 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_AddCertToListTail", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } ctx->numCerts++; *************** *** 588,594 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 572,578 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 627,633 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "SEC_DupCrl", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 611,617 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "SEC_DupCrl", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 652,658 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); --- 636,642 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); *************** *** 752,782 **** xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; CERTCertificate* cert; CERTSignedCrl* crl; xmlSecSize size, pos; - int content = 0; - int ret; xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); ! content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); ! if (content < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecX509DataGetNodeContent", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "content=%d", content); ! return(-1); ! } else if(content == 0) { ! /* by default we are writing certificates and crls */ ! content = XMLSEC_X509DATA_DEFAULT; } - /* get x509 data */ data = xmlSecKeyGetData(key, id); if(data == NULL) { /* no x509 data in the key */ --- 736,757 ---- xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; + xmlNodePtr cur; + xmlChar* buf; CERTCertificate* cert; CERTSignedCrl* crl; xmlSecSize size, pos; xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); ! /* todo: flag in ctx remove all existing content */ ! if(0) { ! xmlNodeSetContent(node, NULL); } data = xmlSecKeyGetData(key, id); if(data == NULL) { /* no x509 data in the key */ *************** *** 795,874 **** "pos=%d", pos); return(-1); } ! ! if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { ! ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509CertificateNodeWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } } ! ! if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { ! ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509SubjectNameNodeWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } } ! if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { ! ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509IssuerSerialNodeWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } ! } ! if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { ! ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509SKINodeWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } ! } ! } ! /* write crls if needed */ ! if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { ! size = xmlSecNssKeyDataX509GetCrlsSize(data); ! for(pos = 0; pos < size; ++pos) { ! crl = xmlSecNssKeyDataX509GetCrl(data, pos); ! if(crl == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssKeyDataX509GetCrl", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } ! ! ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509CRLNodeWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } ! } } return(0); --- 770,844 ---- "pos=%d", pos); return(-1); } ! ! /* set base64 lines size from context */ ! buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); ! if(buf == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509CertBase64DerWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } ! ! cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); ! if(cur == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecAddChild", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); ! xmlFree(buf); ! return(-1); } + /* todo: add \n around base64 data - from context */ + /* todo: add errors check */ + xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, buf); + xmlFree(buf); + } ! /* write crls */ ! size = xmlSecNssKeyDataX509GetCrlsSize(data); ! for(pos = 0; pos < size; ++pos) { ! crl = xmlSecNssKeyDataX509GetCrl(data, pos); ! if(crl == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssKeyDataX509GetCrl", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } ! /* set base64 lines size from context */ ! buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); ! if(buf == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509CrlBase64DerWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); ! if(cur == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecAddChild", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "new_node=%s", ! xmlSecErrorsSafeString(xmlSecNodeX509CRL)); ! xmlFree(buf); ! return(-1); ! } ! /* todo: add \n around base64 data - from context */ ! /* todo: add errors check */ ! xmlNodeSetContent(cur, xmlSecStringCR); ! xmlNodeSetContent(cur, buf); } return(0); *************** *** 1015,1033 **** xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); ! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { ! if(content != NULL) { ! xmlFree(content); ! } ! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! return(0); } cert = xmlSecNssX509CertBase64DerRead(content); --- 985,997 ---- xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); ! if(content == NULL){ ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } cert = xmlSecNssX509CertBase64DerRead(content); *************** *** 1057,1102 **** return(0); } - static int - xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlChar* buf; - xmlNodePtr cur; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); - - /* set base64 lines size from context */ - buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); - xmlFree(buf); - return(-1); - } - - /* todo: add \n around base64 data - from context */ - /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); - xmlNodeSetContent(cur, buf); - xmlFree(buf); - return(0); - } - static int xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; --- 1021,1026 ---- *************** *** 1120,1138 **** } subject = xmlNodeGetContent(node); ! if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { ! if(subject != NULL) { ! xmlFree(subject); ! } ! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! return(0); } cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); --- 1044,1056 ---- } subject = xmlNodeGetContent(node); ! if(subject == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); *************** *** 1167,1206 **** return(0); } - static int - xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlChar* buf = NULL; - xmlNodePtr cur = NULL; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - buf = xmlSecNssX509NameWrite(&(cert->subject)); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->subject))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); - xmlFree(buf); - return(-1); - } - xmlNodeSetContent(cur, buf); - xmlFree(buf); - return(0); - } - static int xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; --- 1085,1090 ---- *************** *** 1226,1246 **** } cur = xmlSecGetNextElementNode(node->children); ! if(cur == NULL) { ! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), ! XMLSEC_ERRORS_R_NODE_NOT_FOUND, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); ! return(-1); ! } ! return(0); ! } ! /* the first is required node X509IssuerName */ ! if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), --- 1110,1118 ---- } cur = xmlSecGetNextElementNode(node->children); ! /* the first is required node X509IssuerName */ ! if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), *************** *** 1332,1409 **** return(0); } - static int - xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlNodePtr cur; - xmlNodePtr issuerNameNode; - xmlNodePtr issuerNumberNode; - xmlChar* buf; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); - return(-1); - } - - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); - if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); - return(-1); - } - - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); - if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); - return(-1); - } - - /* write data */ - buf = xmlSecNssX509NameWrite(&(cert->issuer)); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->issuer))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - xmlNodeSetContent(issuerNameNode, buf); - xmlFree(buf); - - buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - xmlNodeSetContent(issuerNumberNode, buf); - xmlFree(buf); - - return(0); - } - static int xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; --- 1204,1209 ---- *************** *** 1427,1446 **** } ski = xmlNodeGetContent(node); ! if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { ! if(ski != NULL) { ! xmlFree(ski); ! } ! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeX509SKI)); ! return(-1); ! } ! return(0); } cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); --- 1227,1240 ---- } ski = xmlNodeGetContent(node); ! if(ski == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeX509SKI)); ! return(-1); } cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); *************** *** 1475,1515 **** return(0); } - static int - xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlChar *buf = NULL; - xmlNodePtr cur = NULL; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - buf = xmlSecNssX509SKIWrite(cert); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509SKIWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); - xmlFree(buf); - return(-1); - } - xmlNodeSetContent(cur, buf); - xmlFree(buf); - - return(0); - } - static int xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlChar *content; --- 1269,1274 ---- *************** *** 1520,1538 **** xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); ! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { ! if(content != NULL) { ! xmlFree(content); ! } ! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! return(0); } crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); --- 1279,1291 ---- xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); ! if(content == NULL){ ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); *************** *** 1552,1598 **** } static int - xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlChar* buf = NULL; - xmlNodePtr cur = NULL; - - xmlSecAssert2(crl != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); - - /* set base64 lines size from context */ - buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); - xmlFree(buf); - return(-1); - } - /* todo: add \n around base64 data - from context */ - /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); - xmlNodeSetContent(cur, buf); - xmlFree(buf); - - return(0); - } - - - static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecNssX509DataCtxPtr ctx; --- 1305,1310 ---- *************** *** 1600,1605 **** --- 1312,1321 ---- int ret; SECStatus status; PRTime notBefore, notAfter; + + PK11SlotInfo* slot ; + SECKEYPublicKey *pubKey = NULL; + SECKEYPrivateKey *priKey = NULL; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); xmlSecAssert2(key != NULL, -1); *************** *** 1632,1641 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, --- 1348,1360 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } + /*- + * Get Public key from cert, which does not always work for sign action. + * keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 1645,1650 **** --- 1364,1417 ---- XMLSEC_ERRORS_NO_MESSAGE); return(-1); } + */ + + /*- + * I'll search key according to KeyReq. + */ + slot = cert->slot ; + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { + if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "PK11_FindPrivateKeyFromCert" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + } + + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { + if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "CERT_ExtractPublicKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + if( priKey != NULL ) + SECKEY_DestroyPrivateKey( priKey ) ; + return -1 ; + } + } + + keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); + if( keyValue == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "xmlSecNssPKIAdoptKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + if( priKey != NULL ) + SECKEY_DestroyPrivateKey( priKey ) ; + + if( pubKey != NULL ) + SECKEY_DestroyPublicKey( pubKey ) ; + + return -1 ; + } + /* Modify keyValue get Done */ /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { *************** *** 1725,1738 **** return(0); } - /** - * xmlSecNssX509CertGetKey: - * @cert: the certificate. - * - * Extracts public key from the @cert. - * - * Returns public key value or NULL if an error occurs. - */ xmlSecKeyDataPtr xmlSecNssX509CertGetKey(CERTCertificate* cert) { xmlSecKeyDataPtr data; --- 1492,1497 ---- *************** *** 1746,1752 **** NULL, "CERT_ExtractPublicKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } --- 1505,1511 ---- NULL, "CERT_ExtractPublicKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(NULL); } *************** *** 1804,1810 **** NULL, "__CERT_NewTempCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } --- 1563,1569 ---- NULL, "__CERT_NewTempCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(NULL); } *************** *** 1827,1833 **** NULL, "cert->derCert", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } --- 1586,1592 ---- NULL, "cert->derCert", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(NULL); } *************** *** 1890,1896 **** NULL, "PK11_GetInternalKeySlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return NULL; } --- 1649,1655 ---- NULL, "PK11_GetInternalKeySlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return NULL; } *************** *** 1905,1911 **** NULL, "PK11_ImportCRL", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); PK11_FreeSlot(slot); return(NULL); } --- 1664,1670 ---- NULL, "PK11_ImportCRL", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); PK11_FreeSlot(slot); return(NULL); } *************** *** 1929,1935 **** NULL, "crl->derCrl", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } --- 1688,1694 ---- NULL, "crl->derCrl", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(NULL); } *************** *** 1946,2031 **** return(res); } - static xmlChar* - xmlSecNssX509NameWrite(CERTName* nm) { - xmlChar *res = NULL; - char *str; - - xmlSecAssert2(nm != NULL, NULL); - - str = CERT_NameToAscii(nm); - if (str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_NameToAscii", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - - res = xmlStrdup(BAD_CAST str); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - PORT_Free(str); - return(NULL); - } - PORT_Free(str); - return(res); - } - - static xmlChar* - xmlSecNssASN1IntegerWrite(SECItem *num) { - xmlChar *res = NULL; - - xmlSecAssert2(num != NULL, NULL); - - /* TODO : to be implemented after - * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed - */ - return(res); - } - - static xmlChar* - xmlSecNssX509SKIWrite(CERTCertificate* cert) { - xmlChar *res = NULL; - SECItem ski; - SECStatus rv; - - xmlSecAssert2(cert != NULL, NULL); - - memset(&ski, 0, sizeof(ski)); - - rv = CERT_FindSubjectKeyIDExtension(cert, &ski); - if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_FindSubjectKeyIDExtension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - SECITEM_FreeItem(&ski, PR_FALSE); - return(NULL); - } - - res = xmlSecBase64Encode(ski.data, ski.len, 0); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - SECITEM_FreeItem(&ski, PR_FALSE); - return(NULL); - } - SECITEM_FreeItem(&ski, PR_FALSE); - - return(res); - } - - static void xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { SECItem *sn; --- 1705,1710 ---- *************** *** 2084,2090 **** --- 1763,1773 ---- xmlSecSize bufSize, xmlSecKeyInfoCtxPtr keyInfoCtx); + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { + #else static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { + #endif sizeof(xmlSecKeyDataKlass), sizeof(xmlSecKeyData), *** misc/xmlsec1-1.2.6/src/nss/x509vfy.c Fri Sep 26 02:58:15 2003 --- misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c Fri May 11 14:47:20 2007 *************** *** 30,35 **** --- 30,36 ---- #include #include #include + #include #include #include *************** *** 43,50 **** typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, *xmlSecNssX509StoreCtxPtr; struct _xmlSecNssX509StoreCtx { ! CERTCertList* certsList; /* just keeping a reference to destroy later */ ! }; /**************************************************************************** * --- 44,51 ---- typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, *xmlSecNssX509StoreCtxPtr; struct _xmlSecNssX509StoreCtx { ! CERTCertList* certsList; /* just keeping a reference to destroy later */ ! }; /**************************************************************************** * *************** *** 54,98 **** * ***************************************************************************/ #define xmlSecNssX509StoreGetCtx(store) \ ! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ ! sizeof(xmlSecKeyDataStoreKlass))) #define xmlSecNssX509StoreSize \ ! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); - static int xmlSecNssX509NameStringRead (xmlSecByte **str, - int *strLen, - xmlSecByte *res, - int resLen, - xmlSecByte delim, - int ingoreTrailingSpaces); - static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, - int len); - - static void xmlSecNssNumToItem(SECItem *it, unsigned long num); static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { ! sizeof(xmlSecKeyDataStoreKlass), ! xmlSecNssX509StoreSize, ! ! /* data */ ! xmlSecNameX509Store, /* const xmlChar* name; */ ! ! /* constructors/destructor */ ! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ ! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ ! ! /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, ! xmlChar *issuerName, ! xmlChar *issuerSerial, ! xmlChar *ski); /** --- 55,94 ---- * ***************************************************************************/ #define xmlSecNssX509StoreGetCtx(store) \ ! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ ! sizeof(xmlSecKeyDataStoreKlass))) #define xmlSecNssX509StoreSize \ ! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); + static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; + #ifdef __MINGW32__ // for runtime-pseudo-reloc + static struct _xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { + #else static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { ! #endif ! sizeof(xmlSecKeyDataStoreKlass), ! xmlSecNssX509StoreSize, ! ! /* data */ ! xmlSecNameX509Store, /* const xmlChar* name; */ ! ! /* constructors/destructor */ ! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ ! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ ! ! /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, ! xmlChar *issuerName, ! xmlChar *issuerSerial, ! xmlChar *ski); /** *************** *** 104,110 **** */ xmlSecKeyDataStoreId xmlSecNssX509StoreGetKlass(void) { ! return(&xmlSecNssX509StoreKlass); } /** --- 100,106 ---- */ xmlSecKeyDataStoreId xmlSecNssX509StoreGetKlass(void) { ! return(&xmlSecNssX509StoreKlass); } /** *************** *** 125,139 **** xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, xmlChar *issuerName, xmlChar *issuerSerial, xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { ! xmlSecNssX509StoreCtxPtr ctx; ! ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); ! xmlSecAssert2(keyInfoCtx != NULL, NULL); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, NULL); ! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); } /** --- 121,135 ---- xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, xmlChar *issuerName, xmlChar *issuerSerial, xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { ! xmlSecNssX509StoreCtxPtr ctx; ! ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); ! xmlSecAssert2(keyInfoCtx != NULL, NULL); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, NULL); ! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); } /** *************** *** 148,263 **** */ CERTCertificate * xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, ! xmlSecKeyInfoCtx* keyInfoCtx) { ! xmlSecNssX509StoreCtxPtr ctx; ! CERTCertListNode* head; ! CERTCertificate* cert = NULL; ! CERTCertListNode* head1; ! CERTCertificate* cert1 = NULL; ! SECStatus status = SECFailure; ! int64 timeboundary; ! int64 tmp1, tmp2; ! ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); ! xmlSecAssert2(certs != NULL, NULL); ! xmlSecAssert2(keyInfoCtx != NULL, NULL); ! ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, NULL); ! ! for (head = CERT_LIST_HEAD(certs); ! !CERT_LIST_END(head, certs); ! head = CERT_LIST_NEXT(head)) { ! cert = head->cert; if(keyInfoCtx->certsVerificationTime > 0) { ! /* convert the time since epoch in seconds to microseconds */ ! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); ! tmp1 = (int64)PR_USEC_PER_SEC; ! tmp2 = timeboundary; ! LL_MUL(timeboundary, tmp1, tmp2); } else { ! timeboundary = PR_Now(); } /* if cert is the issuer of any other cert in the list, then it is * to be skipped */ for (head1 = CERT_LIST_HEAD(certs); ! !CERT_LIST_END(head1, certs); ! head1 = CERT_LIST_NEXT(head1)) { ! cert1 = head1->cert; ! if (cert1 == cert) { continue; ! } ! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) ! == SECEqual) { break; ! } } if (!CERT_LIST_END(head1, certs)) { ! continue; } ! ! status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), ! cert, PR_FALSE, ! (SECCertificateUsage)0, ! timeboundary , NULL, NULL, NULL); ! if (status == SECSuccess) { ! break; } - } ! if (status == SECSuccess) { return (cert); ! } ! ! switch(PORT_GetError()) { case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: case SEC_ERROR_CA_CERT_INVALID: case SEC_ERROR_UNKNOWN_SIGNER: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, ! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", ! cert->subjectName); ! break; case SEC_ERROR_EXPIRED_CERTIFICATE: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, ! "cert with subject name %s has expired", ! cert->subjectName); ! break; case SEC_ERROR_REVOKED_CERTIFICATE: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_REVOKED, ! "cert with subject name %s has been revoked", ! cert->subjectName); ! break; default: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, ! "cert with subject name %s could not be verified", ! cert->subjectName); ! break; ! } ! return (NULL); } /** * xmlSecNssX509StoreAdoptCert: ! * @store: the pointer to X509 key data store klass. ! * @cert: the pointer to NSS X509 certificate. ! * @type: the certificate type (trusted/untrusted). * * Adds trusted (root) or untrusted certificate to the store. * --- 144,273 ---- */ CERTCertificate * xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, ! xmlSecKeyInfoCtx* keyInfoCtx) { ! xmlSecNssX509StoreCtxPtr ctx; ! CERTCertListNode* head; ! CERTCertificate* cert = NULL; ! CERTCertListNode* head1; ! CERTCertificate* cert1 = NULL; ! SECStatus status = SECFailure; ! int64 timeboundary; ! int64 tmp1, tmp2; ! ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); ! xmlSecAssert2(certs != NULL, NULL); ! xmlSecAssert2(keyInfoCtx != NULL, NULL); ! ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, NULL); ! ! for (head = CERT_LIST_HEAD(certs); ! !CERT_LIST_END(head, certs); ! head = CERT_LIST_NEXT(head)) { ! cert = head->cert; if(keyInfoCtx->certsVerificationTime > 0) { ! /* convert the time since epoch in seconds to microseconds */ ! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); ! tmp1 = (int64)PR_USEC_PER_SEC; ! tmp2 = timeboundary; ! LL_MUL(timeboundary, tmp1, tmp2); } else { ! timeboundary = PR_Now(); } /* if cert is the issuer of any other cert in the list, then it is * to be skipped */ for (head1 = CERT_LIST_HEAD(certs); ! !CERT_LIST_END(head1, certs); ! head1 = CERT_LIST_NEXT(head1)) { ! cert1 = head1->cert; ! if (cert1 == cert) { continue; ! } ! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) ! == SECEqual) { break; ! } } if (!CERT_LIST_END(head1, certs)) { ! continue; } ! /* JL: OpenOffice.org implements its own certificate verification routine. ! The goal is to seperate validation of the signature ! and the certificate. For example, OOo could show that the document signature is valid, ! but the certificate could not be verified. If we do not prevent the verification of ! the certificate by libxmlsec and the verification fails, then the XML signature may not be ! verified. This would happen, for example, if the root certificate is not installed. ! ! In the store schould only be the certificate from the X509Certificate element ! and the X509IssuerSerial element. The latter is only there ! if the certificate is installed. Both certificates must be the same! ! In case of writing the signature, the store contains only the certificate that ! was created based on the information from the X509IssuerSerial element. */ ! status = SECSuccess; ! break; ! /* status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), ! cert, PR_FALSE, ! (SECCertificateUsage)0, ! timeboundary , NULL, NULL, NULL); ! if (status == SECSuccess) { ! break; ! } */ } ! if (status == SECSuccess) { return (cert); ! } ! ! switch(PORT_GetError()) { case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: case SEC_ERROR_CA_CERT_INVALID: case SEC_ERROR_UNKNOWN_SIGNER: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, ! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", ! cert->subjectName); ! break; case SEC_ERROR_EXPIRED_CERTIFICATE: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, ! "cert with subject name %s has expired", ! cert->subjectName); ! break; case SEC_ERROR_REVOKED_CERTIFICATE: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_REVOKED, ! "cert with subject name %s has been revoked", ! cert->subjectName); ! break; default: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, ! "cert with subject name %s could not be verified, errcode %d", ! cert->subjectName, ! PORT_GetError()); ! break; ! } ! return (NULL); } /** * xmlSecNssX509StoreAdoptCert: ! * @store: the pointer to X509 key data store klass. ! * @cert: the pointer to NSS X509 certificate. ! * @type: the certificate type (trusted/untrusted). * * Adds trusted (root) or untrusted certificate to the store. * *************** *** 265,331 **** */ int xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { ! xmlSecNssX509StoreCtxPtr ctx; ! int ret; ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); ! xmlSecAssert2(cert != NULL, -1); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, -1); ! if(ctx->certsList == NULL) { ! ctx->certsList = CERT_NewCertList(); ! if(ctx->certsList == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CERT_NewCertList", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } ! ! ret = CERT_AddCertToListTail(ctx->certsList, cert); ! if(ret != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CERT_AddCertToListTail", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! return(0); } static int xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { ! xmlSecNssX509StoreCtxPtr ctx; ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, -1); ! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); ! return(0); } static void xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { ! xmlSecNssX509StoreCtxPtr ctx; ! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert(ctx != NULL); ! ! if (ctx->certsList) { CERT_DestroyCertList(ctx->certsList); ctx->certsList = NULL; ! } ! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); } --- 275,341 ---- */ int xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { ! xmlSecNssX509StoreCtxPtr ctx; ! int ret; ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); ! xmlSecAssert2(cert != NULL, -1); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, -1); ! if(ctx->certsList == NULL) { ! ctx->certsList = CERT_NewCertList(); ! if(ctx->certsList == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CERT_NewCertList", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! return(-1); ! } ! } ! ret = CERT_AddCertToListTail(ctx->certsList, cert); ! if(ret != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CERT_AddCertToListTail", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! return(-1); ! } ! ! return(0); } static int xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { ! xmlSecNssX509StoreCtxPtr ctx; ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, -1); ! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); ! return(0); } static void xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { ! xmlSecNssX509StoreCtxPtr ctx; ! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert(ctx != NULL); ! ! if (ctx->certsList) { CERT_DestroyCertList(ctx->certsList); ctx->certsList = NULL; ! } ! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); } *************** *** 340,715 **** */ static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, ! xmlChar *issuerSerial, xmlChar *ski) { ! CERTCertificate *cert = NULL; ! xmlChar *p = NULL; ! CERTName *name = NULL; ! SECItem *nameitem = NULL; ! PRArenaPool *arena = NULL; ! ! if (subjectName != NULL) { ! p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); ! if (p == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssX509NameRead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "subject=%s", ! xmlSecErrorsSafeString(subjectName)); ! goto done; ! } ! ! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); ! if (arena == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_NewArena", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! name = CERT_AsciiToName((char*)p); ! if (name == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CERT_AsciiToName", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, ! SEC_ASN1_GET(CERT_NameTemplate)); ! if (nameitem == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SEC_ASN1EncodeItem", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); ! goto done; ! } ! ! if((issuerName != NULL) && (issuerSerial != NULL)) { ! CERTIssuerAndSN issuerAndSN; ! ! p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); ! if (p == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssX509NameRead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "issuer=%s", ! xmlSecErrorsSafeString(issuerName)); ! goto done; ! } ! ! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); ! if (arena == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_NewArena", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! name = CERT_AsciiToName((char*)p); ! if (name == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CERT_AsciiToName", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, ! SEC_ASN1_GET(CERT_NameTemplate)); ! if (nameitem == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SEC_ASN1EncodeItem", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! memset(&issuerAndSN, 0, sizeof(issuerAndSN)); ! issuerAndSN.derIssuer.data = nameitem->data; ! issuerAndSN.derIssuer.len = nameitem->len; ! /* TBD: serial num can be arbitrarily long */ ! xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); ! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), ! &issuerAndSN); ! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); ! goto done; ! } ! ! if(ski != NULL) { ! SECItem subjKeyID; ! int len; ! ! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); ! if(len < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBase64Decode", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "ski=%s", ! xmlSecErrorsSafeString(ski)); ! goto done; ! } ! ! memset(&subjKeyID, 0, sizeof(subjKeyID)); ! subjKeyID.data = ski; ! subjKeyID.len = xmlStrlen(ski); ! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), ! &subjKeyID); ! } ! done: ! if (p != NULL) { ! PORT_Free(p); ! } ! if (arena != NULL) { ! PORT_FreeArena(arena, PR_FALSE); ! } ! if (name != NULL) { ! CERT_DestroyName(name); ! } ! return(cert); ! } ! /** ! * xmlSecNssX509NameRead: ! */ ! static xmlSecByte * ! xmlSecNssX509NameRead(xmlSecByte *str, int len) { ! xmlSecByte name[256]; ! xmlSecByte value[256]; ! xmlSecByte *retval = NULL; ! xmlSecByte *p = NULL; ! int nameLen, valueLen; ! ! xmlSecAssert2(str != NULL, NULL); ! ! /* return string should be no longer than input string */ ! retval = (xmlSecByte *)PORT_Alloc(len+1); ! if(retval == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_Alloc", ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(NULL); ! } ! p = retval; ! ! while(len > 0) { ! /* skip spaces after comma or semicolon */ ! while((len > 0) && isspace(*str)) { ! ++str; --len; ! } ! ! nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); ! if(nameLen < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssX509NameStringRead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! memcpy(p, name, nameLen); ! p+=nameLen; ! *p++='='; ! if(len > 0) { ! ++str; --len; ! if((*str) == '\"') { ! valueLen = xmlSecNssX509NameStringRead(&str, &len, ! value, sizeof(value), '"', 1); ! if(valueLen < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "xmlSecNssX509NameStringRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! /* skip spaces before comma or semicolon */ ! while((len > 0) && isspace(*str)) { ! ++str; --len; } ! if((len > 0) && ((*str) != ',')) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "comma is expected"); ! goto done; ! } ! if(len > 0) { ! ++str; --len; } ! *p++='\"'; ! memcpy(p, value, valueLen); ! p+=valueLen; ! *p++='\"'; ! } else if((*str) == '#') { ! /* TODO: read octect values */ ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "reading octect values is not implemented yet"); ! goto done; ! } else { ! valueLen = xmlSecNssX509NameStringRead(&str, &len, ! value, sizeof(value), ',', 1); ! if(valueLen < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "xmlSecNssX509NameStringRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! memcpy(p, value, valueLen); ! p+=valueLen; ! if (len > 0) ! *p++=','; ! } ! } else { ! valueLen = 0; } ! if(len > 0) { ! ++str; --len; ! } ! } ! ! *p = 0; ! return(retval); ! done: ! PORT_Free(retval); ! return (NULL); } ! /** ! * xmlSecNssX509NameStringRead: ! */ ! static int ! xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, ! xmlSecByte *res, int resLen, ! xmlSecByte delim, int ingoreTrailingSpaces) { ! xmlSecByte *p, *q, *nonSpace; ! ! xmlSecAssert2(str != NULL, -1); ! xmlSecAssert2(strLen != NULL, -1); ! xmlSecAssert2(res != NULL, -1); ! ! p = (*str); ! nonSpace = q = res; ! while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { ! if((*p) != '\\') { ! if(ingoreTrailingSpaces && !isspace(*p)) { ! nonSpace = q; ! } ! *(q++) = *(p++); ! } else { ! ++p; ! nonSpace = q; ! if(xmlSecIsHex((*p))) { ! if((p - (*str) + 1) >= (*strLen)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "two hex digits expected"); ! return(-1); ! } ! *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); ! p += 2; ! } else { ! if(((++p) - (*str)) >= (*strLen)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "escaped symbol missed"); ! return(-1); ! } ! *(q++) = *(p++); ! } ! } ! } ! if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_SIZE, ! "buffer is too small"); ! return(-1); ! } ! (*strLen) -= (p - (*str)); ! (*str) = p; ! return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); ! } ! /* code lifted from NSS */ ! static void ! xmlSecNssNumToItem(SECItem *it, unsigned long ui) ! { ! unsigned char bb[5]; ! int len; ! ! bb[0] = 0; ! bb[1] = (unsigned char) (ui >> 24); ! bb[2] = (unsigned char) (ui >> 16); ! bb[3] = (unsigned char) (ui >> 8); ! bb[4] = (unsigned char) (ui); ! ! /* ! ** Small integers are encoded in a single byte. Larger integers ! ** require progressively more space. ! */ ! if (ui > 0x7f) { ! if (ui > 0x7fff) { ! if (ui > 0x7fffffL) { ! if (ui >= 0x80000000L) { ! len = 5; ! } else { ! len = 4; ! } ! } else { ! len = 3; ! } ! } else { ! len = 2; ! } ! } else { ! len = 1; ! } ! ! it->data = (unsigned char *)PORT_Alloc(len); ! if (it->data == NULL) { ! return; ! } ! it->len = len; ! PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); } - #endif /* XMLSEC_NO_X509 */ --- 350,562 ---- */ static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, ! xmlChar *issuerSerial, xmlChar *ski) { ! CERTCertificate *cert = NULL; ! CERTName *name = NULL; ! SECItem *nameitem = NULL; ! PRArenaPool *arena = NULL; ! ! if (subjectName != NULL) { ! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); ! if (arena == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_NewArena", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; ! } ! name = CERT_AsciiToName((char*)subjectName); ! if (name == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CERT_AsciiToName", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; ! } ! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, ! SEC_ASN1_GET(CERT_NameTemplate)); ! if (nameitem == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SEC_ASN1EncodeItem", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; ! } ! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); ! goto done; ! } ! if((issuerName != NULL) && (issuerSerial != NULL)) { ! CERTIssuerAndSN issuerAndSN; ! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); ! if (arena == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_NewArena", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; ! } ! name = CERT_AsciiToName((char*)issuerName); ! if (name == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "CERT_AsciiToName", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; } ! ! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, ! SEC_ASN1_GET(CERT_NameTemplate)); ! if (nameitem == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SEC_ASN1EncodeItem", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; } ! ! memset(&issuerAndSN, 0, sizeof(issuerAndSN)); ! ! issuerAndSN.derIssuer.data = nameitem->data; ! issuerAndSN.derIssuer.len = nameitem->len; ! ! if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "xmlSecNssIntegerToItem", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "serial number=%s", ! xmlSecErrorsSafeString(issuerSerial)); ! goto done; ! } ! ! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), ! &issuerAndSN); ! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); ! goto done; ! } ! ! if(ski != NULL) { ! SECItem subjKeyID; ! int len; ! ! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); ! if(len < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBase64Decode", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "ski=%s", ! xmlSecErrorsSafeString(ski)); ! goto done; ! } ! ! memset(&subjKeyID, 0, sizeof(subjKeyID)); ! subjKeyID.data = ski; ! subjKeyID.len = xmlStrlen(ski); ! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), ! &subjKeyID); } ! done: ! if (arena != NULL) { ! PORT_FreeArena(arena, PR_FALSE); ! } ! if (name != NULL) { ! CERT_DestroyName(name); ! } ! ! return(cert); } + static int + xmlSecNssIntegerToItem( + const xmlChar* integer , + SECItem *item + ) { + xmlSecBn bn ; + xmlSecSize i, length ; + const xmlSecByte* bnInteger ; + xmlSecAssert2( integer != NULL, -1 ) ; + xmlSecAssert2( item != NULL, -1 ) ; ! if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnInitialize", ! XMLSEC_ERRORS_R_INVALID_DATA, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnFromDecString", ! XMLSEC_ERRORS_R_INVALID_DATA, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecBnFinalize( &bn ) ; ! return -1 ; ! } ! ! length = xmlSecBnGetSize( &bn ) ; ! if( length <= 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnGetSize", ! XMLSEC_ERRORS_R_INVALID_DATA, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecBnFinalize( &bn ) ; ! return -1 ; ! } ! ! bnInteger = xmlSecBnGetData( &bn ) ; ! if( bnInteger == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnGetData", ! XMLSEC_ERRORS_R_INVALID_DATA, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBnFinalize( &bn ) ; ! return -1 ; ! } ! ! item->data = ( unsigned char * )PORT_Alloc( length ); ! if( item->data == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_Alloc", ! XMLSEC_ERRORS_R_INVALID_DATA, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecBnFinalize( &bn ) ; ! return -1 ; ! } ! ! item->len = length; ! ! for( i = 0 ; i < length ; i ++ ) ! item->data[i] = *( bnInteger + i ) ; ! ! xmlSecBnFinalize( &bn ) ; ! ! return 0 ; } + #endif /* XMLSEC_NO_X509 */ *** misc/xmlsec1-1.2.6/win32/Makefile.msvc Wed Jun 9 16:35:12 2004 --- misc/build/xmlsec1-1.2.6/win32/Makefile.msvc Fri May 11 14:47:20 2007 *************** *** 223,228 **** --- 223,232 ---- $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj XMLSEC_NSS_OBJS = \ + $(XMLSEC_NSS_INTDIR)\akmngr.obj\ + $(XMLSEC_NSS_INTDIR)\keytrans.obj\ + $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ + $(XMLSEC_NSS_INTDIR)\tokens.obj\ $(XMLSEC_NSS_INTDIR)\app.obj\ $(XMLSEC_NSS_INTDIR)\bignum.obj\ $(XMLSEC_NSS_INTDIR)\ciphers.obj \ *************** *** 235,243 **** $(XMLSEC_NSS_INTDIR)\x509.obj\ $(XMLSEC_NSS_INTDIR)\x509vfy.obj\ $(XMLSEC_NSS_INTDIR)\keysstore.obj\ - $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\ - $(XMLSEC_NSS_INTDIR)\kw_des.obj\ - $(XMLSEC_NSS_INTDIR)\kw_aes.obj\ $(XMLSEC_NSS_INTDIR)\strings.obj XMLSEC_NSS_OBJS_A = \ $(XMLSEC_NSS_INTDIR_A)\app.obj\ --- 239,244 ---- *************** *** 258,263 **** --- 259,265 ---- $(XMLSEC_NSS_INTDIR_A)\strings.obj XMLSEC_MSCRYPTO_OBJS = \ + $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ *************** *** 376,382 **** XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib ! XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib --- 378,384 ---- XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib ! XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib