--- misc/xmlsec1-1.2.6/apps/Makefile.in 2004-08-26 08:00:30.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/apps/Makefile.in 2008-06-29 23:44:19.000000000 +0200 @@ -370,7 +370,7 @@ $(CRYPTO_DEPS) \ $(NULL) -all: all-am +all: .SUFFIXES: .SUFFIXES: .c .lo .o .obj --- misc/xmlsec1-1.2.6/configure 2004-08-26 08:00:34.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/configure 2008-06-29 23:44:19.000000000 +0200 @@ -463,7 +463,7 @@ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION MSCRYPTO_CFLAGS MSCRYPTO_LIBS XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -1072,6 +1072,7 @@ --with-nss=PFX nss location --with-nspr=PFX nspr location (needed for NSS) --with-mozilla-ver=VER mozilla version (alt to --with-nss, --with-nspr) + --with-mscrypto try to use mscrypto --with-html-dir=PATH path to installed docs Some influential environment variables: @@ -2045,8 +2046,8 @@ ac_ext=c ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compile='$CC -c $ADDCFLAGS $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $ADDCFLAGS $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. @@ -2698,15 +2699,15 @@ CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then - CFLAGS="-g -O2" + CFLAGS="$ADDCFLAGS -g -O2" else - CFLAGS="-g" + CFLAGS="$ADDCFLAGS -g" fi else if test "$GCC" = yes; then - CFLAGS="-O2" + CFLAGS="$ADDCFLAGS -O2" else - CFLAGS= + CFLAGS="$ADDCFLAGS" fi fi echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 @@ -6350,11 +6351,11 @@ lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; - mingw* | pw32* | os2*) + pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' @@ -6409,7 +6410,7 @@ fi ;; - mingw* | pw32* | os2*) + pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' @@ -6752,7 +6753,7 @@ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then @@ -7778,7 +7779,7 @@ ;; freebsd*) - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` + objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` version_type=freebsd-$objformat case $version_type in freebsd-elf*) @@ -9046,7 +9047,7 @@ ;; esac output_verbose_link_cmd='echo' - archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring' + archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name @executable_path/$soname $verstring' module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' @@ -10088,7 +10089,7 @@ enable_shared_with_static_runtimes_CXX=yes if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then @@ -10816,10 +10817,10 @@ # like `-m68040'. lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' ;; - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; - mingw* | os2* | pw32*) + os2* | pw32*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_CXX='-DDLL_EXPORT' @@ -11497,7 +11498,7 @@ ;; freebsd*) - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` + objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` version_type=freebsd-$objformat case $version_type in freebsd-elf*) @@ -13259,11 +13260,11 @@ lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' ;; - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; - mingw* | pw32* | os2*) + pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_F77='-DDLL_EXPORT' @@ -13661,7 +13662,7 @@ export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' + archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then @@ -14667,7 +14668,7 @@ ;; freebsd*) - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` + objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` version_type=freebsd-$objformat case $version_type in freebsd-elf*) @@ -15607,11 +15608,11 @@ lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' ;; - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; - mingw* | pw32* | os2*) + pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' @@ -15666,7 +15667,7 @@ fi ;; - mingw* | pw32* | os2*) + pw32* | os2*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' @@ -16009,7 +16010,7 @@ export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib' + archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then @@ -17035,7 +17036,7 @@ ;; freebsd*) - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` + objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf` version_type=freebsd-$objformat case $version_type in freebsd-elf*) @@ -24598,7 +24599,7 @@ fi LIBXML_MIN_VERSION="2.4.2" -LIBXML_CONFIG="xml2-config" +LIBXML_CONFIG="./libxml2-config" LIBXML_CFLAGS="" LIBXML_LIBS="" LIBXML_FOUND="no" @@ -25678,12 +25679,26 @@ XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" +if test "z$MOZ_FLAVOUR" = "zfirefox" ; then + MOZILLA_MIN_VERSION="1.0" +fi NSS_MIN_VERSION="3.2" NSPR_MIN_VERSION="4.0" NSS_CFLAGS="" NSS_LIBS="" -NSS_LIBS_LIST="-lnss3 -lsmime3" -NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" + +case $host_os in +cygwin* | mingw* | pw32*) + NSS_LIBS_LIST="-lnss3 -lsmime3" + NSPR_LIBS_LIST="-lnspr4" + ;; + +*) + NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" + NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" + ;; +esac + NSS_CRYPTO_LIB="$PACKAGE-nss" NSS_FOUND="no" @@ -25766,23 +25781,122 @@ else PKG_CONFIG_MIN_VERSION=0.9.0 if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then - echo "$as_me:$LINENO: checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" >&5 -echo $ECHO_N "checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 + echo "$as_me:$LINENO: checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" >&5 +echo $ECHO_N "checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 + + if $PKG_CONFIG --exists "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" ; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + succeeded=yes + + echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 +echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 + NSS_CFLAGS=`$PKG_CONFIG --cflags "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` + echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 +echo "${ECHO_T}$NSS_CFLAGS" >&6 + + echo "$as_me:$LINENO: checking NSS_LIBS" >&5 +echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 + NSS_LIBS=`$PKG_CONFIG --libs "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` + echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 +echo "${ECHO_T}$NSS_LIBS" >&6 + else + NSS_CFLAGS="" + NSS_LIBS="" + ## If we have a custom action on failure, don't print errors, but + ## do set a variable so people can do so. + NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` + + fi + + + + else + echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." + echo "*** See http://www.freedesktop.org/software/pkgconfig" + fi + fi + + if test $succeeded = yes; then + NSS_FOUND=yes + else + NSS_FOUND=no + fi + + echo "$as_me:$LINENO: result: $NSS_FOUND" >&5 +echo "${ECHO_T}$NSS_FOUND" >&6 + if test "z$NSS_FOUND" = "zno" ; then + + succeeded=no + + if test -z "$PKG_CONFIG"; then + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_PKG_CONFIG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no" + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG + +if test -n "$PKG_CONFIG"; then + echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 +echo "${ECHO_T}$PKG_CONFIG" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + fi + + if test "$PKG_CONFIG" = "no" ; then + echo "*** The pkg-config script could not be found. Make sure it is" + echo "*** in your path, or set the PKG_CONFIG environment variable" + echo "*** to the full path to pkg-config." + echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." + else + PKG_CONFIG_MIN_VERSION=0.9.0 + if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then + echo "$as_me:$LINENO: checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" >&5 +echo $ECHO_N "checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION... $ECHO_C" >&6 - if $PKG_CONFIG --exists "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" ; then + if $PKG_CONFIG --exists "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" ; then echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 succeeded=yes echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 - NSS_CFLAGS=`$PKG_CONFIG --cflags "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` + NSS_CFLAGS=`$PKG_CONFIG --cflags "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 echo "${ECHO_T}$NSS_CFLAGS" >&6 echo "$as_me:$LINENO: checking NSS_LIBS" >&5 echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 - NSS_LIBS=`$PKG_CONFIG --libs "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` + NSS_LIBS=`$PKG_CONFIG --libs "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 echo "${ECHO_T}$NSS_LIBS" >&6 else @@ -25790,7 +25904,7 @@ NSS_LIBS="" ## If we have a custom action on failure, don't print errors, but ## do set a variable so people can do so. - NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` + NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"` fi @@ -25808,6 +25922,9 @@ NSS_FOUND=no fi + echo "$as_me:$LINENO: result: $NSS_FOUND" >&5 +echo "${ECHO_T}$NSS_FOUND" >&6 + fi fi if test "z$NSS_FOUND" = "zno" ; then @@ -25817,8 +25934,8 @@ ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi - ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" - ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" + ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" + ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 @@ -25853,8 +25970,11 @@ done for dir in $ac_nss_lib_dir ; do - if test -f $dir/libnspr4.so ; then - if test "z$dir" = "z/usr/lib" ; then + case $host_os in + cygwin* | mingw* | pw32*) + if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then + # do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" else if test "z$with_gnu_ld" = "zyes" ; then @@ -25865,7 +25985,26 @@ fi NSPR_LIBS_FOUND="yes" break - fi + fi + ;; + + *) + if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then + # do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then + NSPR_LIBS="$NSPR_LIBS_LIST" + else + if test "z$with_gnu_ld" = "zyes" ; then + NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" + else + NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" + fi + fi + NSPR_LIBS_FOUND="yes" + break + fi + ;; + esac done fi @@ -25939,8 +26078,11 @@ done for dir in $ac_nss_lib_dir ; do - if test -f $dir/libnss3.so ; then - if test "z$dir" = "z/usr/lib" ; then + case $host_os in + cygwin* | mingw* | pw32*) + if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then + # do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" else if test "z$with_gnu_ld" = "zyes" ; then @@ -25951,7 +26093,26 @@ fi NSS_LIBS_FOUND="yes" break - fi + fi + ;; + + *) + if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then + # do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then + NSS_LIBS="$NSS_LIBS_LIST" + else + if test "z$with_gnu_ld" = "zyes" ; then + NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" + else + NSS_LIBS="-L$dir $NSS_LIBS_LIST" + fi + fi + NSS_LIBS_FOUND="yes" + break + fi + ;; + esac done fi @@ -26004,6 +26165,12 @@ fi fi +case $host_os in +darwin*) + NSS_LIBS="$NSS_LIBS "`"$PERL" "$SOLARENV/bin/macosx-dylib-link-list.pl" $NSS_LIBS` + ;; +esac + if test "z$NSS_FOUND" = "zyes" ; then XMLSEC_NO_NSS="0" NSS_CFLAGS="$NSS_CFLAGS -DXMLSEC_CRYPTO_NSS=1" @@ -26037,6 +26204,109 @@ +MSCRYPTO_CFLAGS="" +MSCRYPTO_LIBS="" +MSCRYPTO_FOUND="no" + + +# Check whether --with-mscrypto or --without-mscrypto was given. +if test "${with_mscrypto+set}" = set; then + withval="$with_mscrypto" + +fi; +if test "z$with_mscrypto" = "zno" ; then + echo "$as_me:$LINENO: checking for MSCRYPTO libraries" >&5 +echo $ECHO_N "checking for MSCRYPTO libraries... $ECHO_C" >&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + MSCRYPTO_FOUND="without" +else + ac_mscrypto_lib_dir="${PSDK_HOME}/lib" + ac_mscrypto_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external/mingw/include ${COMPATH}/include ${COMPATH}/include/w32api" + echo "$as_me:$LINENO: checking for mscrypto libraries" >&5 +echo $ECHO_N "checking for mscrypto libraries... $ECHO_C" >&6 + MSCRYPTO_INCLUDES_FOUND="no" + MSCRYPTO_LIBS_FOUND="no" + WINCRYPT_H="" + + for dir in $ac_mscrypto_inc_dir ; do + if test -f $dir/wincrypt.h ; then + MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -I$dir" + MSCRYPTO_INCLUDES_FOUND="yes" + WINCRYPT_H="$dir/wincrypt.h" + break + fi + done + + for dir in $ac_mscrypto_lib_dir ; do + if test -f $dir/crypt32.lib ; then + if test "z$with_gnu_ld" = "zyes" ; then + MSCRYPTO_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $dir/crypt32.lib" + else + MSCRYPTO_LIBS="-L$dir $dir/crypt32.lib" + fi + MSCRYPTO_LIBS_FOUND="yes" + break + fi + done + + if test "z$MSCRYPTO_INCLUDES_FOUND" = "zyes" -a "z$MSCRYPTO_LIBS_FOUND" = "zyes" ; then + OLD_CPPFLAGS=$CPPFLAGS + CPPFLAGS="$MSCRYPTO_CFLAGS" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + #include + #if defined(_WINCRYPT_H) || defined(__WINCRYPT_H__) + yes + #endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "yes" >/dev/null 2>&1; then + + MSCRYPTO_FOUND=yes + +else + + MSCRYPTO_FOUND=no + +fi +rm -f conftest* + + CPPFLAGS="$OLD_CPPFLAGS" + fi + + if test "z$MSCRYPTO_FOUND" = "zyes" ; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + fi + +fi + +if test "z$MSCRYPTO_FOUND" = "zyes" ; then + MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1" + + if test "z$XMLSEC_CRYPTO" = "z" ; then + XMLSEC_CRYPTO="mscrypto" + XMLSEC_CRYPTO_LIB="$PACKAGE-mscrypto" + XMLSEC_CRYPTO_CFLAGS="$MSCRYPTO_CFLAGS" + XMLSEC_CRYPTO_LIBS="$MSCRYPTO_LIBS" + fi + XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscrypto" +else + XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscrypto" +fi + + + echo "$as_me:$LINENO: checking for crypto library" >&5 echo $ECHO_N "checking for crypto library... $ECHO_C" >&6 if test "z$XMLSEC_CRYPTO" = "z" ; then @@ -26604,7 +26874,7 @@ done - ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1.spec:xmlsec.spec.in" + ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1-mscrypto.pc:xmlsec-mscrypto.pc.in xmlsec1.spec:xmlsec.spec.in" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure @@ -27521,6 +27791,8 @@ s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t @@ -29231,6 +29503,8 @@ s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t @@ -30941,6 +31215,8 @@ s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t @@ -32653,6 +32929,1724 @@ s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t +s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t +s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t +s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t +s,@XMLSEC_NO_RIPEMD160_TRUE@,$XMLSEC_NO_RIPEMD160_TRUE,;t t +s,@XMLSEC_NO_RIPEMD160_FALSE@,$XMLSEC_NO_RIPEMD160_FALSE,;t t +s,@XMLSEC_NO_RIPEMD160@,$XMLSEC_NO_RIPEMD160,;t t +s,@XMLSEC_NO_HMAC_TRUE@,$XMLSEC_NO_HMAC_TRUE,;t t +s,@XMLSEC_NO_HMAC_FALSE@,$XMLSEC_NO_HMAC_FALSE,;t t +s,@XMLSEC_NO_HMAC@,$XMLSEC_NO_HMAC,;t t +s,@XMLSEC_NO_DSA_TRUE@,$XMLSEC_NO_DSA_TRUE,;t t +s,@XMLSEC_NO_DSA_FALSE@,$XMLSEC_NO_DSA_FALSE,;t t +s,@XMLSEC_NO_DSA@,$XMLSEC_NO_DSA,;t t +s,@XMLSEC_NO_RSA_TRUE@,$XMLSEC_NO_RSA_TRUE,;t t +s,@XMLSEC_NO_RSA_FALSE@,$XMLSEC_NO_RSA_FALSE,;t t +s,@XMLSEC_NO_RSA@,$XMLSEC_NO_RSA,;t t +s,@XMLSEC_NO_X509_TRUE@,$XMLSEC_NO_X509_TRUE,;t t +s,@XMLSEC_NO_X509_FALSE@,$XMLSEC_NO_X509_FALSE,;t t +s,@XMLSEC_NO_X509@,$XMLSEC_NO_X509,;t t +s,@XMLSEC_NO_DES_TRUE@,$XMLSEC_NO_DES_TRUE,;t t +s,@XMLSEC_NO_DES_FALSE@,$XMLSEC_NO_DES_FALSE,;t t +s,@XMLSEC_NO_DES@,$XMLSEC_NO_DES,;t t +s,@XMLSEC_NO_AES_TRUE@,$XMLSEC_NO_AES_TRUE,;t t +s,@XMLSEC_NO_AES_FALSE@,$XMLSEC_NO_AES_FALSE,;t t +s,@XMLSEC_NO_AES@,$XMLSEC_NO_AES,;t t +s,@XMLSEC_NO_XMLDSIG_TRUE@,$XMLSEC_NO_XMLDSIG_TRUE,;t t +s,@XMLSEC_NO_XMLDSIG_FALSE@,$XMLSEC_NO_XMLDSIG_FALSE,;t t +s,@XMLSEC_NO_XMLDSIG@,$XMLSEC_NO_XMLDSIG,;t t +s,@XMLSEC_NO_XMLENC_TRUE@,$XMLSEC_NO_XMLENC_TRUE,;t t +s,@XMLSEC_NO_XMLENC_FALSE@,$XMLSEC_NO_XMLENC_FALSE,;t t +s,@XMLSEC_NO_XMLENC@,$XMLSEC_NO_XMLENC,;t t +s,@XMLSEC_NO_XKMS_TRUE@,$XMLSEC_NO_XKMS_TRUE,;t t +s,@XMLSEC_NO_XKMS_FALSE@,$XMLSEC_NO_XKMS_FALSE,;t t +s,@XMLSEC_NO_XKMS@,$XMLSEC_NO_XKMS,;t t +s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE,;t t +s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE,;t t +s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING,;t t +s,@XMLSEC_DL_INCLUDES@,$XMLSEC_DL_INCLUDES,;t t +s,@XMLSEC_DL_LIBS@,$XMLSEC_DL_LIBS,;t t +s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE,;t t +s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE,;t t +s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING,;t t +s,@XMLSEC_DOCDIR@,$XMLSEC_DOCDIR,;t t +s,@XMLSEC_STATIC_BINARIES@,$XMLSEC_STATIC_BINARIES,;t t +s,@XMLSEC_CORE_CFLAGS@,$XMLSEC_CORE_CFLAGS,;t t +s,@XMLSEC_CORE_LIBS@,$XMLSEC_CORE_LIBS,;t t +s,@XMLSEC_LIBDIR@,$XMLSEC_LIBDIR,;t t +s,@XMLSEC_OPENSSL_CFLAGS@,$XMLSEC_OPENSSL_CFLAGS,;t t +s,@XMLSEC_OPENSSL_LIBS@,$XMLSEC_OPENSSL_LIBS,;t t +s,@XMLSEC_GNUTLS_CFLAGS@,$XMLSEC_GNUTLS_CFLAGS,;t t +s,@XMLSEC_GNUTLS_LIBS@,$XMLSEC_GNUTLS_LIBS,;t t +s,@XMLSEC_NSS_CFLAGS@,$XMLSEC_NSS_CFLAGS,;t t +s,@XMLSEC_NSS_LIBS@,$XMLSEC_NSS_LIBS,;t t +s,@XMLSEC_CFLAGS@,$XMLSEC_CFLAGS,;t t +s,@XMLSEC_LIBS@,$XMLSEC_LIBS,;t t +s,@XMLSEC_DEFINES@,$XMLSEC_DEFINES,;t t +s,@XMLSEC_APP_DEFINES@,$XMLSEC_APP_DEFINES,;t t +s,@XMLSEC_CRYPTO@,$XMLSEC_CRYPTO,;t t +s,@XMLSEC_CRYPTO_LIST@,$XMLSEC_CRYPTO_LIST,;t t +s,@XMLSEC_CRYPTO_DISABLED_LIST@,$XMLSEC_CRYPTO_DISABLED_LIST,;t t +s,@XMLSEC_CRYPTO_LIB@,$XMLSEC_CRYPTO_LIB,;t t +s,@XMLSEC_CRYPTO_CFLAGS@,$XMLSEC_CRYPTO_CFLAGS,;t t +s,@XMLSEC_CRYPTO_LIBS@,$XMLSEC_CRYPTO_LIBS,;t t +s,@XMLSEC_CRYPTO_PC_FILES_LIST@,$XMLSEC_CRYPTO_PC_FILES_LIST,;t t +s,@LIBOBJS@,$LIBOBJS,;t t +s,@LTLIBOBJS@,$LTLIBOBJS,;t t +CEOF + +_ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false + else + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` + fi + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat + fi +fi # test -n "$CONFIG_FILES" + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_builddir$INSTALL ;; + esac + + if test x"$ac_file" != x-; then + { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + configure_input= + else + configure_input="$ac_file. " + fi + configure_input=$configure_input"Generated from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF + sed "$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s,@configure_input@,$configure_input,;t t +s,@srcdir@,$ac_srcdir,;t t +s,@abs_srcdir@,$ac_abs_srcdir,;t t +s,@top_srcdir@,$ac_top_srcdir,;t t +s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t +s,@builddir@,$ac_builddir,;t t +s,@abs_builddir@,$ac_abs_builddir,;t t +s,@top_builddir@,$ac_top_builddir,;t t +s,@abs_top_builddir@,$ac_abs_top_builddir,;t t +s,@INSTALL@,$ac_INSTALL,;t t +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi + +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + +# +# CONFIG_HEADER section. +# + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='[ ].*$,\1#\2' +ac_dC=' ' +ac_dD=',;t' +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='$,\1#\2define\3' +ac_uC=' ' +ac_uD=',;t' + +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + # Do quote $f, to prevent DOS paths from being IFS'd. + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in + +_ACEOF + +# Transform confdefs.h into two sed scripts, `conftest.defines' and +# `conftest.undefs', that substitutes the proper values into +# config.h.in to produce config.h. The first handles `#define' +# templates, and the second `#undef' templates. +# And first: Protect against being on the right side of a sed subst in +# config.status. Protect against being in an unquoted here document +# in config.status. +rm -f conftest.defines conftest.undefs +# Using a here document instead of a string reduces the quoting nightmare. +# Putting comments in sed scripts is not portable. +# +# `end' is used to avoid that the second main sed command (meant for +# 0-ary CPP macros) applies to n-ary macro definitions. +# See the Autoconf documentation for `clear'. +cat >confdef2sed.sed <<\_ACEOF +s/[\\&,]/\\&/g +s,[\\$`],\\&,g +t clear +: clear +s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp +t end +s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp +: end +_ACEOF +# If some macros were called several times there might be several times +# the same #defines, which is useless. Nevertheless, we may not want to +# sort them, since we want the *last* AC-DEFINE to be honored. +uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines +sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs +rm -f confdef2sed.sed + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >>conftest.undefs <<\_ACEOF +s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, +_ACEOF + +# Break up conftest.defines because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS +echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS +echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS +echo ' :' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.defines >/dev/null +do + # Write a limited-size here document to $tmp/defines.sed. + echo ' cat >$tmp/defines.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#define' lines. + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/defines.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail + rm -f conftest.defines + mv conftest.tail conftest.defines +done +rm -f conftest.defines +echo ' fi # grep' >>$CONFIG_STATUS +echo >>$CONFIG_STATUS + +# Break up conftest.undefs because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #undef templates' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.undefs >/dev/null +do + # Write a limited-size here document to $tmp/undefs.sed. + echo ' cat >$tmp/undefs.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#undef' + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/undefs.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail + rm -f conftest.undefs + mv conftest.tail conftest.undefs +done +rm -f conftest.undefs + +cat >>$CONFIG_STATUS <<\_ACEOF + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated by configure. */" >$tmp/config.h + else + echo "/* $ac_file. Generated by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if diff $ac_file $tmp/config.h >/dev/null 2>&1; then + { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 +echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + rm -f $ac_file + mv $tmp/config.h $ac_file + fi + else + cat $tmp/config.h + rm -f $tmp/config.h + fi +# Compute $ac_file's index in $config_headers. +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $ac_file | $ac_file:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null || +$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X$ac_file : 'X\(//\)[^/]' \| \ + X$ac_file : 'X\(//\)$' \| \ + X$ac_file : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X$ac_file | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'`/stamp-h$_am_stamp_count +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + +# +# CONFIG_COMMANDS section. +# +for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue + ac_dest=`echo "$ac_file" | sed 's,:.*,,'` + ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_dir=`(dirname "$ac_dest") 2>/dev/null || +$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_dest" : 'X\(//\)[^/]' \| \ + X"$ac_dest" : 'X\(//\)$' \| \ + X"$ac_dest" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_dest" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + { echo "$as_me:$LINENO: executing $ac_dest commands" >&5 +echo "$as_me: executing $ac_dest commands" >&6;} + case $ac_dest in + depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # So let's grep whole file. + if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then + dirpart=`(dirname "$mf") 2>/dev/null || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + else + continue + fi + grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue + # Extract the definition of DEP_FILES from the Makefile without + # running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR" + # We invoke sed twice because it is the simplest approach to + # changing $(DEPDIR) to its actual value in the expansion. + for file in `sed -n ' + /^DEP_FILES = .*\\\\$/ { + s/^DEP_FILES = // + :loop + s/\\\\$// + p + n + /\\\\$/ b loop + p + } + /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`(dirname "$file") 2>/dev/null || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p $dirpart/$fdir + else + as_dir=$dirpart/$fdir + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5 +echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;} + { (exit 1); exit 1; }; }; } + + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done +done + ;; + esac +done +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF + +{ (exit 0); exit 0; } +_ACEOF +chmod +x $CONFIG_STATUS +ac_clean_files=$ac_clean_files_save + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi + +fi + +if test "z$MSCRYPTO_FOUND" = "zyes" ; then + ac_config_files="$ac_config_files include/xmlsec/mscrypto/Makefile src/mscrypto/Makefile" +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +{ + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache +if diff $cache_file confcache >/dev/null 2>&1; then :; else + if test -w $cache_file; then + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/; +s/:*\${srcdir}:*/:/; +s/:*@srcdir@:*/:/; +s/^\([^=]*=[ ]*\):*/\1/; +s/:*$//; +s/^[^=]*=[ ]*$//; +}' +fi + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_i=`echo "$ac_i" | + sed 's/\$U\././;s/\.o$//;s/\.obj$//'` + # 2. Add them. + ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + +if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${INSTALL_LTDL_TRUE}" && test -z "${INSTALL_LTDL_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"INSTALL_LTDL\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"INSTALL_LTDL\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${CONVENIENCE_LTDL_TRUE}" && test -z "${CONVENIENCE_LTDL_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"CONVENIENCE_LTDL\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"CONVENIENCE_LTDL\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_OPENSSL_TRUE}" && test -z "${XMLSEC_NO_OPENSSL_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_GNUTLS_TRUE}" && test -z "${XMLSEC_NO_GNUTLS_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_NSS_TRUE}" && test -z "${XMLSEC_NO_NSS_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_NSS\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_NSS\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_SHA1_TRUE}" && test -z "${XMLSEC_NO_SHA1_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_SHA1\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_SHA1\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_RIPEMD160_TRUE}" && test -z "${XMLSEC_NO_RIPEMD160_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_HMAC_TRUE}" && test -z "${XMLSEC_NO_HMAC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_HMAC\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_HMAC\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_DSA_TRUE}" && test -z "${XMLSEC_NO_DSA_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DSA\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_DSA\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_RSA_TRUE}" && test -z "${XMLSEC_NO_RSA_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RSA\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_RSA\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_X509_TRUE}" && test -z "${XMLSEC_NO_X509_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_X509\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_X509\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_DES_TRUE}" && test -z "${XMLSEC_NO_DES_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DES\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_DES\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_AES_TRUE}" && test -z "${XMLSEC_NO_AES_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_AES\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_AES\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_XMLDSIG_TRUE}" && test -z "${XMLSEC_NO_XMLDSIG_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_XMLENC_TRUE}" && test -z "${XMLSEC_NO_XMLENC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLENC\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_XMLENC\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_XKMS_TRUE}" && test -z "${XMLSEC_NO_XKMS_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XKMS\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_XKMS\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi + +: ${CONFIG_STATUS=./config.status} +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 +echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 +echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + +exec 6>&1 + +# Open the log real soon, to keep \$[0] and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. Logging --version etc. is OK. +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX +} >&5 +cat >&5 <<_CSEOF + +This file was extended by $as_me, which was +generated by GNU Autoconf 2.59. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +_CSEOF +echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 +echo >&5 +_ACEOF + +# Files that config.status was made for. +if test -n "$ac_config_files"; then + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_headers"; then + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_links"; then + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_commands"; then + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS +fi + +cat >>$CONFIG_STATUS <<\_ACEOF + +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to ." +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +ac_cs_version="\\ +config.status +configured by $0, generated by GNU Autoconf 2.59, + with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" + +Copyright (C) 2003 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." +srcdir=$srcdir +INSTALL="$INSTALL" +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + ac_shift=: + ;; + -*) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_option=$1 + ac_need_defaults=false;; + esac + + case $ac_option in + # Handling of the options. +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:$LINENO: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + CONFIG_FILES="$CONFIG_FILES $ac_optarg" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" + ac_need_defaults=false;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF +if \$ac_cs_recheck; then + echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 + exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion +fi + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +# +# INIT-COMMANDS section. +# + +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + +_ACEOF + + + +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_config_target in $ac_config_targets +do + case "$ac_config_target" in + # Handling of arguments. + "include/xmlsec/version.h" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/version.h" ;; + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; + "include/xmlsec/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/Makefile" ;; + "include/xmlsec/private/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/private/Makefile" ;; + "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "apps/Makefile" ) CONFIG_FILES="$CONFIG_FILES apps/Makefile" ;; + "docs/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;; + "docs/api/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/api/Makefile" ;; + "man/Makefile" ) CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; + "xmlsec1Conf.sh" ) CONFIG_FILES="$CONFIG_FILES xmlsec1Conf.sh:xmlsecConf.sh.in" ;; + "xmlsec1-config" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-config:xmlsec-config.in" ;; + "xmlsec1-openssl.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-openssl.pc:xmlsec-openssl.pc.in" ;; + "xmlsec1-gnutls.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in" ;; + "xmlsec1-nss.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-nss.pc:xmlsec-nss.pc.in" ;; + "xmlsec1.spec" ) CONFIG_FILES="$CONFIG_FILES xmlsec1.spec:xmlsec.spec.in" ;; + "include/xmlsec/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/openssl/Makefile" ;; + "src/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/openssl/Makefile" ;; + "include/xmlsec/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/gnutls/Makefile" ;; + "src/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/gnutls/Makefile" ;; + "include/xmlsec/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/nss/Makefile" ;; + "src/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/nss/Makefile" ;; + "include/xmlsec/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/mscrypto/Makefile" ;; + "src/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/mscrypto/Makefile" ;; + "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason to put it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Create a temporary directory, and hook for its removal unless debugging. +$debug || +{ + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} + +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./confstat$$-$RANDOM + (umask 077 && mkdir $tmp) +} || +{ + echo "$me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } +} + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF + +# +# CONFIG_FILES section. +# + +# No need to generate the scripts if there are no CONFIG_FILES. +# This happens for instance when ./config.status config.h +if test -n "\$CONFIG_FILES"; then + # Protect against being on the right side of a sed subst in config.status. + sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; + s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF +s,@SHELL@,$SHELL,;t t +s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t +s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t +s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t +s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t +s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t +s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t +s,@exec_prefix@,$exec_prefix,;t t +s,@prefix@,$prefix,;t t +s,@program_transform_name@,$program_transform_name,;t t +s,@bindir@,$bindir,;t t +s,@sbindir@,$sbindir,;t t +s,@libexecdir@,$libexecdir,;t t +s,@datadir@,$datadir,;t t +s,@sysconfdir@,$sysconfdir,;t t +s,@sharedstatedir@,$sharedstatedir,;t t +s,@localstatedir@,$localstatedir,;t t +s,@libdir@,$libdir,;t t +s,@includedir@,$includedir,;t t +s,@oldincludedir@,$oldincludedir,;t t +s,@infodir@,$infodir,;t t +s,@mandir@,$mandir,;t t +s,@build_alias@,$build_alias,;t t +s,@host_alias@,$host_alias,;t t +s,@target_alias@,$target_alias,;t t +s,@DEFS@,$DEFS,;t t +s,@ECHO_C@,$ECHO_C,;t t +s,@ECHO_N@,$ECHO_N,;t t +s,@ECHO_T@,$ECHO_T,;t t +s,@LIBS@,$LIBS,;t t +s,@build@,$build,;t t +s,@build_cpu@,$build_cpu,;t t +s,@build_vendor@,$build_vendor,;t t +s,@build_os@,$build_os,;t t +s,@host@,$host,;t t +s,@host_cpu@,$host_cpu,;t t +s,@host_vendor@,$host_vendor,;t t +s,@host_os@,$host_os,;t t +s,@XMLSEC_VERSION@,$XMLSEC_VERSION,;t t +s,@XMLSEC_PACKAGE@,$XMLSEC_PACKAGE,;t t +s,@XMLSEC_VERSION_SAFE@,$XMLSEC_VERSION_SAFE,;t t +s,@XMLSEC_VERSION_MAJOR@,$XMLSEC_VERSION_MAJOR,;t t +s,@XMLSEC_VERSION_MINOR@,$XMLSEC_VERSION_MINOR,;t t +s,@XMLSEC_VERSION_SUBMINOR@,$XMLSEC_VERSION_SUBMINOR,;t t +s,@XMLSEC_VERSION_INFO@,$XMLSEC_VERSION_INFO,;t t +s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t +s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t +s,@INSTALL_DATA@,$INSTALL_DATA,;t t +s,@CYGPATH_W@,$CYGPATH_W,;t t +s,@PACKAGE@,$PACKAGE,;t t +s,@VERSION@,$VERSION,;t t +s,@ACLOCAL@,$ACLOCAL,;t t +s,@AUTOCONF@,$AUTOCONF,;t t +s,@AUTOMAKE@,$AUTOMAKE,;t t +s,@AUTOHEADER@,$AUTOHEADER,;t t +s,@MAKEINFO@,$MAKEINFO,;t t +s,@AMTAR@,$AMTAR,;t t +s,@install_sh@,$install_sh,;t t +s,@STRIP@,$STRIP,;t t +s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t +s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t +s,@mkdir_p@,$mkdir_p,;t t +s,@AWK@,$AWK,;t t +s,@SET_MAKE@,$SET_MAKE,;t t +s,@am__leading_dot@,$am__leading_dot,;t t +s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t +s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t +s,@MAINT@,$MAINT,;t t +s,@CC@,$CC,;t t +s,@CFLAGS@,$CFLAGS,;t t +s,@LDFLAGS@,$LDFLAGS,;t t +s,@CPPFLAGS@,$CPPFLAGS,;t t +s,@ac_ct_CC@,$ac_ct_CC,;t t +s,@EXEEXT@,$EXEEXT,;t t +s,@OBJEXT@,$OBJEXT,;t t +s,@DEPDIR@,$DEPDIR,;t t +s,@am__include@,$am__include,;t t +s,@am__quote@,$am__quote,;t t +s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t +s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t +s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t +s,@CCDEPMODE@,$CCDEPMODE,;t t +s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t +s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t +s,@EGREP@,$EGREP,;t t +s,@LN_S@,$LN_S,;t t +s,@ECHO@,$ECHO,;t t +s,@AR@,$AR,;t t +s,@ac_ct_AR@,$ac_ct_AR,;t t +s,@RANLIB@,$RANLIB,;t t +s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t +s,@CPP@,$CPP,;t t +s,@CXX@,$CXX,;t t +s,@CXXFLAGS@,$CXXFLAGS,;t t +s,@ac_ct_CXX@,$ac_ct_CXX,;t t +s,@CXXDEPMODE@,$CXXDEPMODE,;t t +s,@am__fastdepCXX_TRUE@,$am__fastdepCXX_TRUE,;t t +s,@am__fastdepCXX_FALSE@,$am__fastdepCXX_FALSE,;t t +s,@CXXCPP@,$CXXCPP,;t t +s,@F77@,$F77,;t t +s,@FFLAGS@,$FFLAGS,;t t +s,@ac_ct_F77@,$ac_ct_F77,;t t +s,@LIBTOOL@,$LIBTOOL,;t t +s,@RM@,$RM,;t t +s,@CP@,$CP,;t t +s,@MV@,$MV,;t t +s,@TAR@,$TAR,;t t +s,@HELP2MAN@,$HELP2MAN,;t t +s,@MAN2HTML@,$MAN2HTML,;t t +s,@U@,$U,;t t +s,@ANSI2KNR@,$ANSI2KNR,;t t +s,@INSTALL_LTDL_TRUE@,$INSTALL_LTDL_TRUE,;t t +s,@INSTALL_LTDL_FALSE@,$INSTALL_LTDL_FALSE,;t t +s,@CONVENIENCE_LTDL_TRUE@,$CONVENIENCE_LTDL_TRUE,;t t +s,@CONVENIENCE_LTDL_FALSE@,$CONVENIENCE_LTDL_FALSE,;t t +s,@LIBADD_DL@,$LIBADD_DL,;t t +s,@PKG_CONFIG_ENABLED@,$PKG_CONFIG_ENABLED,;t t +s,@PKG_CONFIG@,$PKG_CONFIG,;t t +s,@LIBXML_CFLAGS@,$LIBXML_CFLAGS,;t t +s,@LIBXML_LIBS@,$LIBXML_LIBS,;t t +s,@LIBXML262_CFLAGS@,$LIBXML262_CFLAGS,;t t +s,@LIBXML262_LIBS@,$LIBXML262_LIBS,;t t +s,@LIBXML_CONFIG@,$LIBXML_CONFIG,;t t +s,@LIBXML_MIN_VERSION@,$LIBXML_MIN_VERSION,;t t +s,@LIBXSLT_CFLAGS@,$LIBXSLT_CFLAGS,;t t +s,@LIBXSLT_LIBS@,$LIBXSLT_LIBS,;t t +s,@XMLSEC_NO_LIBXSLT@,$XMLSEC_NO_LIBXSLT,;t t +s,@LIBXSLT_CONFIG@,$LIBXSLT_CONFIG,;t t +s,@LIBXSLT_MIN_VERSION@,$LIBXSLT_MIN_VERSION,;t t +s,@OPENSSL_CFLAGS@,$OPENSSL_CFLAGS,;t t +s,@OPENSSL_LIBS@,$OPENSSL_LIBS,;t t +s,@OPENSSL097_CFLAGS@,$OPENSSL097_CFLAGS,;t t +s,@OPENSSL097_LIBS@,$OPENSSL097_LIBS,;t t +s,@XMLSEC_NO_OPENSSL_TRUE@,$XMLSEC_NO_OPENSSL_TRUE,;t t +s,@XMLSEC_NO_OPENSSL_FALSE@,$XMLSEC_NO_OPENSSL_FALSE,;t t +s,@XMLSEC_NO_OPENSSL@,$XMLSEC_NO_OPENSSL,;t t +s,@OPENSSL_CRYPTO_LIB@,$OPENSSL_CRYPTO_LIB,;t t +s,@OPENSSL_MIN_VERSION@,$OPENSSL_MIN_VERSION,;t t +s,@GNUTLS_CFLAGS@,$GNUTLS_CFLAGS,;t t +s,@GNUTLS_LIBS@,$GNUTLS_LIBS,;t t +s,@XMLSEC_NO_GNUTLS_TRUE@,$XMLSEC_NO_GNUTLS_TRUE,;t t +s,@XMLSEC_NO_GNUTLS_FALSE@,$XMLSEC_NO_GNUTLS_FALSE,;t t +s,@XMLSEC_NO_GNUTLS@,$XMLSEC_NO_GNUTLS,;t t +s,@GNUTLS_CRYPTO_LIB@,$GNUTLS_CRYPTO_LIB,;t t +s,@GNUTLS_MIN_VERSION@,$GNUTLS_MIN_VERSION,;t t +s,@NSS_CFLAGS@,$NSS_CFLAGS,;t t +s,@NSS_LIBS@,$NSS_LIBS,;t t +s,@XMLSEC_NO_NSS_TRUE@,$XMLSEC_NO_NSS_TRUE,;t t +s,@XMLSEC_NO_NSS_FALSE@,$XMLSEC_NO_NSS_FALSE,;t t +s,@XMLSEC_NO_NSS@,$XMLSEC_NO_NSS,;t t +s,@NSS_CRYPTO_LIB@,$NSS_CRYPTO_LIB,;t t +s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t +s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t +s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t @@ -34368,6 +36362,8 @@ s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t --- misc/xmlsec1-1.2.6/configure.in 2004-08-26 04:49:24.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/configure.in 2008-06-29 23:44:19.000000000 +0200 @@ -143,7 +143,7 @@ dnl find libxml dnl ========================================================================== LIBXML_MIN_VERSION="2.4.2" -LIBXML_CONFIG="xml2-config" +LIBXML_CONFIG="./libxml2-config" LIBXML_CFLAGS="" LIBXML_LIBS="" LIBXML_FOUND="no" @@ -503,12 +503,26 @@ XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" +if test "z$MOZ_FLAVOUR" = "zfirefox" ; then + MOZILLA_MIN_VERSION="1.0" +fi NSS_MIN_VERSION="3.2" NSPR_MIN_VERSION="4.0" NSS_CFLAGS="" NSS_LIBS="" -NSS_LIBS_LIST="-lnss3 -lsmime3" -NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" + +case $host_os in +cygwin* | mingw* | pw32*) + NSS_LIBS_LIST="-lnss3 -lsmime3" + NSPR_LIBS_LIST="-lnspr4" + ;; + +*) + NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" + NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" + ;; +esac + NSS_CRYPTO_LIB="$PACKAGE-nss" NSS_FOUND="no" @@ -521,9 +535,16 @@ AC_MSG_RESULT(no) NSS_FOUND="without" elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then - PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION, + PKG_CHECK_MODULES(NSS, $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION, [NSS_FOUND=yes], [NSS_FOUND=no]) + AC_MSG_RESULT($NSS_FOUND) + if test "z$NSS_FOUND" = "zno" ; then + PKG_CHECK_MODULES(NSS, nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION, + [NSS_FOUND=yes], + [NSS_FOUND=no]) + AC_MSG_RESULT($NSS_FOUND) + fi fi if test "z$NSS_FOUND" = "zno" ; then @@ -534,8 +555,8 @@ ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi - ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" - ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" + ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" + ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) NSPR_INCLUDES_FOUND="no" @@ -570,7 +591,9 @@ done for dir in $ac_nss_lib_dir ; do - if test -f $dir/libnspr4.so ; then + case $host_os in + cygwin* | mingw* | pw32*) + if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" @@ -583,7 +606,26 @@ fi NSPR_LIBS_FOUND="yes" break - fi + fi + ;; + + *) + if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then + dnl do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then + NSPR_LIBS="$NSPR_LIBS_LIST" + else + if test "z$with_gnu_ld" = "zyes" ; then + NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST" + else + NSPR_LIBS="-L$dir $NSPR_LIBS_LIST" + fi + fi + NSPR_LIBS_FOUND="yes" + break + fi + ;; + esac done fi @@ -641,7 +683,9 @@ done for dir in $ac_nss_lib_dir ; do - if test -f $dir/libnss3.so ; then + case $host_os in + cygwin* | mingw* | pw32*) + if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" @@ -654,7 +698,26 @@ fi NSS_LIBS_FOUND="yes" break - fi + fi + ;; + + *) + if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then + dnl do not add -L/usr/lib because compiler does it anyway + if test "z$dir" = "z/usr/lib" ; then + NSS_LIBS="$NSS_LIBS_LIST" + else + if test "z$with_gnu_ld" = "zyes" ; then + NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST" + else + NSS_LIBS="-L$dir $NSS_LIBS_LIST" + fi + fi + NSS_LIBS_FOUND="yes" + break + fi + ;; + esac done fi --- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in 2008-06-29 23:44:40.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,58 @@ -dummy +# Makefile.in generated by automake 1.8.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +HEADERS = $(xmlsecmscryptoinc_HEADERS) +NULL = +xmlsecmscryptoinc_HEADERS = \ +akmngr.h \ +app.h \ +crypto.h \ +symbols.h \ +certkeys.h \ +keysstore.h \ +x509.h \ +$(NULL) + +all: all-am + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +all-am: Makefile $(HEADERS) + +mostlyclean-generic: + +clean-generic: + +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +.PHONY: all all-am clean clean-generic \ + clean-libtool \ + mostlyclean mostlyclean-generic mostlyclean-libtool + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: --- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2008-06-29 23:44:39.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,71 @@ -dummy +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright .......................... + */ +#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ +#define __XMLSEC_MSCRYPTO_AKMNGR_H__ + +#include +#include + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr +xmlSecMSCryptoAppliedKeysMngrCreate( + HCERTSTORE keyStore , + HCERTSTORE certStore +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY symKey +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY pubKey +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY priKey +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE keyStore +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE trustedStore +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE untrustedStore +) ; + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ + + --- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2003-09-26 08:12:46.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2008-06-29 23:44:19.000000000 +0200 @@ -77,6 +77,21 @@ PCCERT_CONTEXT cert, xmlSecKeyDataType type); +XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE keyStore + ) ; + +XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE trustedStore + ) ; + +XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE untrustedStore + ) ; + #endif /* XMLSEC_NO_X509 */ --- misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2003-07-30 04:46:35.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2008-06-29 23:44:19.000000000 +0200 @@ -3,6 +3,7 @@ xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss xmlsecnssinc_HEADERS = \ +akmngr.h \ app.h \ crypto.h \ symbols.h \ @@ -10,6 +11,8 @@ keysstore.h \ pkikeys.h \ x509.h \ +tokens.h \ +ciphers.h \ $(NULL) install-exec-hook: --- misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2004-08-26 08:00:31.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2008-06-29 23:44:19.000000000 +0200 @@ -273,6 +273,7 @@ NULL = xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss xmlsecnssinc_HEADERS = \ +akmngr.h \ app.h \ crypto.h \ symbols.h \ @@ -280,6 +281,8 @@ keysstore.h \ pkikeys.h \ x509.h \ +tokens.h \ +ciphers.h \ $(NULL) all: all-am --- misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2008-06-29 23:44:39.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,56 @@ -dummy +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright .......................... + */ +#ifndef __XMLSEC_NSS_AKMNGR_H__ +#define __XMLSEC_NSS_AKMNGR_H__ + +#include +#include +#include +#include + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr +xmlSecNssAppliedKeysMngrCreate( + PK11SlotInfo** slots, + int cSlots, + CERTCertDBHandle* handler +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssAppliedKeysMngrSymKeyLoad( + xmlSecKeysMngrPtr mngr , + PK11SymKey* symKey +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssAppliedKeysMngrPubKeyLoad( + xmlSecKeysMngrPtr mngr , + SECKEYPublicKey* pubKey +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssAppliedKeysMngrPriKeyLoad( + xmlSecKeysMngrPtr mngr , + SECKEYPrivateKey* priKey +) ; + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __XMLSEC_NSS_AKMNGR_H__ */ + + --- misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2004-01-12 22:06:14.000000000 +0100 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2008-06-29 23:44:19.000000000 +0200 @@ -22,6 +22,9 @@ #include #include +#include +#include + /** * Init/shutdown */ @@ -34,6 +37,8 @@ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr); XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key); +XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, + xmlSecNssKeySlotPtr keySlot); XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, const char* uri); XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, --- misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2008-06-29 23:44:39.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,35 @@ -dummy +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright .......................... + */ +#ifndef __XMLSEC_NSS_CIPHERS_H__ +#define __XMLSEC_NSS_CIPHERS_H__ + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +#include +#include +#include + + +XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, + PK11SymKey* symkey ) ; + +XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; + +XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); + + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __XMLSEC_NSS_CIPHERS_H__ */ + + --- misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2004-01-12 22:06:14.000000000 +0100 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2008-06-29 23:44:19.000000000 +0200 @@ -264,6 +264,15 @@ xmlSecNssTransformRsaPkcs1GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void); +/** + * xmlSecNssTransformRsaOaepId: + * + * The RSA OAEP key transport transform klass. + */ +#define xmlSecNssTransformRsaOaepId \ + xmlSecNssTransformRsaOaepGetKlass() +XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void); + #endif /* XMLSEC_NO_RSA */ --- misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2003-07-30 04:46:35.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2008-06-29 23:44:19.000000000 +0200 @@ -16,6 +16,8 @@ #endif /* __cplusplus */ #include +#include +#include /**************************************************************************** * @@ -31,6 +33,8 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, xmlSecKeyPtr key); +XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, + xmlSecNssKeySlotPtr keySlot); XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, const char *uri, xmlSecKeysMngrPtr keysMngr); --- misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2008-06-29 23:44:39.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,182 @@ -dummy +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. + * + * Contributor(s): _____________________________ + * + */ +#ifndef __XMLSEC_NSS_TOKENS_H__ +#define __XMLSEC_NSS_TOKENS_H__ + +#include + +#include +#include + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/** + * xmlSecNssKeySlotListId + * + * The crypto mechanism list klass + */ +#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() +XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; + +/******************************************* + * KeySlot interfaces + *******************************************/ +/** + * Internal NSS key slot data + * @mechanismList: the mechanisms that the slot bound with. + * @slot: the pkcs slot + * + * This context is located after xmlSecPtrList + */ +typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; +typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; + +struct _xmlSecNssKeySlot { + CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ + PK11SlotInfo* slot ; +} ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotSetMechList( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE_PTR mechanismList +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotEnableMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE mechanism +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotDisableMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE mechanism +) ; + +XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR +xmlSecNssKeySlotGetMechList( + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotSetSlot( + xmlSecNssKeySlotPtr keySlot , + PK11SlotInfo* slot +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotInitialize( + xmlSecNssKeySlotPtr keySlot , + PK11SlotInfo* slot +) ; + +XMLSEC_CRYPTO_EXPORT void +xmlSecNssKeySlotFinalize( + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT PK11SlotInfo* +xmlSecNssKeySlotGetSlot( + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr +xmlSecNssKeySlotCreate() ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotCopy( + xmlSecNssKeySlotPtr newKeySlot , + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr +xmlSecNssKeySlotDuplicate( + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT void +xmlSecNssKeySlotDestroy( + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotBindMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE type +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotSupportMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE type +) ; + + +/************************************************************************ + * PKCS#11 crypto token interfaces + * + * A PKCS#11 slot repository will be defined internally. From the + * repository, a user can specify a particular slot for a certain crypto + * mechanism. + * + * In some situation, some cryptographic operation should act in a user + * designated devices. The interfaces defined here provide the way. If + * the user do not initialize the repository distinctly, the interfaces + * use the default functions provided by NSS itself. + * + ************************************************************************/ +/** + * Initialize NSS pkcs#11 slot repository + * + * Returns 0 if success or -1 if an error occurs. + */ +XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; + +/** + * Shutdown and destroy NSS pkcs#11 slot repository + */ +XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; + +/** + * Get PKCS#11 slot handler + * @type the mechanism that the slot must support. + * + * Returns a pointer to PKCS#11 slot or NULL if an error occurs. + * + * Notes: The returned handler must be destroied distinctly. + */ +XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; + +/** + * Adopt a pkcs#11 slot with a mechanism into the repository + * @slot: the pkcs#11 slot. + * @mech: the mechanism. + * + * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with + * this mechanism only can perform on the @slot. + * + * Returns 0 if success or -1 if an error occurs. + */ +XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __XMLSEC_NSS_TOKENS_H__ */ + --- misc/xmlsec1-1.2.6/libxml2-config 2008-06-29 23:44:40.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/libxml2-config 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,48 @@ -dummy +#! /bin/sh + +if test "$SYSTEM_LIBXML" = "YES" +then xml2-config "$@"; exit 0 +fi + +prefix=${SOLARVERSION}/${INPATH} +includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external +libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT} + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case "$1" in + --prefix=*) + prefix=$optarg + includedir=$prefix/include + libdir=$prefix/lib + ;; + + --prefix) + echo $prefix + ;; + + --version) + echo 2.5.4 + exit 0 + ;; + + --cflags) + echo -I${includedir} + ;; + + --libs) + echo -L${libdir} ${LIBXML2LIB} ${ZLIB3RDLIB} -lm + ;; + + *) + exit 1 + ;; + esac + shift +done + +exit 0 --- misc/xmlsec1-1.2.6/ltmain.sh 2004-08-26 08:00:15.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/ltmain.sh 2008-06-29 23:44:19.000000000 +0200 @@ -1661,6 +1661,11 @@ fi ;; + *.lib) + deplibs="$deplibs $arg" + continue + ;; + *.$libext) # An archive. deplibs="$deplibs $arg" @@ -1974,6 +1979,10 @@ continue ;; *.la) lib="$deplib" ;; + *.lib) + deplibs="$deplib $deplibs" + continue + ;; *.$libext) if test "$pass" = conv; then deplibs="$deplib $deplibs" @@ -2994,13 +3003,13 @@ ;; freebsd-aout) - major=".$current" - versuffix=".$current.$revision"; + major=.`expr $current - $age` + versuffix="$major.$age.$revision" ;; freebsd-elf) - major=".$current" - versuffix=".$current"; + major=.`expr $current - $age` + versuffix="$major.$age.$revision" ;; irix | nonstopux) @@ -3564,7 +3573,8 @@ fi else eval flag=\"$hardcode_libdir_flag_spec\" - dep_rpath="$dep_rpath $flag" +# what the ... +# dep_rpath="$dep_rpath $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in --- misc/xmlsec1-1.2.6/src/bn.c 2004-06-21 20:33:27.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/bn.c 2008-06-29 23:44:19.000000000 +0200 @@ -170,8 +170,10 @@ */ int xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { - xmlSecSize i, len; + xmlSecSize i, len, size; xmlSecByte ch; + xmlSecByte* data; + int positive; int nn; int ret; @@ -183,7 +185,7 @@ /* trivial case */ len = xmlStrlen(str); if(len == 0) { - return(0); + return(0); } /* The result size could not exceed the input string length @@ -191,54 +193,131 @@ * In truth, it would be likely less than 1/2 input string length * because each byte is represented by 2 chars. If needed, * buffer size would be increased by Mul/Add functions. + * Finally, we can add one byte for 00 or 10 prefix. */ - ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1); + ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnRevLookupTable", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", len / 2 + 1); - return (-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnRevLookupTable", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", len / 2 + 1); + return (-1); + } + + /* figure out if it is positive or negative number */ + positive = 1; + i = 0; + while(i < len) { + ch = str[i++]; + + /* skip spaces */ + if(isspace(ch)) { + continue; + } + + /* check if it is + or - */ + if(ch == '+') { + positive = 1; + break; + } else if(ch == '-') { + positive = 0; + break; + } + + /* otherwise, it must be start of the number */ + nn = xmlSecBnLookupTable[ch]; + if((nn >= 0) && ((xmlSecSize)nn < base)) { + xmlSecAssert2(i > 0, -1); + + /* no sign, positive by default */ + positive = 1; + --i; /* make sure that we will look at this character in next loop */ + break; + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "char=%c;base=%d", + ch, base); + return (-1); + } + } + + /* now parse the number itself */ + while(i < len) { + ch = str[i++]; + if(isspace(ch)) { + continue; + } + + xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); + nn = xmlSecBnLookupTable[ch]; + if((nn < 0) || ((xmlSecSize)nn > base)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "char=%c;base=%d", + ch, base); + return (-1); + } + + ret = xmlSecBnMul(bn, base); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnMul", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "base=%d", base); + return (-1); + } + + ret = xmlSecBnAdd(bn, nn); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnAdd", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "base=%d", base); + return (-1); +} } - for(i = 0; i < len; i++) { - ch = str[i]; - if(isspace(ch)) { - continue; - } - - xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); - nn = xmlSecBnLookupTable[ch]; - if((nn < 0) || ((xmlSecSize)nn > base)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "char=%c;base=%d", - ch, base); - return (-1); - } - - ret = xmlSecBnMul(bn, base); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnMul", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "base=%d", base); - return (-1); - } - - ret = xmlSecBnAdd(bn, nn); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "base=%d", base); - return (-1); - } + /* check if we need to add 00 prefix */ + data = xmlSecBufferGetData(bn); + size = xmlSecBufferGetSize(bn); + if((size > 0 && data[0] > 127)||(size==0)) { + ch = 0; + ret = xmlSecBufferPrepend(bn, &ch, 1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferPrepend", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "base=%d", base); + return (-1); + } + } + + /* do 2's compliment and add 1 to represent negative value */ + if(positive == 0) { + data = xmlSecBufferGetData(bn); + size = xmlSecBufferGetSize(bn); + for(i = 0; i < size; ++i) { + data[i] ^= 0xFF; + } + + ret = xmlSecBnAdd(bn, 1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnAdd", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "base=%d", base); + return (-1); + } } return(0); @@ -256,8 +335,12 @@ */ xmlChar* xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { + xmlSecBn bn2; + int positive = 1; xmlChar* res; - xmlSecSize i, len; + xmlSecSize i, len, size; + xmlSecByte* data; + int ret; int nn; xmlChar ch; @@ -265,35 +348,86 @@ xmlSecAssert2(base > 1, NULL); xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); + + /* copy bn */ + data = xmlSecBufferGetData(bn); + size = xmlSecBufferGetSize(bn); + ret = xmlSecBnInitialize(&bn2, size); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", size); + return (NULL); + } + + ret = xmlSecBnSetData(&bn2, data, size); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnSetData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", size); + xmlSecBnFinalize(&bn2); + return (NULL); + } + + /* check if it is a negative number or not */ + data = xmlSecBufferGetData(&bn2); + size = xmlSecBufferGetSize(&bn2); + if((size > 0) && (data[0] > 127)) { + /* subtract 1 and do 2's compliment */ + ret = xmlSecBnAdd(&bn2, -1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnAdd", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", size); + xmlSecBnFinalize(&bn2); + return (NULL); + } + for(i = 0; i < size; ++i) { + data[i] ^= 0xFF; + } + + positive = 0; + } else { + positive = 1; + } + /* Result string len is * len = log base (256) * * Since the smallest base == 2 then we can get away with * len = 8 * */ - len = 8 * xmlSecBufferGetSize(bn) + 1; + len = 8 * size + 1 + 1; res = (xmlChar*)xmlMalloc(len + 1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "len=%d", len); - return (NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_MALLOC_FAILED, + "len=%d", len); + xmlSecBnFinalize(&bn2); + return (NULL); } memset(res, 0, len + 1); - for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) { - if(xmlSecBnDiv(bn, base, &nn) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnDiv", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "base=%d", base); - xmlFree(res); - return (NULL); - } - xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); - res[i] = xmlSecBnRevLookupTable[nn]; + for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) { + if(xmlSecBnDiv(&bn2, base, &nn) < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnDiv", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "base=%d", base); + xmlFree(res); + xmlSecBnFinalize(&bn2); + return (NULL); + } + xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); + res[i] = xmlSecBnRevLookupTable[nn]; } xmlSecAssert2(i < len, NULL); @@ -301,13 +435,20 @@ for(len = i; (len > 1) && (res[len - 1] == '0'); len--); res[len] = '\0'; + /* add "-" for negative numbers */ + if(positive == 0) { + res[len] = '-'; + res[++len] = '\0'; + } + /* swap the string because we wrote it in reverse order */ for(i = 0; i < len / 2; i++) { - ch = res[i]; - res[i] = res[len - i - 1]; - res[len - i - 1] = ch; + ch = res[i]; + res[i] = res[len - i - 1]; + res[len - i - 1] = ch; } + xmlSecBnFinalize(&bn2); return(res); } @@ -392,7 +533,9 @@ } data = xmlSecBufferGetData(bn); - for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) { + i = xmlSecBufferGetSize(bn); + over = 0; + while(i > 0) { xmlSecAssert2(data != NULL, -1); over = over + multiplier * data[--i]; @@ -487,43 +630,57 @@ */ int xmlSecBnAdd(xmlSecBnPtr bn, int delta) { - int over; + int over, tmp; xmlSecByte* data; xmlSecSize i; xmlSecByte ch; int ret; xmlSecAssert2(bn != NULL, -1); - xmlSecAssert2(delta >= 0, -1); if(delta == 0) { - return(0); + return(0); } data = xmlSecBufferGetData(bn); - for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) { - xmlSecAssert2(data != NULL, -1); + if(delta > 0) { + for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) { + xmlSecAssert2(data != NULL, -1); - over += data[--i]; - data[i] = over % 256; - over = over / 256; - } + tmp = data[--i]; + over += tmp; + data[i] = over % 256; + over = over / 256; + } - while(over > 0) { - ch = over % 256; - over = over / 256; + while(over > 0) { + ch = over % 256; + over = over / 256; - ret = xmlSecBufferPrepend(bn, &ch, 1); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=1"); - return (-1); - } + ret = xmlSecBufferPrepend(bn, &ch, 1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferPrepend", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=1"); + return (-1); + } + } + } else { + for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) { + xmlSecAssert2(data != NULL, -1); + + tmp = data[--i]; + if(tmp < over) { + data[i] = 0; + over = (over - tmp) / 256; + } else { + data[i] = tmp - over; + over = 0; + } + } } - return(0); } @@ -787,7 +944,7 @@ } if(addLineBreaks) { - xmlNodeAddContent(cur, BAD_CAST "\n"); + xmlNodeAddContent(cur, xmlSecStringCR); } switch(format) { @@ -833,7 +990,7 @@ } if(addLineBreaks) { - xmlNodeAddContent(cur, BAD_CAST "\n"); + xmlNodeAddContent(cur, xmlSecStringCR); } return(0); --- misc/xmlsec1-1.2.6/src/dl.c 2003-10-29 16:57:20.000000000 +0100 +++ misc/build/xmlsec1-1.2.6/src/dl.c 2008-06-29 23:44:19.000000000 +0200 @@ -329,6 +329,10 @@ xmlSecCryptoDLInit(void) { int ret; + /* use xmlMalloc/xmlFree */ + xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; + xmlsec_lt_dlfree = xmlSecCryptoDLFree; + ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass()); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -350,9 +354,6 @@ } /* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */ - /* use xmlMalloc/xmlFree */ - xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; - xmlsec_lt_dlfree = xmlSecCryptoDLFree; return(0); } --- misc/xmlsec1-1.2.6/src/mscrypto/Makefile.in 2008-06-29 23:44:40.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/Makefile.in 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,178 @@ -dummy +# Makefile.in generated by automake 1.8.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +top_builddir = ../.. +LTLIBRARIES = $(lib_LTLIBRARIES) +am__DEPENDENCIES_1 = +libxmlsec1_mscrypto_la_DEPENDENCIES = ../libxmlsec1.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am__objects_1 = +am_libxmlsec1_mscrypto_la_OBJECTS = akmngr.lo app.lo certkeys.lo ciphers.lo crypto.lo \ + digests.lo keysstore.lo kt_rsa.lo signatures.lo symkeys.lo \ + x509.lo x509vfy.lo $(am__objects_1) +libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS) +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/certkeys.Plo \ +@AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ +@AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/keysstore.Plo \ +@AMDEP_TRUE@ ./$(DEPDIR)/kt_rsa.Plo ./$(DEPDIR)/signatures.Plo \ +@AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ +@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +LDFLAGS = @LDFLAGS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIBXML_CFLAGS = @LIBXML_CFLAGS@ +LIBXML_LIBS = @LIBXML_LIBS@ +MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@ +MSCRYPTO_LIBS = @MSCRYPTO_LIBS@ +OBJEXT = @OBJEXT@ +SHELL = @SHELL@ +XMLSEC_DEFINES = @XMLSEC_DEFINES@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +prefix = @prefix@ +NULL = + +INCLUDES = \ + -DPACKAGE=\"@PACKAGE@\" \ + -I$(top_srcdir) \ + -I$(top_srcdir)/include \ + $(XMLSEC_DEFINES) \ + $(MSCRYPTO_CFLAGS) \ + $(LIBXSLT_CFLAGS) \ + $(LIBXML_CFLAGS) \ + $(NULL) + +lib_LTLIBRARIES = \ + libxmlsec1-mscrypto.la \ + $(NULL) + +libxmlsec1_mscrypto_la_LIBADD = \ + ../libxmlsec1.la \ + $(MSCRYPTO_LIBS) \ + $(LIBXSLT_LIBS) \ + $(LIBXML_LIBS) \ + $(NULL) + +libxmlsec1_mscrypto_la_LDFLAGS = \ + -version-info @XMLSEC_VERSION_INFO@ \ + $(NULL) + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" = "$$p" && dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_LDFLAGS) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certkeys.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509vfy.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +all-am: Makefile $(LTLIBRARIES) + +mostlyclean-generic: + +clean-generic: + +clean: clean-am + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + mostlyclean-am + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +.PHONY: all all-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: --- misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2008-06-29 23:44:39.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,235 @@ -dummy +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright......................... + */ +#include "globals.h" + +#include +#include +#include +#include + +#include +#include +#include +#include + +/** + * xmlSecMSCryptoAppliedKeysMngrCreate: + * @hKeyStore: the pointer to key store. + * @hCertStore: the pointer to certificate database. + * + * Create and load key store and certificate database into keys manager + * + * Returns keys manager pointer on success or NULL otherwise. + */ +xmlSecKeysMngrPtr +xmlSecMSCryptoAppliedKeysMngrCreate( + HCERTSTORE hKeyStore , + HCERTSTORE hCertStore +) { + xmlSecKeyDataStorePtr certStore = NULL ; + xmlSecKeysMngrPtr keyMngr = NULL ; + xmlSecKeyStorePtr keyStore = NULL ; + + keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyStoreCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return NULL ; + } + + /*- + * At present, MS Crypto engine do not provide a way to setup a key store. + */ + if( keyStore != NULL ) { + /*TODO: binding key store.*/ + } + + keyMngr = xmlSecKeysMngrCreate() ; + if( keyMngr == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + return NULL ; + } + + /*- + * Add key store to manager, from now on keys manager destroys the store if + * needed + */ + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecKeysMngrAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + /*- + * Initialize crypto library specific data in keys manager + */ + if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecMSCryptoKeysMngrInit" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + /*- + * Set certificate databse to X509 key data store + */ + /*- + * At present, MS Crypto engine do not provide a way to setup a cert store. + */ + + /*- + * Set the getKey callback + */ + keyMngr->getKey = xmlSecKeysMngrGetKey ; + + return keyMngr ; +} + +int +xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY symKey +) { + /*TODO: import the key into keys manager.*/ + return(0) ; +} + +int +xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY pubKey +) { + /*TODO: import the key into keys manager.*/ + return(0) ; +} + +int +xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY priKey +) { + /*TODO: import the key into keys manager.*/ + return(0) ; +} + +int +xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE keyStore +) { + xmlSecKeyDataStorePtr x509Store ; + + xmlSecAssert2( mngr != NULL, -1 ) ; + xmlSecAssert2( keyStore != NULL, -1 ) ; + + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; + if( x509Store == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetDataStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , + "xmlSecMSCryptoX509StoreAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + return( 0 ) ; +} + +int +xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE trustedStore +) { + xmlSecKeyDataStorePtr x509Store ; + + xmlSecAssert2( mngr != NULL, -1 ) ; + xmlSecAssert2( trustedStore != NULL, -1 ) ; + + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; + if( x509Store == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetDataStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , + "xmlSecMSCryptoX509StoreAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + return( 0 ) ; +} + +int +xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE untrustedStore +) { + xmlSecKeyDataStorePtr x509Store ; + + xmlSecAssert2( mngr != NULL, -1 ) ; + xmlSecAssert2( untrustedStore != NULL, -1 ) ; + + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; + if( x509Store == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetDataStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , + "xmlSecMSCryptoX509StoreAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + return( 0 ) ; +} + --- misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2004-03-17 06:06:43.000000000 +0100 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2008-06-29 23:44:19.000000000 +0200 @@ -41,6 +41,7 @@ * a public key from xml document is provided, we need HCRYPTKEY.... The focus * now is however directed to certificates. Wouter */ +/** replaced by a wrapper style for WINNT 4.0 struct _xmlSecMSCryptoKeyDataCtx { HCRYPTPROV hProv; BOOL fCallerFreeProv; @@ -51,6 +52,124 @@ HCRYPTKEY hKey; xmlSecKeyDataType type; }; +*/ +/*- + * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is + * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support + * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 + */ +struct _mscrypt_key { + HCRYPTKEY hKey ; + int refcnt ; +} ; + +/*- + * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is + * the same as CryptContextAddRef. Because the CryptContextAddRef is not support + * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 + */ +struct _mscrypt_prov { + HCRYPTPROV hProv ; + BOOL freeprov ; + int refcnt ; +} ; + +struct _xmlSecMSCryptoKeyDataCtx { + struct _mscrypt_prov* p_prov ; + LPCTSTR providerName; + DWORD providerType; + PCCERT_CONTEXT pCert; + DWORD dwKeySpec; + struct _mscrypt_key* p_key ; + xmlSecKeyDataType type; +}; + +struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) { + struct _mscrypt_key* pkey ; + + pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ; + if( pkey == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + "mscrypt_create_key" , + NULL , + XMLSEC_ERRORS_R_MALLOC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE + ) ; + } + + pkey->hKey = key ; + pkey->refcnt = 1 ; + + return pkey ; +} + +struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) { + if( key ) + key->refcnt ++ ; + + return key ; +} + +int mscrypt_release_key( struct _mscrypt_key* key ) { + if( key ) { + key->refcnt -- ; + if( !key->refcnt ) { + if( key->hKey ) { + CryptDestroyKey( key->hKey ) ; + key->hKey = 0 ; + } + xmlFree( key ) ; + } else { + return key->refcnt ; + } + } + + return 0 ; +} + +struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) { + struct _mscrypt_prov* pprov ; + + pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ; + if( pprov == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + "mscrypt_create_prov" , + NULL , + XMLSEC_ERRORS_R_MALLOC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE + ) ; + } + + pprov->hProv = prov ; + pprov->freeprov = callerFree ; + pprov->refcnt = 1 ; + + return pprov ; +} + +struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) { + if( prov ) + prov->refcnt ++ ; + + return prov ; +} + +int mscrypt_release_prov( struct _mscrypt_prov* prov ) { + if( prov ) { + prov->refcnt -- ; + if( !prov->refcnt ) { + if( prov->hProv && prov->freeprov ) { + CryptReleaseContext( prov->hProv, 0 ) ; + prov->hProv = 0 ; + } + xmlFree( prov ) ; + } else { + return prov->refcnt ; + } + } + + return 0 ; +} /****************************************************************************** * @@ -88,24 +207,20 @@ ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - if (ctx->hKey != 0) { - CryptDestroyKey(ctx->hKey); - ctx->hKey = 0; - } + if( ctx->p_key != 0 ) { + mscrypt_release_key( ctx->p_key ) ; + } + ctx->p_key = mscrypt_create_key( 0 ) ; if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); ctx->pCert = NULL; } - if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) { - CryptReleaseContext(ctx->hProv, 0); - ctx->hProv = 0; - ctx->fCallerFreeProv = FALSE; - } else { - ctx->hProv = 0; - ctx->fCallerFreeProv = FALSE; - } + if( ( ctx->p_prov ) ) { + mscrypt_release_prov( ctx->p_prov ) ; + } + ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ; ctx->type = type; @@ -116,9 +231,9 @@ if (!CryptAcquireCertificatePrivateKey(pCert, CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, - &(ctx->hProv), + &(ctx->p_prov->hProv), &(ctx->dwKeySpec), - &(ctx->fCallerFreeProv))) { + &(ctx->p_prov->freeprov))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "CryptAcquireCertificatePrivateKey", @@ -127,46 +242,39 @@ return(-1); } } else if((type & xmlSecKeyDataTypePublic) != 0){ - if (!CryptAcquireContext(&(ctx->hProv), + if (!CryptAcquireContext(&(ctx->p_prov->hProv), NULL, - ctx->providerName, + NULL, /*AF: replaces "ctx->providerName" with "NULL" */ ctx->providerType, CRYPT_VERIFYCONTEXT)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptAcquireContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ctx->dwKeySpec = 0; - ctx->fCallerFreeProv = TRUE; + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptAcquireContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ctx->dwKeySpec = 0; + ctx->p_prov->freeprov = TRUE; + + if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &(pCert->pCertInfo->SubjectPublicKeyInfo), + &(ctx->p_key->hKey) ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptImportPublicKeyInfo", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } } else { - xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_XMLSEC_FAILED, "Unsupported keytype"); - return(-1); - } - - /* CryptImportPublicKeyInfo is only needed when a real key handle - * is needed. The key handle is needed for de/encrypting and for - * verifying of a signature, *not* for signing. We could call - * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead - * so no unnessecary calls to CryptImportPublicKeyInfo are being - * made. WK - */ - if(!CryptImportPublicKeyInfo(ctx->hProv, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - &(pCert->pCertInfo->SubjectPublicKeyInfo), - &(ctx->hKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptImportPublicKeyInfo", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + return(-1); } ctx->pCert = pCert; @@ -190,29 +298,26 @@ ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - if(ctx->hKey != 0) { - CryptDestroyKey(ctx->hKey); - ctx->hKey = 0; - } + if( ctx->p_key != 0 ) { + mscrypt_release_key( ctx->p_key ) ; + ctx->p_key = NULL ; + } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); ctx->pCert = NULL; } - if((ctx->hProv != 0) && ctx->fCallerFreeProv) { - CryptReleaseContext(ctx->hProv, 0); - ctx->hProv = 0; - ctx->fCallerFreeProv = FALSE; - } else { - ctx->hProv = 0; - ctx->fCallerFreeProv = FALSE; - } + if( ( ctx->p_prov ) ) { + mscrypt_release_prov( ctx->p_prov ) ; + ctx->p_prov = NULL ; + } else { + ctx->p_prov = NULL ; + } - ctx->hProv = hProv; - ctx->fCallerFreeProv = fCallerFreeProv; + ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ; ctx->dwKeySpec = dwKeySpec; - ctx->hKey = hKey; + ctx->p_key = mscrypt_create_key( hKey ) ; ctx->type = type; return(0); @@ -238,7 +343,7 @@ ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); - return(ctx->hKey); + return( ctx->p_key ? ctx->p_key->hKey : 0 ); } /** @@ -273,7 +378,7 @@ ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); - return(ctx->hProv); + return( ctx->p_prov ? ctx->p_prov->hProv : 0 ); } DWORD @@ -316,25 +421,36 @@ XMLSEC_ERRORS_NO_MESSAGE); return(-1); } - } - - if (ctxSrc->hKey != 0) { - if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CryptDuplicateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } } - if(ctxSrc->hProv != 0) { - CryptContextAddRef(ctxSrc->hProv, NULL, 0); - ctxDst->hProv = ctxSrc->hProv; - ctxDst->fCallerFreeProv = TRUE; - } else { - ctxDst->hProv = 0; - ctxDst->fCallerFreeProv = FALSE; + + if( ctxSrc->p_key ) { + if( ctxDst->p_key ) + mscrypt_release_key( ctxDst->p_key ) ; + + ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ; + if( !ctxDst->p_key ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "mscrypt_acquire_key", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + if( ctxSrc->p_prov ) { + if( ctxDst->p_prov ) + mscrypt_release_prov( ctxDst->p_prov ) ; + + ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ; + if( !ctxDst->p_prov ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "mscrypt_acquire_prov", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } } ctxDst->dwKeySpec = ctxSrc->dwKeySpec; @@ -355,16 +471,16 @@ ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert(ctx != NULL); - if (ctx->hKey != 0) { - CryptDestroyKey(ctx->hKey); + if( ctx->p_key ) { + mscrypt_release_key( ctx->p_key ) ; } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); } - if ((ctx->hProv != 0) && ctx->fCallerFreeProv) { - CryptReleaseContext(ctx->hProv, 0); + if( ctx->p_prov ) { + mscrypt_release_prov( ctx->p_prov ) ; } memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); @@ -384,14 +500,14 @@ xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); - } else if (ctx->hKey != 0) { + } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) { DWORD length = 0; DWORD lenlen = sizeof(DWORD); - - if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { + + if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "CertDuplicateCertificateContext", + "CryptGetKeyParam", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(0); @@ -581,7 +697,11 @@ static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output); static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output); +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { +#else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { +#endif sizeof(xmlSecKeyDataKlass), xmlSecMSCryptoKeyDataSize, @@ -938,9 +1058,10 @@ ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->hKey != 0, -1); + xmlSecAssert2(ctx->p_key != 0, -1); + xmlSecAssert2(ctx->p_key->hKey != 0, -1); - if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { + if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", @@ -960,7 +1081,7 @@ } blob = xmlSecBufferGetData(&buf); - if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { + if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", @@ -1295,7 +1416,11 @@ static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output); +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { +#else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { +#endif sizeof(xmlSecKeyDataKlass), xmlSecMSCryptoKeyDataSize, @@ -1797,9 +1922,10 @@ ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->hKey != 0, -1); + xmlSecAssert2(ctx->p_key != 0, -1); + xmlSecAssert2(ctx->p_key->hKey != 0, -1); - if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { + if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", @@ -1819,7 +1945,7 @@ } blob = xmlSecBufferGetData(&buf); - if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { + if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", @@ -2010,7 +2136,6 @@ HCRYPTKEY hKey = 0; DWORD dwKeySpec; DWORD dwSize; - int res = -1; int ret; xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown); @@ -2043,12 +2168,14 @@ dwKeySpec = AT_SIGNATURE; dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CryptGenKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); - goto done; + if (hProv != 0) + CryptReleaseContext(hProv, 0); + return -1 ; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, @@ -2059,24 +2186,17 @@ "xmlSecMSCryptoKeyDataAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - hProv = 0; - hKey = 0; + if( hKey != 0 ) + CryptDestroyKey( hKey ) ; + if( hProv != 0 ) + CryptReleaseContext( hProv, 0 ) ; - /* success */ - res = 0; - -done: - if (hProv != 0) { - CryptReleaseContext(ctx->hProv, 0); + return -1 ; } + hProv = 0 ; + hKey = 0 ; - if (hKey != 0) { - CryptDestroyKey(hKey); - } - - return(res); + return 0 ; } static xmlSecKeyDataType --- misc/xmlsec1-1.2.6/src/mscrypto/ciphers.c 2003-09-26 08:12:51.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/ciphers.c 2008-06-29 23:44:19.000000000 +0200 @@ -785,7 +785,11 @@ * AES CBC cipher transforms * ********************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { +#else static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ @@ -824,7 +828,11 @@ return(&xmlSecMSCryptoAes128CbcKlass); } +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { +#else static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ @@ -863,7 +871,11 @@ return(&xmlSecMSCryptoAes192CbcKlass); } +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { +#else static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */ @@ -906,7 +918,11 @@ #ifndef XMLSEC_NO_DES +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { +#else static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* size_t klassSize */ xmlSecMSCryptoBlockCipherSize, /* size_t objSize */ --- misc/xmlsec1-1.2.6/src/mscrypto/crypto.c 2003-11-12 03:38:51.000000000 +0100 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c 2008-06-29 23:44:19.000000000 +0200 @@ -330,13 +330,15 @@ BYTE* xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { BYTE* str = NULL; - + LPCTSTR ppszError = NULL; + xmlSecAssert2(pszX500 != NULL, NULL); xmlSecAssert2(len != NULL, NULL); if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, - NULL, NULL, len, NULL)) { + NULL, NULL, len, &ppszError)) { /* this might not be an error, string might just not exist */ + DWORD dw = GetLastError(); return(NULL); } --- misc/xmlsec1-1.2.6/src/mscrypto/digests.c 2003-09-30 04:09:51.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/digests.c 2008-06-29 23:44:19.000000000 +0200 @@ -96,12 +96,15 @@ /* TODO: Check what provider is best suited here.... */ if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + //#i57942# This is also committed in rev 1.4 of this file in the xmlsec project + if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + } + return(0); } return(0); @@ -298,7 +301,11 @@ * SHA1 * *****************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { +#else static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* size_t klassSize */ xmlSecMSCryptoDigestSize, /* size_t objSize */ --- misc/xmlsec1-1.2.6/src/mscrypto/keysstore.c 2003-09-27 05:12:22.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/keysstore.c 2008-06-29 23:44:19.000000000 +0200 @@ -62,7 +62,11 @@ const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx); +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { +#else static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = { +#endif sizeof(xmlSecKeyStoreKlass), xmlSecMSCryptoKeysStoreSize, --- misc/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c 2003-09-26 22:29:25.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c 2008-06-29 23:44:19.000000000 +0200 @@ -66,7 +66,11 @@ static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx); +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { +#else static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */ --- misc/xmlsec1-1.2.6/src/mscrypto/signatures.c 2003-09-26 22:29:25.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/signatures.c 2008-06-29 23:44:19.000000000 +0200 @@ -483,7 +483,11 @@ * RSA-SHA1 signature transform * ***************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { +#else static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ @@ -531,7 +535,11 @@ * ***************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { +#else static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ --- misc/xmlsec1-1.2.6/src/mscrypto/symkeys.c 2003-09-26 02:58:13.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/symkeys.c 2008-06-29 23:44:19.000000000 +0200 @@ -72,7 +72,11 @@ * processing * *************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { +#else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = { +#endif sizeof(xmlSecKeyDataKlass), xmlSecKeyDataBinarySize, @@ -153,7 +157,11 @@ * processing * *************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { +#else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = { +#endif sizeof(xmlSecKeyDataKlass), xmlSecKeyDataBinarySize, --- misc/xmlsec1-1.2.6/src/mscrypto/x509.c 2003-09-26 02:58:13.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c 2008-06-29 23:44:19.000000000 +0200 @@ -240,7 +240,11 @@ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { +#else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = { +#endif sizeof(xmlSecKeyDataKlass), xmlSecMSCryptoX509DataSize, @@ -1572,6 +1576,7 @@ xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecMSCryptoX509DataCtxPtr ctx; xmlSecKeyDataStorePtr x509Store; + PCCERT_CONTEXT pCert ; int ret; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1); @@ -1610,6 +1615,53 @@ return(-1); } + /* + * I'll search key according to KeyReq. + */ + pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; + if( pCert == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CertDuplicateCertificateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + return(-1); + } + + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoCertAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + CertFreeCertificateContext( pCert ) ; + return(-1); + } + pCert = NULL ; + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoCertAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + CertFreeCertificateContext( pCert ) ; + return(-1); + } + pCert = NULL ; + } + + + + /*- + * Get Public key from cert, which does not always work for sign action. + * keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -1619,6 +1671,51 @@ XMLSEC_ERRORS_NO_MESSAGE); return(-1); } + */ + + /*- + * I'll search key according to KeyReq. + */ + pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; + if( pCert == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CertDuplicateCertificateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + return(-1); + } + + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoCertAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + CertFreeCertificateContext( pCert ) ; + return(-1); + } + pCert = NULL ; + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoCertAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + CertFreeCertificateContext( pCert ) ; + return(-1); + } + pCert = NULL ; + } + + /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { @@ -1882,7 +1979,7 @@ xmlSecAssert2(nm->pbData != NULL, NULL); xmlSecAssert2(nm->cbData > 0, NULL); - csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0); + csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0); str = (char *)xmlMalloc(csz); if (NULL == str) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -1893,7 +1990,7 @@ return (NULL); } - csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz); + csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz); if (csz < 1) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, @@ -1904,17 +2001,37 @@ return(NULL); } - res = xmlStrdup(BAD_CAST str); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(str); - return(NULL); + /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead. + * don't ask me how is it possible not to read something you wrote yourself but also + * see comment in the xmlSecMSCryptoX509FindCert function. + */ + if(strncmp(str, "E=", 2) == 0) { + res = xmlMalloc(strlen(str) + 13 + 1); + if(res == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlMalloc", + XMLSEC_ERRORS_R_MALLOC_FAILED, + "size=%d", + strlen(str) + 13 + 1); + xmlFree(str); + return(NULL); + } + + memcpy(res, "emailAddress=", 13); + strcpy(res + 13, BAD_CAST (str + 2)); + } else { + res = xmlStrdup(BAD_CAST str); + if(res == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlStrdup", + XMLSEC_ERRORS_R_MALLOC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(str); + return(NULL); + } } - xmlFree(str); return(res); } @@ -2153,7 +2270,11 @@ xmlSecSize bufSize, xmlSecKeyInfoCtxPtr keyInfoCtx); +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { +#else static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = { +#endif sizeof(xmlSecKeyDataKlass), sizeof(xmlSecKeyData), --- misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2003-09-27 05:12:22.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2008-06-29 23:44:19.000000000 +0200 @@ -70,7 +70,11 @@ static xmlSecByte * xmlSecMSCryptoX509NameRead (xmlSecByte *str, int len); +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { +#else static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = { +#endif sizeof(xmlSecKeyDataStoreKlass), xmlSecMSCryptoX509StoreSize, @@ -125,6 +129,7 @@ xmlChar *issuerName, xmlChar *issuerSerial, xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { xmlSecMSCryptoX509StoreCtxPtr ctx; + PCCERT_CONTEXT pCert ; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); @@ -132,10 +137,17 @@ ctx = xmlSecMSCryptoX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->untrusted != NULL, NULL); + xmlSecAssert2(ctx->trusted != NULL, NULL); - return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski)); -} + pCert = NULL ; + if( ctx->untrusted != NULL ) + pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ; + + if( ctx->trusted != NULL && pCert == NULL ) + pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ; + return( pCert ) ; +} static void xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { @@ -252,17 +264,22 @@ } static BOOL -xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs, - xmlSecKeyInfoCtx* keyInfoCtx) { +xmlSecMSCryptoX509StoreConstructCertsChain( + xmlSecKeyDataStorePtr store , + PCCERT_CONTEXT cert , + HCERTSTORE certStore , + xmlSecKeyInfoCtx* keyInfoCtx +) { xmlSecMSCryptoX509StoreCtxPtr ctx; PCCERT_CONTEXT issuerCert = NULL; FILETIME fTime; DWORD flags; + BOOL selfSigned ; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); xmlSecAssert2(cert != NULL, FALSE); xmlSecAssert2(cert->pCertInfo != NULL, FALSE); - xmlSecAssert2(certs != NULL, FALSE); + xmlSecAssert2(certStore != NULL, FALSE); xmlSecAssert2(keyInfoCtx != NULL, FALSE); ctx = xmlSecMSCryptoX509StoreGetCtx(store); @@ -283,60 +300,85 @@ return(FALSE); } - if (!xmlSecMSCryptoCheckRevocation(certs, cert)) { + if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) { return(FALSE); } - /* try the untrusted certs in the chain */ - issuerCert = CertFindCertificateInStore(certs, + /*- + * Firstly try to find the cert in the trusted cert store. We will trust + * the certificate in the trusted store. + */ + issuerCert = CertFindCertificateInStore(ctx->trusted, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, - &(cert->pCertInfo->Issuer), + &(cert->pCertInfo->Subject), NULL); - if(issuerCert == cert) { - /* self signed cert, forget it */ - CertFreeCertificateContext(issuerCert); - } else if(issuerCert != NULL) { - flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; - if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { - xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); - CertFreeCertificateContext(issuerCert); - return(FALSE); - } - if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { - xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); - CertFreeCertificateContext(issuerCert); - return(FALSE); - } - CertFreeCertificateContext(issuerCert); - return(TRUE); + if( issuerCert != NULL ) { + /* We have found the trusted cert, so return true */ + CertFreeCertificateContext( issuerCert ) ; + return( TRUE ) ; } - /* try the untrusted certs in the store */ - issuerCert = CertFindCertificateInStore(ctx->untrusted, + /* Check whether the certificate is self signed certificate */ + selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ; + + /* try the untrusted certs in the chain */ + if( !selfSigned ) { + issuerCert = CertFindCertificateInStore(certStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &(cert->pCertInfo->Issuer), NULL); - if(issuerCert == cert) { - /* self signed cert, forget it */ - CertFreeCertificateContext(issuerCert); - } else if(issuerCert != NULL) { - flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; - if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { - xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); - CertFreeCertificateContext(issuerCert); - return(FALSE); - } - if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { - CertFreeCertificateContext(issuerCert); - return(FALSE); + if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { + /* self signed cert, forget it */ + CertFreeCertificateContext(issuerCert); + } else if(issuerCert != NULL) { + flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; + if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { + xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); + CertFreeCertificateContext(issuerCert); + return(FALSE); + } + if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { + xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); + CertFreeCertificateContext(issuerCert); + return(FALSE); + } + + CertFreeCertificateContext(issuerCert); + return(TRUE); + } + } + + /* try the untrusted certs in the store */ + if( !selfSigned ) { + issuerCert = CertFindCertificateInStore(ctx->untrusted, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_NAME, + &(cert->pCertInfo->Issuer), + NULL); + if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { + /* self signed cert, forget it */ + CertFreeCertificateContext(issuerCert); + } else if(issuerCert != NULL) { + flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; + if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { + xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); + CertFreeCertificateContext(issuerCert); + return(FALSE); + } + if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { + CertFreeCertificateContext(issuerCert); + return(FALSE); + } + + CertFreeCertificateContext(issuerCert); + return(TRUE); + } } - CertFreeCertificateContext(issuerCert); - return(TRUE); - } /* try to find issuer cert in the trusted cert in the store */ issuerCert = CertFindCertificateInStore(ctx->trusted, @@ -379,26 +421,61 @@ xmlSecAssert2(certs != NULL, NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); - while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){ - PCCERT_CONTEXT nextCert = NULL; + while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) { + PCCERT_CONTEXT nextCert ; + unsigned char selected ; - xmlSecAssert2(cert->pCertInfo != NULL, NULL); + xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ; - /* if cert is the issuer of any other cert in the list, then it is - * to be skipped */ - nextCert = CertFindCertificateInStore(certs, + /* if cert is the issuer of any other cert in the list, then it is + * to be skipped except that the cert list only have one self-signed + * certificate. + */ + for( selected = 0, nextCert = NULL ; ; ) { + nextCert = CertFindCertificateInStore( certs, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ISSUER_NAME, &(cert->pCertInfo->Subject), - NULL); - if(nextCert != NULL) { - CertFreeCertificateContext(nextCert); - continue; - } - if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { - return(cert); - } + nextCert ) ; + if( nextCert != NULL ) { + if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) { + selected = 1 ; + continue ; + } else { + selected = 0 ; + break ; + } + } else { + selected = 1 ; + break ; + } + } + + if( nextCert != NULL ) + CertFreeCertificateContext( nextCert ) ; + + if( !selected ) { + continue ; + } + + /* JL: OpenOffice.org implements its own certificate verification routine. + The goal is to seperate validation of the signature + and the certificate. For example, OOo could show that the document signature is valid, + but the certificate could not be verified. If we do not prevent the verification of + the certificate by libxmlsec and the verification fails, then the XML signature will not be + verified. This would happen, for example, if the root certificate is not installed. + + In the store schould only be the certificate from the X509Certificate element + and the X509IssuerSerial element. The latter is only there + if the certificate is installed. Both certificates must be the same! + In case of writing the signature, the store contains only the certificate that + was created based on the information from the X509IssuerSerial element. */ + return cert; + +/* if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) { + return( cert ) ; + } */ } return (NULL); @@ -458,9 +535,126 @@ return(0); } +int +xmlSecMSCryptoX509StoreAdoptKeyStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE keyStore +) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + xmlSecAssert2( keyStore != NULL, -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->trusted != NULL, -1); + + if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + { + PCCERT_CONTEXT ptCert ; + + ptCert = NULL ; + while( 1 ) { + ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; + if( ptCert == NULL ) + break ; + } + } + + return(0); +} + +int +xmlSecMSCryptoX509StoreAdoptTrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE trustedStore +) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + xmlSecAssert2( trustedStore != NULL, -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->trusted != NULL, -1); + + if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + { + PCCERT_CONTEXT ptCert ; + + ptCert = NULL ; + while( 1 ) { + ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; + if( ptCert == NULL ) + break ; + } + } + + return(0); +} + +int +xmlSecMSCryptoX509StoreAdoptUntrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE untrustedStore +) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + xmlSecAssert2( untrustedStore != NULL, -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->untrusted != NULL, -1); + + if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + { + PCCERT_CONTEXT ptCert ; + + ptCert = NULL ; + while( 1 ) { + ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ; + if( ptCert == NULL ) + break ; + } + } + + return(0); +} + static int xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { xmlSecMSCryptoX509StoreCtxPtr ctx; + HCERTSTORE hTrustedMemStore ; + HCERTSTORE hUntrustedMemStore ; + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); ctx = xmlSecMSCryptoX509StoreGetCtx(store); @@ -468,36 +662,104 @@ memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); + /* create trusted certs store collection */ + ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, + 0, + NULL, + 0, + NULL); + if(ctx->trusted == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertOpenStore", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + /* create trusted certs store */ - ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY, + hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); - if(ctx->trusted == NULL) { + if(hTrustedMemStore == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "CertOpenStore", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + ctx->trusted = NULL ; return(-1); } - /* create trusted certs store */ - ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY, + /* add the memory trusted certs store to trusted certs store collection */ + if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); + ctx->trusted = NULL ; + return(-1); + } + CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); + + /* create untrusted certs store collection */ + ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, + 0, + NULL, + 0, + NULL); + if(ctx->untrusted == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertOpenStore", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + ctx->trusted = NULL ; + return(-1); + } + + /* create untrusted certs store */ + hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); - if(ctx->untrusted == NULL) { + if(hUntrustedMemStore == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "CertOpenStore", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); + ctx->trusted = NULL ; + ctx->untrusted = NULL ; return(-1); } + /* add the memory trusted certs store to untrusted certs store collection */ + if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); + ctx->trusted = NULL ; + ctx->untrusted = NULL ; + return(-1); + } + CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); + return(0); } @@ -567,10 +829,41 @@ if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) { xmlSecBn issuerSerialBn; + xmlChar * p; CERT_NAME_BLOB cnb; + CRYPT_INTEGER_BLOB cib; BYTE *cName = NULL; DWORD cNameLen = 0; + + /* aleksey: for some unknown to me reasons, mscrypto wants Email + * instead of emailAddress. This code is not bullet proof and may + * produce incorrect results if someone has "emailAddress=" string + * in one of the fields, but it is best I can suggest to fix this problem. + * Also see xmlSecMSCryptoX509NameWrite function. + */ + while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) { + memcpy(p, " Email=", 13); + } + + + + /* get issuer name */ + cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + issuerName, + CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, + &cNameLen); + if(cName == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecMSCryptoCertStrToName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return (NULL); + } + cnb.pbData = cName; + cnb.cbData = cNameLen; + /* get serial number */ ret = xmlSecBnInitialize(&issuerSerialBn, 0); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -578,6 +871,7 @@ "xmlSecBnInitialize", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(cName); return(NULL); } @@ -589,26 +883,30 @@ XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecBnFinalize(&issuerSerialBn); - return(NULL); + xmlFree(cName); + return(NULL); } - cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - issuerName, - CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, - &cNameLen); - if(cName == NULL) { + /* I have no clue why at a sudden a swap is needed to + * convert from lsb... This code is purely based upon + * trial and error :( WK + */ + ret = xmlSecBnReverse(&issuerSerialBn); + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "xmlSecMSCryptoCertStrToName", + "xmlSecBnReverse", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecBnFinalize(&issuerSerialBn); - return (NULL); + xmlFree(cName); + return(NULL); } - cnb.pbData = cName; - cnb.cbData = cNameLen; - while((pCert = CertFindCertificateInStore(store, + cib.pbData = xmlSecBufferGetData(&issuerSerialBn); + cib.cbData = xmlSecBufferGetSize(&issuerSerialBn); + + while((pCert = CertFindCertificateInStore(store, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0, CERT_FIND_ISSUER_NAME, @@ -622,10 +920,9 @@ if((pCert->pCertInfo != NULL) && (pCert->pCertInfo->SerialNumber.pbData != NULL) && (pCert->pCertInfo->SerialNumber.cbData > 0) && - (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData, - pCert->pCertInfo->SerialNumber.cbData))) { - - break; + (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE) + ) { + break; } } xmlFree(cName); --- misc/xmlsec1-1.2.6/src/nss/Makefile.am 2003-09-16 11:43:03.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/Makefile.am 2008-06-29 23:44:19.000000000 +0200 @@ -20,21 +20,22 @@ $(NULL) libxmlsec1_nss_la_SOURCES =\ + akmngr.c \ app.c \ bignum.c \ ciphers.c \ crypto.c \ digests.c \ hmac.c \ + keysstore.c \ + keytrans.c \ + keywrapers.c \ pkikeys.c \ signatures.c \ symkeys.c \ + tokens.c \ x509.c \ x509vfy.c \ - keysstore.c \ - kt_rsa.c \ - kw_des.c \ - kw_aes.c \ $(NULL) libxmlsec1_nss_la_LIBADD = \ --- misc/xmlsec1-1.2.6/src/nss/Makefile.in 2004-08-26 08:00:32.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/Makefile.in 2008-06-29 23:44:19.000000000 +0200 @@ -54,9 +54,9 @@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__objects_1 = -am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \ +am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \ digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ - x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \ + x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \ $(am__objects_1) libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) @@ -65,11 +65,11 @@ @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ -@AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \ -@AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \ +@AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \ +@AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ -@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo +@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ @@ -321,21 +321,22 @@ $(NULL) libxmlsec1_nss_la_SOURCES = \ + akmngr.c \ app.c \ bignum.c \ ciphers.c \ crypto.c \ digests.c \ hmac.c \ + keysstore.c \ + keytrans.c \ + keywrappers.c \ pkikeys.c \ signatures.c \ symkeys.c \ + tokens.c \ x509.c \ x509vfy.c \ - keysstore.c \ - kt_rsa.c \ - kw_des.c \ - kw_aes.c \ $(NULL) libxmlsec1_nss_la_LIBADD = \ @@ -418,6 +419,7 @@ distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ @@ -425,9 +427,9 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ --- misc/xmlsec1-1.2.6/src/nss/akmngr.c 2008-06-29 23:44:39.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/akmngr.c 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,384 @@ -dummy +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright......................... + */ +#include "globals.h" + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +/** + * xmlSecNssAppliedKeysMngrCreate: + * @slot: array of pointers to NSS PKCS#11 slot infomation. + * @cSlots: number of slots in the array + * @handler: the pointer to NSS certificate database. + * + * Create and load NSS crypto slot and certificate database into keys manager + * + * Returns keys manager pointer on success or NULL otherwise. + */ +xmlSecKeysMngrPtr +xmlSecNssAppliedKeysMngrCreate( + PK11SlotInfo** slots, + int cSlots, + CERTCertDBHandle* handler +) { + xmlSecKeyDataStorePtr certStore = NULL ; + xmlSecKeysMngrPtr keyMngr = NULL ; + xmlSecKeyStorePtr keyStore = NULL ; + int islot = 0; + keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyStoreCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return NULL ; + } + + for (islot = 0; islot < cSlots; islot++) + { + xmlSecNssKeySlotPtr keySlot ; + + /* Create a key slot */ + keySlot = xmlSecNssKeySlotCreate() ; + if( keySlot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeySlotCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + return NULL ; + } + + /* Set slot */ + if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeySlotSetSlot" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return NULL ; + } + + /* Adopt keySlot */ + if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeysStoreAdoptKeySlot" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return NULL ; + } + } + + keyMngr = xmlSecKeysMngrCreate() ; + if( keyMngr == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + return NULL ; + } + + /*- + * Add key store to manager, from now on keys manager destroys the store if + * needed + */ + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecKeysMngrAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + /*- + * Initialize crypto library specific data in keys manager + */ + if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + /*- + * Set certificate databse to X509 key data store + */ + /** + * Because Tej's implementation of certDB use the default DB, so I ignore + * the certDB handler at present. I'll modify the cert store sources to + * accept particular certDB instead of default ones. + certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; + if( certStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecKeysMngrGetDataStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeyDataStoreX509SetCertDb" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + */ + + /*- + * Set the getKey callback + */ + keyMngr->getKey = xmlSecKeysMngrGetKey ; + + return keyMngr ; +} + +int +xmlSecNssAppliedKeysMngrSymKeyLoad( + xmlSecKeysMngrPtr mngr , + PK11SymKey* symKey +) { + xmlSecKeyPtr key ; + xmlSecKeyDataPtr data ; + xmlSecKeyStorePtr keyStore ; + + xmlSecAssert2( mngr != NULL , -1 ) ; + xmlSecAssert2( symKey != NULL , -1 ) ; + + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetKeysStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; + + data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + + key = xmlSecKeyCreate() ; + if( key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecKeySetValue( key , data ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDestroy( key ) ; + return(-1) ; + } + + return(0) ; +} + +int +xmlSecNssAppliedKeysMngrPubKeyLoad( + xmlSecKeysMngrPtr mngr , + SECKEYPublicKey* pubKey +) { + xmlSecKeyPtr key ; + xmlSecKeyDataPtr data ; + xmlSecKeyStorePtr keyStore ; + + xmlSecAssert2( mngr != NULL , -1 ) ; + xmlSecAssert2( pubKey != NULL , -1 ) ; + + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetKeysStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; + + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssPKIAdoptKey" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + + key = xmlSecKeyCreate() ; + if( key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecKeySetValue( key , data ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDestroy( key ) ; + return(-1) ; + } + + return(0) ; +} + +int +xmlSecNssAppliedKeysMngrPriKeyLoad( + xmlSecKeysMngrPtr mngr , + SECKEYPrivateKey* priKey +) { + xmlSecKeyPtr key ; + xmlSecKeyDataPtr data ; + xmlSecKeyStorePtr keyStore ; + + xmlSecAssert2( mngr != NULL , -1 ) ; + xmlSecAssert2( priKey != NULL , -1 ) ; + + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetKeysStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; + + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssPKIAdoptKey" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + + key = xmlSecKeyCreate() ; + if( key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecKeySetValue( key , data ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDestroy( key ) ; + return(-1) ; + } + + return(0) ; +} + --- misc/xmlsec1-1.2.6/src/nss/ciphers.c 2003-09-26 02:58:15.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/ciphers.c 2008-06-29 23:44:19.000000000 +0200 @@ -1,838 +1,967 @@ -/** - * XMLSec library - * - * This is free software; see Copyright file in the source - * distribution for preciese wording. - * - * Copyright (C) 2002-2003 Aleksey Sanin - * Copyright (c) 2003 America Online, Inc. All rights reserved. - */ +/* -- C Source File -- **/ #include "globals.h" +#include #include -#include #include -#include #include #include +#include +#include #include +#include #include #include #include +#include -#define XMLSEC_NSS_MAX_KEY_SIZE 32 -#define XMLSEC_NSS_MAX_IV_SIZE 32 -#define XMLSEC_NSS_MAX_BLOCK_SIZE 32 - -/************************************************************************** - * - * Internal Nss Block cipher CTX +/** + * Internal Nss Block Cipher Context * - *****************************************************************************/ -typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, - *xmlSecNssBlockCipherCtxPtr; + * This context is designed for repositing a block cipher for transform + */ +typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; +typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; + struct _xmlSecNssBlockCipherCtx { - CK_MECHANISM_TYPE cipher; - PK11Context* cipherCtx; - xmlSecKeyDataId keyId; - int keyInitialized; - int ctxInitialized; - xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; - xmlSecSize keySize; - xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; - xmlSecSize ivSize; -}; -static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, - xmlSecBufferPtr out, - int encrypt, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx); -static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, - xmlSecBufferPtr out, - int encrypt, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx); -static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, - xmlSecBufferPtr out, - int encrypt, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx); -static int -xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, xmlSecBufferPtr out, - int encrypt, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { - SECItem keyItem; - SECItem ivItem; - PK11SlotInfo* slot; - PK11SymKey* symKey; - int ivLen; - SECStatus rv; - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->cipher != 0, -1); - xmlSecAssert2(ctx->cipherCtx == NULL, -1); - xmlSecAssert2(ctx->keyInitialized != 0, -1); - xmlSecAssert2(ctx->ctxInitialized == 0, -1); - xmlSecAssert2(in != NULL, -1); - xmlSecAssert2(out != NULL, -1); - xmlSecAssert2(transformCtx != NULL, -1); - - ivLen = PK11_GetIVLength(ctx->cipher); - xmlSecAssert2(ivLen > 0, -1); - xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); - - if(encrypt) { - /* generate random iv */ - rv = PK11_GenerateRandom(ctx->iv, ivLen); - if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", ivLen); - return(-1); - } - - /* write iv to the output */ - ret = xmlSecBufferAppend(out, ctx->iv, ivLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ivLen); - return(-1); - } - - } else { - /* if we don't have enough data, exit and hope that - * we'll have iv next time */ - if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { - return(0); - } - - /* copy iv to our buffer*/ - xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); - memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); - - /* and remove from input */ - ret = xmlSecBufferRemoveHead(in, ivLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ivLen); - return(-1); + CK_MECHANISM_TYPE cipher ; + PK11SymKey* symkey ; + PK11Context* cipherCtx ; + xmlSecKeyDataId keyId ; +} ; + +#define xmlSecNssBlockCipherSize \ + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) + +#define xmlSecNssBlockCipherGetCtx( transform ) \ + ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) + +static int +xmlSecNssBlockCipherCheckId( + xmlSecTransformPtr transform +) { + #ifndef XMLSEC_NO_DES + if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) { + return 1 ; } - } + #endif /* XMLSEC_NO_DES */ - memset(&keyItem, 0, sizeof(keyItem)); - keyItem.data = ctx->key; - keyItem.len = ctx->keySize; - memset(&ivItem, 0, sizeof(ivItem)); - ivItem.data = ctx->iv; - ivItem.len = ctx->ivSize; - - slot = PK11_GetBestSlot(ctx->cipher, NULL); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, - CKA_SIGN, &keyItem, NULL); - if(symKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - PK11_FreeSlot(slot); - return(-1); - } + #ifndef XMLSEC_NO_AES + if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) || + xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) || + xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) { - ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, - (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, - symKey, &ivItem); - if(ctx->cipherCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - PK11_FreeSymKey(symKey); - PK11_FreeSlot(slot); - return(-1); + return 1 ; } - - ctx->ctxInitialized = 1; - PK11_FreeSymKey(symKey); - PK11_FreeSlot(slot); - return(0); + #endif /* XMLSEC_NO_AES */ + + return 0 ; } -static int -xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, xmlSecBufferPtr out, - int encrypt, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { - xmlSecSize inSize, inBlocks, outSize; - int blockLen; - int outLen = 0; - xmlSecByte* outBuf; - SECStatus rv; - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->cipher != 0, -1); - xmlSecAssert2(ctx->cipherCtx != NULL, -1); - xmlSecAssert2(ctx->ctxInitialized != 0, -1); - xmlSecAssert2(in != NULL, -1); - xmlSecAssert2(out != NULL, -1); - xmlSecAssert2(transformCtx != NULL, -1); +static int +xmlSecNssBlockCipherFetchCtx( + xmlSecNssBlockCipherCtxPtr context , + xmlSecTransformId id +) { + xmlSecAssert2( context != NULL, -1 ) ; + + #ifndef XMLSEC_NO_DES + if( id == xmlSecNssTransformDes3CbcId ) { + context->cipher = CKM_DES3_CBC ; + context->keyId = xmlSecNssKeyDataDesId ; + } else + #endif /* XMLSEC_NO_DES */ + + #ifndef XMLSEC_NO_AES + if( id == xmlSecNssTransformAes128CbcId ) { + context->cipher = CKM_AES_CBC ; + context->keyId = xmlSecNssKeyDataAesId ; + } else + if( id == xmlSecNssTransformAes192CbcId ) { + context->cipher = CKM_AES_CBC ; + context->keyId = xmlSecNssKeyDataAesId ; + } else + if( id == xmlSecNssTransformAes256CbcId ) { + context->cipher = CKM_AES_CBC ; + context->keyId = xmlSecNssKeyDataAesId ; + } else + #endif /* XMLSEC_NO_AES */ + + if( 1 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } - blockLen = PK11_GetBlockSize(ctx->cipher, NULL); - xmlSecAssert2(blockLen > 0, -1); + return 0 ; +} - inSize = xmlSecBufferGetSize(in); - outSize = xmlSecBufferGetSize(out); - - if(inSize < (xmlSecSize)blockLen) { - return(0); - } +/** + * xmlSecTransformInitializeMethod: + * @transform: the pointer to transform object. + * + * The transform specific initialization method. + * + * Returns 0 on success or a negative value otherwise. + */ +static int +xmlSecNssBlockCipherInitialize( + xmlSecTransformPtr transform +) { + xmlSecNssBlockCipherCtxPtr context = NULL ; + + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; + + context = xmlSecNssBlockCipherGetCtx( transform ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssBlockCipherGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssBlockCipherFetchCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } - if(encrypt) { - inBlocks = inSize / ((xmlSecSize)blockLen); - } else { - /* we want to have the last block in the input buffer - * for padding check */ - inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); - } - inSize = inBlocks * ((xmlSecSize)blockLen); + context->symkey = NULL ; + context->cipherCtx = NULL ; - /* we write out the input size plus may be one block */ - ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + inSize + blockLen); - return(-1); - } - outBuf = xmlSecBufferGetData(out) + outSize; - - rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, - xmlSecBufferGetData(in), inSize); - if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CipherOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - xmlSecAssert2((xmlSecSize)outLen == inSize, -1); - - /* set correct output buffer size */ - ret = xmlSecBufferSetSize(out, outSize + outLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); - return(-1); - } - - /* remove the processed block from input */ - ret = xmlSecBufferRemoveHead(in, inSize); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); - return(-1); - } - return(0); + return 0 ; } -static int -xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, - xmlSecBufferPtr out, - int encrypt, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { - xmlSecSize inSize, outSize; - int blockLen, outLen = 0; - xmlSecByte* inBuf; - xmlSecByte* outBuf; - SECStatus rv; - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->cipher != 0, -1); - xmlSecAssert2(ctx->cipherCtx != NULL, -1); - xmlSecAssert2(ctx->ctxInitialized != 0, -1); - xmlSecAssert2(in != NULL, -1); - xmlSecAssert2(out != NULL, -1); - xmlSecAssert2(transformCtx != NULL, -1); - - blockLen = PK11_GetBlockSize(ctx->cipher, NULL); - xmlSecAssert2(blockLen > 0, -1); +/** + * xmlSecTransformFinalizeMethod: + * @transform: the pointer to transform object. + * + * The transform specific destroy method. + */ +static void +xmlSecNssBlockCipherFinalize( + xmlSecTransformPtr transform +) { + xmlSecNssBlockCipherCtxPtr context = NULL ; - inSize = xmlSecBufferGetSize(in); - outSize = xmlSecBufferGetSize(out); + xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ; + xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ; - if(encrypt != 0) { - xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); - - /* create padding */ - ret = xmlSecBufferSetMaxSize(in, blockLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blockLen); - return(-1); - } - inBuf = xmlSecBufferGetData(in); - - /* generate random padding */ - if((xmlSecSize)blockLen > (inSize + 1)) { - rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); - if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", blockLen - inSize - 1); - return(-1); - } - } - inBuf[blockLen - 1] = blockLen - inSize; - inSize = blockLen; - } else { - if(inSize != (xmlSecSize)blockLen) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data=%d;block=%d", inSize, blockLen); - return(-1); + context = xmlSecNssBlockCipherGetCtx( transform ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssBlockCipherGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return ; } - } - - /* process last block */ - ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + 2 * blockLen); - return(-1); - } - outBuf = xmlSecBufferGetData(out) + outSize; - rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, - xmlSecBufferGetData(in), inSize); - if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CipherOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - xmlSecAssert2((xmlSecSize)outLen == inSize, -1); - - if(encrypt == 0) { - /* check padding */ - if(outLen < outBuf[blockLen - 1]) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "padding=%d;buffer=%d", - outBuf[blockLen - 1], outLen); - return(-1); - } - outLen -= outBuf[blockLen - 1]; - } - - /* set correct output buffer size */ - ret = xmlSecBufferSetSize(out, outSize + outLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); - return(-1); - } + if( context->cipherCtx != NULL ) { + PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ; + context->cipherCtx = NULL ; + } - /* remove the processed block from input */ - ret = xmlSecBufferRemoveHead(in, inSize); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); - return(-1); - } + if( context->symkey != NULL ) { + PK11_FreeSymKey( context->symkey ) ; + context->symkey = NULL ; + } - return(0); + context->cipher = CKM_INVALID_MECHANISM ; + context->keyId = NULL ; } - -/****************************************************************************** - * - * EVP Block Cipher transforms +/** + * xmlSecTransformSetKeyRequirementsMethod: + * @transform: the pointer to transform object. + * @keyReq: the pointer to key requirements structure. * - * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure + * Transform specific method to set transform's key requirements. * - *****************************************************************************/ -#define xmlSecNssBlockCipherSize \ - (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) -#define xmlSecNssBlockCipherGetCtx(transform) \ - ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) - -static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); -static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); -static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, - xmlSecKeyReqPtr keyReq); -static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, - xmlSecKeyPtr key); -static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, - int last, - xmlSecTransformCtxPtr transformCtx); -static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); - - + * Returns 0 on success or a negative value otherwise. + */ +static int +xmlSecNssBlockCipherSetKeyReq( + xmlSecTransformPtr transform , + xmlSecKeyReqPtr keyReq +) { + xmlSecNssBlockCipherCtxPtr context = NULL ; + xmlSecSize cipherSize = 0 ; + + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; + xmlSecAssert2( keyReq != NULL , -1 ) ; + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; + + context = xmlSecNssBlockCipherGetCtx( transform ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssBlockCipherGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + keyReq->keyId = context->keyId ; + keyReq->keyType = xmlSecKeyDataTypeSymmetric ; + + if( transform->operation == xmlSecTransformOperationEncrypt ) { + keyReq->keyUsage = xmlSecKeyUsageEncrypt ; + } else { + keyReq->keyUsage = xmlSecKeyUsageDecrypt ; + } + + /* + if( context->symkey != NULL ) + cipherSize = PK11_GetKeyLength( context->symkey ) ; -static int -xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { -#ifndef XMLSEC_NO_DES - if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { - return(1); - } -#endif /* XMLSEC_NO_DES */ + keyReq->keyBitsSize = cipherSize * 8 ; + */ -#ifndef XMLSEC_NO_AES - if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || - xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || - xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { - - return(1); - } -#endif /* XMLSEC_NO_AES */ - - return(0); + return 0 ; } -static int -xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { - xmlSecNssBlockCipherCtxPtr ctx; - - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +/** + * xmlSecTransformSetKeyMethod: + * @transform: the pointer to transform object. + * @key: the pointer to key. + * + * The transform specific method to set the key for use. + * + * Returns 0 on success or a negative value otherwise. + */ +static int +xmlSecNssBlockCipherSetKey( + xmlSecTransformPtr transform , + xmlSecKeyPtr key +) { + xmlSecNssBlockCipherCtxPtr context = NULL ; + xmlSecKeyDataPtr keyData = NULL ; + PK11SymKey* symkey = NULL ; + CK_ATTRIBUTE_TYPE operation ; + int ivLen ; + + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; + xmlSecAssert2( key != NULL , -1 ) ; + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; + + context = xmlSecNssBlockCipherGetCtx( transform ) ; + if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssBlockCipherGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; + + keyData = xmlSecKeyGetValue( key ) ; + if( keyData == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , + "xmlSecKeyGetValue" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , + "xmlSecNssSymKeyDataGetKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } - ctx = xmlSecNssBlockCipherGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - - memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); + context->symkey = symkey ; -#ifndef XMLSEC_NO_DES - if(transform->id == xmlSecNssTransformDes3CbcId) { - ctx->cipher = CKM_DES3_CBC; - ctx->keyId = xmlSecNssKeyDataDesId; - ctx->keySize = 24; - } else -#endif /* XMLSEC_NO_DES */ - -#ifndef XMLSEC_NO_AES - if(transform->id == xmlSecNssTransformAes128CbcId) { - ctx->cipher = CKM_AES_CBC; - ctx->keyId = xmlSecNssKeyDataAesId; - ctx->keySize = 16; - } else if(transform->id == xmlSecNssTransformAes192CbcId) { - ctx->cipher = CKM_AES_CBC; - ctx->keyId = xmlSecNssKeyDataAesId; - ctx->keySize = 24; - } else if(transform->id == xmlSecNssTransformAes256CbcId) { - ctx->cipher = CKM_AES_CBC; - ctx->keyId = xmlSecNssKeyDataAesId; - ctx->keySize = 32; - } else -#endif /* XMLSEC_NO_AES */ - - if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); + return 0 ; } -static void -xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { - xmlSecNssBlockCipherCtxPtr ctx; - - xmlSecAssert(xmlSecNssBlockCipherCheckId(transform)); - xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize)); +/** + * Block cipher transform init + */ +static int +xmlSecNssBlockCipherCtxInit( + xmlSecNssBlockCipherCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + const xmlChar* cipherName , + xmlSecTransformCtxPtr transformCtx +) { + SECItem ivItem ; + SECItem* secParam = NULL ; + xmlSecBufferPtr ivBuf = NULL ; + int ivLen ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + ivLen = PK11_GetIVLength( ctx->cipher ) ; + if( ivLen < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetIVLength" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( encrypt ) { + if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "PK11_GenerateRandom" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy( ivBuf ) ; + return -1 ; + } + if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy( ivBuf ) ; + return -1 ; + } + + if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy( ivBuf ) ; + return -1 ; + } + } else { + if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferSetData" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy( ivBuf ) ; + return -1 ; + } + + if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy( ivBuf ) ; + return -1 ; + } + } + + ivItem.data = xmlSecBufferGetData( ivBuf ) ; + ivItem.len = xmlSecBufferGetSize( ivBuf ) ; + if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "PK11_ParamFromIV" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy( ivBuf ) ; + return -1 ; + } + + ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; + if( ctx->cipherCtx == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + SECITEM_FreeItem( secParam , PR_TRUE ) ; + xmlSecBufferDestroy( ivBuf ) ; + return -1 ; + } - ctx = xmlSecNssBlockCipherGetCtx(transform); - xmlSecAssert(ctx != NULL); + SECITEM_FreeItem( secParam , PR_TRUE ) ; + xmlSecBufferDestroy( ivBuf ) ; - if(ctx->cipherCtx != NULL) { - PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); - } - - memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); + return 0 ; } -static int -xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { - xmlSecNssBlockCipherCtxPtr ctx; - - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); - xmlSecAssert2(keyReq != NULL, -1); - - ctx = xmlSecNssBlockCipherGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->keyId != NULL, -1); - - keyReq->keyId = ctx->keyId; - keyReq->keyType = xmlSecKeyDataTypeSymmetric; - if(transform->operation == xmlSecTransformOperationEncrypt) { - keyReq->keyUsage = xmlSecKeyUsageEncrypt; - } else { - keyReq->keyUsage = xmlSecKeyUsageDecrypt; - } - keyReq->keyBitsSize = 8 * ctx->keySize; - return(0); -} +/** + * Block cipher transform update + */ +static int +xmlSecNssBlockCipherCtxUpdate( + xmlSecNssBlockCipherCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + const xmlChar* cipherName , + xmlSecTransformCtxPtr transformCtx +) { + xmlSecSize inSize ; + xmlSecSize outSize ; + xmlSecSize inBlocks ; + int blockSize ; + int outLen ; + xmlSecByte* outBuf ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "PK11_GetBlockSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + inSize = xmlSecBufferGetSize( in ) ; + outSize = xmlSecBufferGetSize( out ) ; + + inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; + inSize = inBlocks * blockSize ; + + if( inSize < blockSize ) { + return 0 ; + } + + if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferSetMaxSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + outBuf = xmlSecBufferGetData( out ) + outSize ; + + if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "PK11_CipherOp" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferSetSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } -static int -xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { - xmlSecNssBlockCipherCtxPtr ctx; - xmlSecBufferPtr buffer; - - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); - xmlSecAssert2(key != NULL, -1); - - ctx = xmlSecNssBlockCipherGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->cipher != 0, -1); - xmlSecAssert2(ctx->keyInitialized == 0, -1); - xmlSecAssert2(ctx->keyId != NULL, -1); - xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); - - xmlSecAssert2(ctx->keySize > 0, -1); - xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); - - buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); - xmlSecAssert2(buffer != NULL, -1); - - if(xmlSecBufferGetSize(buffer) < ctx->keySize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "keySize=%d;expected=%d", - xmlSecBufferGetSize(buffer), ctx->keySize); - return(-1); - } - - xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); - memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); - - ctx->keyInitialized = 1; - return(0); + return 0 ; } +/** + * Block cipher transform final + */ static int -xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { - xmlSecNssBlockCipherCtxPtr ctx; - xmlSecBufferPtr in, out; - int ret; - - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); - xmlSecAssert2(transformCtx != NULL, -1); - - in = &(transform->inBuf); - out = &(transform->outBuf); - - ctx = xmlSecNssBlockCipherGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); +xmlSecNssBlockCipherCtxFinal( + xmlSecNssBlockCipherCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + const xmlChar* cipherName , + xmlSecTransformCtxPtr transformCtx +) { + xmlSecSize inSize ; + xmlSecSize outSize ; + int blockSize ; + int outLen ; + xmlSecByte* inBuf ; + xmlSecByte* outBuf ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "PK11_GetBlockSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + inSize = xmlSecBufferGetSize( in ) ; + outSize = xmlSecBufferGetSize( out ) ; + + /******************************************************************/ + if( encrypt != 0 ) { + xmlSecAssert2( inSize < blockSize, -1 ) ; + + /* create padding */ + if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferSetMaxSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + inBuf = xmlSecBufferGetData( in ) ; + + /* generate random */ + if( blockSize > ( inSize + 1 ) ) { + if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "PK11_GenerateRandom" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + } + + inBuf[blockSize-1] = blockSize - inSize ; + inSize = blockSize ; + } else { + if( inSize != blockSize ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + } + + /* process the last block */ + if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferSetMaxSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + outBuf = xmlSecBufferGetData( out ) + outSize ; + + if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "PK11_CipherOp" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( encrypt == 0 ) { + /* check padding */ + if( outLen < outBuf[blockSize-1] ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + outLen -= outBuf[blockSize-1] ; + } + /******************************************************************/ + + /****************************************************************** + if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferSetMaxSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + outBuf = xmlSecBufferGetData( out ) + outSize ; + + if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "PK11_DigestFinal" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + ******************************************************************/ + + if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferSetSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( cipherName ) , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + +/* PK11_Finalize( ctx->cipherCtx ) ;*/ + PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ; + ctx->cipherCtx = NULL ; - if(transform->status == xmlSecTransformStatusNone) { - transform->status = xmlSecTransformStatusWorking; - } - - if(transform->status == xmlSecTransformStatusWorking) { - if(ctx->ctxInitialized == 0) { - ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, - (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, - xmlSecTransformGetName(transform), transformCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - if((ctx->ctxInitialized == 0) && (last != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "not enough data to initialize transform"); - return(-1); - } - - if(ctx->ctxInitialized != 0) { - ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, - (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, - xmlSecTransformGetName(transform), transformCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxUpdate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - - if(last) { - ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, - (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, - xmlSecTransformGetName(transform), transformCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - transform->status = xmlSecTransformStatusFinished; - } - } else if(transform->status == xmlSecTransformStatusFinished) { - /* the only way we can get here is if there is no input */ - xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); - } else if(transform->status == xmlSecTransformStatusNone) { - /* the only way we can get here is if there is no enough data in the input */ - xmlSecAssert2(last == 0, -1); - } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); - return(-1); - } - - return(0); + return 0 ; } -#ifndef XMLSEC_NO_AES -/********************************************************************* + +/** + * xmlSecTransformExecuteMethod: + * @transform: the pointer to transform object. + * @last: the flag: if set to 1 then it's the last data chunk. + * @transformCtx: the pointer to transform context object. * - * AES CBC cipher transforms + * Transform specific method to process a chunk of data. * - ********************************************************************/ + * Returns 0 on success or a negative value otherwise. + */ +static int +xmlSecNssBlockCipherExecute( + xmlSecTransformPtr transform , + int last , + xmlSecTransformCtxPtr transformCtx +) { + xmlSecNssBlockCipherCtxPtr context = NULL ; + xmlSecBufferPtr inBuf = NULL ; + xmlSecBufferPtr outBuf = NULL ; + const xmlChar* cipherName ; + int operation ; + int rtv ; + + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + context = xmlSecNssBlockCipherGetCtx( transform ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssBlockCipherGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + inBuf = &( transform->inBuf ) ; + outBuf = &( transform->outBuf ) ; + + if( transform->status == xmlSecTransformStatusNone ) { + transform->status = xmlSecTransformStatusWorking ; + } + + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; + cipherName = xmlSecTransformGetName( transform ) ; + + if( transform->status == xmlSecTransformStatusWorking ) { + if( context->cipherCtx == NULL ) { + rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssBlockCipherCtxInit" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + } + + if( context->cipherCtx == NULL && last != 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "No enough data to intialize transform" ) ; + return -1 ; + } + + if( context->cipherCtx != NULL ) { + rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssBlockCipherCtxUpdate" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + } + + if( last ) { + rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssBlockCipherCtxFinal" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + transform->status = xmlSecTransformStatusFinished ; + } + } else if( transform->status == xmlSecTransformStatusFinished ) { + if( xmlSecBufferGetSize( inBuf ) != 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "status=%d", transform->status ) ; + return -1 ; + } + } else { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "status=%d", transform->status ) ; + return -1 ; + } + + return 0 ; +} + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssAes128CbcKlass = { +#else static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ - - xmlSecNameAes128Cbc, /* const xmlChar* name; */ - xmlSecHrefAes128Cbc, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; +#endif + sizeof( xmlSecTransformKlass ) , + xmlSecNssBlockCipherSize , + + xmlSecNameAes128Cbc , + xmlSecHrefAes128Cbc , + xmlSecTransformUsageEncryptionMethod , + + xmlSecNssBlockCipherInitialize , + xmlSecNssBlockCipherFinalize , + NULL , + NULL , + + xmlSecNssBlockCipherSetKeyReq , + xmlSecNssBlockCipherSetKey , + NULL , + xmlSecTransformDefaultGetDataType , + + xmlSecTransformDefaultPushBin , + xmlSecTransformDefaultPopBin , + NULL , + NULL , + xmlSecNssBlockCipherExecute , + + NULL , + NULL +} ; + + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssAes192CbcKlass = { +#else +static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { +#endif + sizeof( xmlSecTransformKlass ) , + xmlSecNssBlockCipherSize , + + xmlSecNameAes192Cbc , + xmlSecHrefAes192Cbc , + xmlSecTransformUsageEncryptionMethod , + + xmlSecNssBlockCipherInitialize , + xmlSecNssBlockCipherFinalize , + NULL , + NULL , + + xmlSecNssBlockCipherSetKeyReq , + xmlSecNssBlockCipherSetKey , + NULL , + xmlSecTransformDefaultGetDataType , + + xmlSecTransformDefaultPushBin , + xmlSecTransformDefaultPopBin , + NULL , + NULL , + xmlSecNssBlockCipherExecute , + + NULL , + NULL +} ; + + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssAes256CbcKlass = { +#else +static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { +#endif + sizeof( xmlSecTransformKlass ) , + xmlSecNssBlockCipherSize , + + xmlSecNameAes256Cbc , + xmlSecHrefAes256Cbc , + xmlSecTransformUsageEncryptionMethod , + + xmlSecNssBlockCipherInitialize , + xmlSecNssBlockCipherFinalize , + NULL , + NULL , + + xmlSecNssBlockCipherSetKeyReq , + xmlSecNssBlockCipherSetKey , + NULL , + xmlSecTransformDefaultGetDataType , + + xmlSecTransformDefaultPushBin , + xmlSecTransformDefaultPopBin , + NULL , + NULL , + xmlSecNssBlockCipherExecute , + + NULL , + NULL +} ; + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssDes3CbcKlass = { +#else +static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { +#endif + sizeof( xmlSecTransformKlass ) , + xmlSecNssBlockCipherSize , + + xmlSecNameDes3Cbc , + xmlSecHrefDes3Cbc , + xmlSecTransformUsageEncryptionMethod , + + xmlSecNssBlockCipherInitialize , + xmlSecNssBlockCipherFinalize , + NULL , + NULL , + + xmlSecNssBlockCipherSetKeyReq , + xmlSecNssBlockCipherSetKey , + NULL , + xmlSecTransformDefaultGetDataType , + + xmlSecTransformDefaultPushBin , + xmlSecTransformDefaultPopBin , + NULL , + NULL , + xmlSecNssBlockCipherExecute , + + NULL , + NULL +} ; /** - * xmlSecNssTransformAes128CbcGetKlass: - * - * AES 128 CBC encryption transform klass. - * - * Returns pointer to AES 128 CBC encryption transform. - */ -xmlSecTransformId -xmlSecNssTransformAes128CbcGetKlass(void) { - return(&xmlSecNssAes128CbcKlass); + * xmlSecNssTransformAes128CbcGetKlass + * + * Get the AES128_CBC transform klass + * + * Return AES128_CBC transform klass + */ +xmlSecTransformId +xmlSecNssTransformAes128CbcGetKlass( void ) { + return ( &xmlSecNssAes128CbcKlass ) ; } -static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ - - xmlSecNameAes192Cbc, /* const xmlChar* name; */ - xmlSecHrefAes192Cbc, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - /** - * xmlSecNssTransformAes192CbcGetKlass: - * - * AES 192 CBC encryption transform klass. - * - * Returns pointer to AES 192 CBC encryption transform. - */ -xmlSecTransformId -xmlSecNssTransformAes192CbcGetKlass(void) { - return(&xmlSecNssAes192CbcKlass); + * xmlSecNssTransformAes192CbcGetKlass + * + * Get the AES192_CBC transform klass + * + * Return AES192_CBC transform klass + */ +xmlSecTransformId +xmlSecNssTransformAes192CbcGetKlass( void ) { + return ( &xmlSecNssAes192CbcKlass ) ; } -static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ - - xmlSecNameAes256Cbc, /* const xmlChar* name; */ - xmlSecHrefAes256Cbc, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - /** - * xmlSecNssTransformAes256CbcGetKlass: - * - * AES 256 CBC encryption transform klass. - * - * Returns pointer to AES 256 CBC encryption transform. - */ -xmlSecTransformId -xmlSecNssTransformAes256CbcGetKlass(void) { - return(&xmlSecNssAes256CbcKlass); + * xmlSecNssTransformAes256CbcGetKlass + * + * Get the AES256_CBC transform klass + * + * Return AES256_CBC transform klass + */ +xmlSecTransformId +xmlSecNssTransformAes256CbcGetKlass( void ) { + return ( &xmlSecNssAes256CbcKlass ) ; } -#endif /* XMLSEC_NO_AES */ - -#ifndef XMLSEC_NO_DES -static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ - - xmlSecNameDes3Cbc, /* const xmlChar* name; */ - xmlSecHrefDes3Cbc, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecNssTransformDes3CbcGetKlass: +/** + * xmlSecNssTransformDes3CbcGetKlass * - * Triple DES CBC encryption transform klass. - * - * Returns pointer to Triple DES encryption transform. + * Get the DES3_CBC transform klass + * + * Return DES3_CBC transform klass */ -xmlSecTransformId -xmlSecNssTransformDes3CbcGetKlass(void) { - return(&xmlSecNssDes3CbcKlass); +xmlSecTransformId +xmlSecNssTransformDes3CbcGetKlass( void ) { + return ( &xmlSecNssDes3CbcKlass ) ; } -#endif /* XMLSEC_NO_DES */ + --- misc/xmlsec1-1.2.6/src/nss/crypto.c 2003-10-29 16:57:25.000000000 +0100 +++ misc/build/xmlsec1-1.2.6/src/nss/crypto.c 2008-06-29 23:44:19.000000000 +0200 @@ -130,6 +130,7 @@ /** * High level routines form xmlsec command line utility */ +/* gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit; gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown; gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit; @@ -143,10 +144,29 @@ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; -#endif /* XMLSEC_NO_X509 */ +#endif gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; +*/ + + gXmlSecNssFunctions->cryptoAppInit = NULL ; + gXmlSecNssFunctions->cryptoAppShutdown = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ; +#ifndef XMLSEC_NO_X509 + gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ; + gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ; + gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ; + gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ; + gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ; + gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ; +#endif /* XMLSEC_NO_X509 */ + gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ; + gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ; return(gXmlSecNssFunctions); } --- misc/xmlsec1-1.2.6/src/nss/digests.c 2003-09-26 02:58:15.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/digests.c 2008-06-29 23:44:19.000000000 +0200 @@ -21,7 +21,6 @@ #include #include -#include #include #define XMLSEC_NSS_MAX_DIGEST_SIZE 32 @@ -107,7 +106,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SECOID_FindOIDByTag", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } @@ -117,7 +116,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateDigestContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } @@ -208,7 +207,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } transform->status = xmlSecTransformStatusWorking; @@ -225,7 +224,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } @@ -246,7 +245,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } xmlSecAssert2(ctx->dgstSize > 0, -1); @@ -285,7 +284,11 @@ * SHA1 Digest transforms * *****************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssSha1Klass = { +#else static xmlSecTransformKlass xmlSecNssSha1Klass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssDigestSize, /* xmlSecSize objSize */ --- misc/xmlsec1-1.2.6/src/nss/hmac.c 2003-09-26 02:58:15.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2008-06-29 23:44:19.000000000 +0200 @@ -23,8 +23,8 @@ #include #include -#include #include +#include #define XMLSEC_NSS_MAX_HMAC_SIZE 128 @@ -241,13 +241,13 @@ keyItem.data = xmlSecBufferGetData(buffer); keyItem.len = xmlSecBufferGetSize(buffer); - slot = PK11_GetBestSlot(ctx->digestType, NULL); + slot = xmlSecNssSlotGet(ctx->digestType); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_GetBestSlot", + "xmlSecNssSlotGet", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } @@ -258,7 +258,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_ImportSymKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); PK11_FreeSlot(slot); return(-1); } @@ -269,7 +269,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateContextBySymKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); PK11_FreeSymKey(symKey); PK11_FreeSlot(slot); return(-1); @@ -368,7 +368,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } transform->status = xmlSecTransformStatusWorking; @@ -385,7 +385,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } @@ -408,7 +408,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } xmlSecAssert2(dgstSize > 0, -1); @@ -459,7 +459,11 @@ /** * HMAC SHA1 */ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssHmacSha1Klass = { +#else static xmlSecTransformKlass xmlSecNssHmacSha1Klass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssHmacSize, /* xmlSecSize objSize */ @@ -501,7 +505,11 @@ /** * HMAC Ripemd160 */ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { +#else static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssHmacSize, /* xmlSecSize objSize */ @@ -543,7 +551,11 @@ /** * HMAC Md5 */ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssHmacMd5Klass = { +#else static xmlSecTransformKlass xmlSecNssHmacMd5Klass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssHmacSize, /* xmlSecSize objSize */ --- misc/xmlsec1-1.2.6/src/nss/keysstore.c 2003-09-26 02:58:15.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/keysstore.c 2008-06-29 23:44:19.000000000 +0200 @@ -1,119 +1,522 @@ /** * XMLSec library * - * Nss keys store that uses Simple Keys Store under the hood. Uses the - * Nss DB as a backing store for the finding keys, but the NSS DB is - * not written to by the keys store. - * So, if store->findkey is done and the key is not found in the simple - * keys store, the NSS DB is looked up. - * If store is called to adopt a key, that key is not written to the NSS - * DB. - * Thus, the NSS DB can be used to pre-load keys and becomes an alternate - * source of keys for xmlsec - * * This is free software; see Copyright file in the source * distribution for precise wording. * - * Copyright (c) 2003 America Online, Inc. All rights reserved. + * Copyright................................ */ -#include "globals.h" -#include +/** + * NSS key store uses a key list and a slot list as the key repository. NSS slot + * list is a backup repository for the finding keys. If a key is not found from + * the key list, the NSS slot list is looked up. + * + * Any key in the key list will not save to pkcs11 slot. When a store to called + * to adopt a key, the key is resident in the key list; While a store to called + * to set a is resident in the key list; While a store to called to set a slot + * list, which means that the keys in the listed slot can be used for xml sign- + * nature or encryption. + * + * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. + * + * The framework will decrease the user interfaces to administrate xmlSec crypto + * engine. He can only focus on NSS layer functions. For examples, after the + * user set up a slot list handler to the keys store, he do not need to do any + * other work atop xmlSec interfaces, his action on the slot list handler, such + * as add a token to, delete a token from the list, will directly effect the key + * store behaviors. + * + * For example, a scenariio: + * 0. Create a slot list;( NSS interfaces ) + * 1. Create a keys store;( xmlSec interfaces ) + * 2. Set slot list with the keys store;( xmlSec Interfaces ) + * 3. Add a slot to the slot list;( NSS interfaces ) + * 4. Perform xml signature; ( xmlSec Interfaces ) + * 5. Deleter a slot from the slot list;( NSS interfaces ) + * 6. Perform xml encryption; ( xmlSec Interfaces ) + * 7. Perform xml signature;( xmlSec Interfaces ) + * 8. Destroy the keys store;( xmlSec Interfaces ) + * 8. Destroy the slot list.( NSS Interfaces ) + */ + +#include "globals.h" #include -#include -#include -#include -#include +#include +#include +#include +#include -#include #include -#include -#include -#include -#include - +#include #include +#include +#include +#include #include #include -#include +#include +#include #include -/**************************************************************************** +/** + * Internal NSS key store context * - * Nss Keys Store. Uses Simple Keys Store under the hood - * - * Simple Keys Store ptr is located after xmlSecKeyStore + * This context is located after xmlSecKeyStore + */ +typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; +typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; + +struct _xmlSecNssKeysStoreCtx { + xmlSecPtrListPtr keyList ; + xmlSecPtrListPtr slotList ; +} ; + +#define xmlSecNssKeysStoreSize \ + ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) + +#define xmlSecNssKeysStoreGetCtx( data ) \ + ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) + +int xmlSecNssKeysStoreAdoptKeySlot( + xmlSecKeyStorePtr store , + xmlSecNssKeySlotPtr keySlot +) { + xmlSecNssKeysStoreCtxPtr context = NULL ; + + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; + + context = xmlSecNssKeysStoreGetCtx( store ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecNssKeysStoreGetCtx" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( context->slotList == NULL ) { + if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecPtrListCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + } + + if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecPtrListCheckId" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecPtrListAdd" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + return 0 ; +} + +int xmlSecNssKeysStoreAdoptKey( + xmlSecKeyStorePtr store , + xmlSecKeyPtr key +) { + xmlSecNssKeysStoreCtxPtr context = NULL ; + + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; + + context = xmlSecNssKeysStoreGetCtx( store ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecNssKeysStoreGetCtx" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( context->keyList == NULL ) { + if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecPtrListCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + } + + if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecPtrListCheckId" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecPtrListAdd" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + + return 0 ; +} + +/** + * xmlSecKeyStoreInitializeMethod: + * @store: the store. * - ***************************************************************************/ -#define xmlSecNssKeysStoreSize \ - (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) - -#define xmlSecNssKeysStoreGetSS(store) \ - ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ - (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ - (xmlSecKeyStorePtr*)NULL) - -static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); -static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); -static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, - const xmlChar* name, - xmlSecKeyInfoCtxPtr keyInfoCtx); + * Keys store specific initialization method. + * + * Returns 0 on success or a negative value if an error occurs. + */ +static int +xmlSecNssKeysStoreInitialize( + xmlSecKeyStorePtr store +) { + xmlSecNssKeysStoreCtxPtr context = NULL ; + + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; + + context = xmlSecNssKeysStoreGetCtx( store ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecNssKeysStoreGetCtx" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } -static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { - sizeof(xmlSecKeyStoreKlass), - xmlSecNssKeysStoreSize, + context->keyList = NULL ; + context->slotList = NULL ; - /* data */ - BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ - - /* constructors/destructor */ - xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ - xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ - xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ - - /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; + return 0 ; +} -/** - * xmlSecNssKeysStoreGetKlass: - * - * The Nss list based keys store klass. +/** + * xmlSecKeyStoreFinalizeMethod: + * @store: the store. * - * Returns Nss list based keys store klass. + * Keys store specific finalization (destroy) method. */ -xmlSecKeyStoreId -xmlSecNssKeysStoreGetKlass(void) { - return(&xmlSecNssKeysStoreKlass); +void +xmlSecNssKeysStoreFinalize( + xmlSecKeyStorePtr store +) { + xmlSecNssKeysStoreCtxPtr context = NULL ; + + xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; + xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; + + context = xmlSecNssKeysStoreGetCtx( store ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecNssKeysStoreGetCtx" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return ; + } + + if( context->keyList != NULL ) { + xmlSecPtrListDestroy( context->keyList ) ; + context->keyList = NULL ; + } + + if( context->slotList != NULL ) { + xmlSecPtrListDestroy( context->slotList ) ; + context->slotList = NULL ; + } } -/** - * xmlSecNssKeysStoreAdoptKey: - * @store: the pointer to Nss keys store. - * @key: the pointer to key. - * - * Adds @key to the @store. +xmlSecKeyPtr +xmlSecNssKeysStoreFindKeyFromSlot( + PK11SlotInfo* slot, + const xmlChar* name, + xmlSecKeyInfoCtxPtr keyInfoCtx +) { + xmlSecKeyPtr key = NULL ; + xmlSecKeyDataPtr data = NULL ; + int length ; + + xmlSecAssert2( slot != NULL , NULL ) ; + xmlSecAssert2( name != NULL , NULL ) ; + xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; + + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { + PK11SymKey* symKey ; + PK11SymKey* curKey ; + + /* Find symmetric key from the slot by name */ + symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; + for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { + /* Check the key request */ + length = PK11_GetKeyLength( curKey ) ; + length *= 8 ; + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && + ( length > 0 ) && + ( length < keyInfoCtx->keyReq.keyBitsSize ) ) + continue ; + + /* We find a eligible key */ + data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; + if( data == NULL ) { + /* Do nothing */ + } + break ; + } + + /* Destroy the sym key list */ + for( curKey = symKey ; curKey != NULL ; ) { + symKey = curKey ; + curKey = PK11_GetNextSymKey( symKey ) ; + PK11_FreeSymKey( symKey ) ; + } + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { + SECKEYPublicKeyList* pubKeyList ; + SECKEYPublicKey* pubKey ; + SECKEYPublicKeyListNode* curPub ; + + /* Find asymmetric key from the slot by name */ + pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; + pubKey = NULL ; + curPub = PUBKEY_LIST_HEAD(pubKeyList); + for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { + /* Check the key request */ + length = SECKEY_PublicKeyStrength( curPub->key ) ; + length *= 8 ; + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && + ( length > 0 ) && + ( length < keyInfoCtx->keyReq.keyBitsSize ) ) + continue ; + + /* We find a eligible key */ + pubKey = curPub->key ; + break ; + } + + if( pubKey != NULL ) { + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; + if( data == NULL ) { + /* Do nothing */ + } + } + + /* Destroy the public key list */ + SECKEY_DestroyPublicKeyList( pubKeyList ) ; + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { + SECKEYPrivateKeyList* priKeyList = NULL ; + SECKEYPrivateKey* priKey = NULL ; + SECKEYPrivateKeyListNode* curPri ; + + /* Find asymmetric key from the slot by name */ + priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; + priKey = NULL ; + curPri = PRIVKEY_LIST_HEAD(priKeyList); + for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { + /* Check the key request */ + length = PK11_SignatureLen( curPri->key ) ; + length *= 8 ; + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && + ( length > 0 ) && + ( length < keyInfoCtx->keyReq.keyBitsSize ) ) + continue ; + + /* We find a eligible key */ + priKey = curPri->key ; + break ; + } + + if( priKey != NULL ) { + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; + if( data == NULL ) { + /* Do nothing */ + } + } + + /* Destroy the private key list */ + SECKEY_DestroyPrivateKeyList( priKeyList ) ; + } + + /* If we have gotten the key value */ + if( data != NULL ) { + if( ( key = xmlSecKeyCreate() ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyDataDestroy( data ) ; + return NULL ; + } + + if( xmlSecKeySetValue( key , data ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeySetValue" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyDestroy( key ) ; + xmlSecKeyDataDestroy( data ) ; + return NULL ; + } + } + + return(key); +} + +/** + * xmlSecKeyStoreFindKeyMethod: + * @store: the store. + * @name: the desired key name. + * @keyInfoCtx: the pointer to key info context. * - * Returns 0 on success or a negative value if an error occurs. + * Keys store specific find method. The caller is responsible for destroying + * the returned key using #xmlSecKeyDestroy method. + * + * Returns the pointer to a key or NULL if key is not found or an error occurs. */ -int -xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { - xmlSecKeyStorePtr *ss; - - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); - xmlSecAssert2((key != NULL), -1); +static xmlSecKeyPtr +xmlSecNssKeysStoreFindKey( + xmlSecKeyStorePtr store , + const xmlChar* name , + xmlSecKeyInfoCtxPtr keyInfoCtx +) { + xmlSecNssKeysStoreCtxPtr context = NULL ; + xmlSecKeyPtr key = NULL ; + xmlSecNssKeySlotPtr keySlot = NULL ; + xmlSecSize pos ; + xmlSecSize size ; + + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; + xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; + + context = xmlSecNssKeysStoreGetCtx( store ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecNssKeysStoreGetCtx" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return NULL ; + } + + /*- + * Look for key at keyList at first. + */ + if( context->keyList != NULL ) { + size = xmlSecPtrListGetSize( context->keyList ) ; + for( pos = 0 ; pos < size ; pos ++ ) { + key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; + if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { + return xmlSecKeyDuplicate( key ) ; + } + } + } + + /*- + * Find the key from slotList + */ + if( context->slotList != NULL ) { + PK11SlotInfo* slot = NULL ; + + size = xmlSecPtrListGetSize( context->slotList ) ; + for( pos = 0 ; pos < size ; pos ++ ) { + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; + slot = xmlSecNssKeySlotGetSlot( keySlot ) ; + if( slot == NULL ) { + continue ; + } else { + key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; + if( key == NULL ) { + continue ; + } else { + return( key ) ; + } + } + } + } + + /*- + * Create a session key if we can not find the key from keyList and slotList + */ + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { + key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; + if( key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , + "xmlSecKeySetValue" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return NULL ; + } + + return key ; + } + + /** + * We have no way to find the key any more. + */ + return NULL ; +} - ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert2(((ss != NULL) && (*ss != NULL) && - (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { +#else +static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { +#endif + sizeof( xmlSecKeyStoreKlass ) , + xmlSecNssKeysStoreSize , + BAD_CAST "implicit_nss_keys_store" , + xmlSecNssKeysStoreInitialize , + xmlSecNssKeysStoreFinalize , + xmlSecNssKeysStoreFindKey , + NULL , + NULL +} ; - return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); +/** + * xmlSecNssKeysStoreGetKlass: + * + * The simple list based keys store klass. + * + * Returns simple list based keys store klass. + */ +xmlSecKeyStoreId +xmlSecNssKeysStoreGetKlass( void ) { + return &xmlSecNssKeysStoreKlass ; } + +/************************** + * Application routines + */ /** * xmlSecNssKeysStoreLoad: * @store: the pointer to Nss keys store. @@ -125,8 +528,11 @@ * Returns 0 on success or a negative value if an error occurs. */ int -xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, - xmlSecKeysMngrPtr keysMngr) { +xmlSecNssKeysStoreLoad( + xmlSecKeyStorePtr store, + const char *uri, + xmlSecKeysMngrPtr keysMngr +) { xmlDocPtr doc; xmlNodePtr root; xmlNodePtr cur; @@ -252,254 +658,147 @@ */ int xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { - xmlSecKeyStorePtr *ss; - - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); - xmlSecAssert2((filename != NULL), -1); - - ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert2(((ss != NULL) && (*ss != NULL) && - (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); - - return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); -} - -static int -xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { - xmlSecKeyStorePtr *ss; - - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); + xmlSecKeyInfoCtx keyInfoCtx; + xmlSecNssKeysStoreCtxPtr context ; + xmlSecPtrListPtr list; + xmlSecKeyPtr key; + xmlSecSize i, keysSize; + xmlDocPtr doc; + xmlNodePtr cur; + xmlSecKeyDataPtr data; + xmlSecPtrListPtr idsList; + xmlSecKeyDataId dataId; + xmlSecSize idsSize, j; + int ret; - ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert2((*ss == NULL), -1); + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ; + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; + xmlSecAssert2(filename != NULL, -1); + + context = xmlSecNssKeysStoreGetCtx( store ) ; + xmlSecAssert2( context != NULL, -1 ); + + list = context->keyList ; + xmlSecAssert2( list != NULL, -1 ); + xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); - *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); - if(*ss == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, + /* create doc */ + doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); + if(doc == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyStoreCreate", + "xmlSecCreateTree", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecSimpleKeysStoreId"); - return(-1); + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } - - return(0); -} - -static void -xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { - xmlSecKeyStorePtr *ss; - - xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); - - ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert((ss != NULL) && (*ss != NULL)); - xmlSecKeyStoreDestroy(*ss); -} - -static xmlSecKeyPtr -xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, - xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyStorePtr* ss; - xmlSecKeyPtr key = NULL; - xmlSecKeyPtr retval = NULL; - xmlSecKeyReqPtr keyReq = NULL; - CERTCertificate *cert = NULL; - SECKEYPublicKey *pubkey = NULL; - SECKEYPrivateKey *privkey = NULL; - xmlSecKeyDataPtr data = NULL; - xmlSecKeyDataPtr x509Data = NULL; - int ret; - - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); - xmlSecAssert2(keyInfoCtx != NULL, NULL); - - ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); - - key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); - if (key != NULL) { - return (key); - } + idsList = xmlSecKeyDataIdsGet(); + xmlSecAssert2(idsList != NULL, -1); + + keysSize = xmlSecPtrListGetSize(list); + idsSize = xmlSecPtrListGetSize(idsList); + for(i = 0; i < keysSize; ++i) { + key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); + xmlSecAssert2(key != NULL, -1); + + cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); + if(cur == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); + xmlFreeDoc(doc); + return(-1); + } - /* Try to find the key in the NSS DB, and construct an xmlSecKey. - * we must have a name to lookup keys in NSS DB. - */ - if (name == NULL) { - goto done; - } + /* special data key name */ + if(xmlSecKeyGetName(key) != NULL) { + if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeKeyName)); + xmlFreeDoc(doc); + return(-1); + } + } + + /* create nodes for other keys data */ + for(j = 0; j < idsSize; ++j) { + dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); + xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); - /* what type of key are we looking for? - * TBD: For now, we'll look only for public/private keys using the - * name as a cert nickname. Later on, we can attempt to find - * symmetric keys using PK11_FindFixedKey - */ - keyReq = &(keyInfoCtx->keyReq); - if (keyReq->keyType & - (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { - cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); - if (cert == NULL) { - goto done; - } - - if (keyReq->keyType & xmlSecKeyDataTypePublic) { - pubkey = CERT_ExtractPublicKey(cert); - if (pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + if(dataId->dataNodeName == NULL) { + continue; + } + + data = xmlSecKeyGetData(key, dataId); + if(data == NULL) { + continue; } - } - if (keyReq->keyType & xmlSecKeyDataTypePrivate) { - privkey = PK11_FindKeyByAnyCert(cert, NULL); - if (privkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_FindKeyByAnyCert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(dataId->dataNodeName)); + xmlFreeDoc(doc); + return(-1); } } - data = xmlSecNssPKIAdoptKey(privkey, pubkey); - if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - privkey = NULL; - pubkey = NULL; - - key = xmlSecKeyCreate(); - if (key == NULL) { + ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), + "xmlSecKeyInfoCtxInitialize", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); - return (NULL); - } - - x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); - if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); - goto done; - } - - ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); - if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); - goto done; - } - cert = CERT_DupCertificate(cert); - if (cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); - goto done; - } - - ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); - if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); - goto done; + xmlFreeDoc(doc); + return(-1); } - cert = NULL; - ret = xmlSecKeySetValue(key, data); - if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); - goto done; - } - data = NULL; + keyInfoCtx.mode = xmlSecKeyInfoModeWrite; + keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; + keyInfoCtx.keyReq.keyType = type; + keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; - ret = xmlSecKeyAdoptData(key, x509Data); - if (ret < 0) { + /* finally write key in the node */ + ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), + "xmlSecKeyInfoNodeWrite", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); - goto done; - } - x509Data = NULL; - - retval = key; - key = NULL; - } - -done: - if (cert != NULL) { - CERT_DestroyCertificate(cert); - } - if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); - } - if (privkey != NULL) { - SECKEY_DestroyPrivateKey(privkey); - } - if (data != NULL) { - xmlSecKeyDataDestroy(data); - } - if (x509Data != NULL) { - xmlSecKeyDataDestroy(x509Data); - } - if (key != NULL) { - xmlSecKeyDestroy(key); + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecKeyInfoCtxFinalize(&keyInfoCtx); + xmlFreeDoc(doc); + return(-1); + } + xmlSecKeyInfoCtxFinalize(&keyInfoCtx); } - - /* now that we have a key, make sure it is valid and let the simple - * store adopt it */ - if (retval) { - if (xmlSecKeyIsValid(retval)) { - ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval); - if (ret < 0) { + + /* now write result */ + ret = xmlSaveFormatFile(filename, doc, 1); + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecSimpleKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDestroy(retval); - retval = NULL; - } - } else { - xmlSecKeyDestroy(retval); - retval = NULL; - } - } - - return (retval); + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), + "xmlSaveFormatFile", + XMLSEC_ERRORS_R_XML_FAILED, + "filename=%s", + xmlSecErrorsSafeString(filename)); + xmlFreeDoc(doc); + return(-1); + } + + xmlFreeDoc(doc); + return(0); } + --- misc/xmlsec1-1.2.6/src/nss/keytrans.c 2008-06-29 23:44:39.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/keytrans.c 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,752 @@ -dummy +/** + * + * XMLSec library + * + * AES Algorithm support + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright ................................. + */ +#include "globals.h" + +#include +#include +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include +#include +#include + +/********************************************************************* + * + * key transform transforms + * + ********************************************************************/ +typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ; +typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ; + +#define xmlSecNssKeyTransportSize \ + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) + +#define xmlSecNssKeyTransportGetCtx( transform ) \ + ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) + +struct _xmlSecNssKeyTransportCtx { + CK_MECHANISM_TYPE cipher ; + SECKEYPublicKey* pubkey ; + SECKEYPrivateKey* prikey ; + xmlSecKeyDataId keyId ; + xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ +} ; + +static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform); +static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform); +static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, + xmlSecKeyReqPtr keyReq); +static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, + xmlSecKeyPtr key); +static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, + int last, + xmlSecTransformCtxPtr transformCtx); +static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform); + +static int +xmlSecNssKeyTransportCheckId( + xmlSecTransformPtr transform +) { + #ifndef XMLSEC_NO_RSA + if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) || + xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) { + + return(1); + } + #endif /* XMLSEC_NO_RSA */ + + return(0); +} + +static int +xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { + xmlSecNssKeyTransportCtxPtr context ; + int ret; + + xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); + + context = xmlSecNssKeyTransportGetCtx( transform ) ; + xmlSecAssert2( context != NULL , -1 ) ; + + #ifndef XMLSEC_NO_RSA + if( transform->id == xmlSecNssTransformRsaPkcs1Id ) { + context->cipher = CKM_RSA_PKCS ; + context->keyId = xmlSecNssKeyDataRsaId ; + } else if( transform->id == xmlSecNssTransformRsaOaepId ) { + context->cipher = CKM_RSA_PKCS_OAEP ; + context->keyId = xmlSecNssKeyDataRsaId ; + } else + #endif /* XMLSEC_NO_RSA */ + + if( 1 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + context->pubkey = NULL ; + context->prikey = NULL ; + context->material = NULL ; + + return(0); +} + +static void +xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) { + xmlSecNssKeyTransportCtxPtr context ; + + xmlSecAssert(xmlSecNssKeyTransportCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize)); + + context = xmlSecNssKeyTransportGetCtx( transform ) ; + xmlSecAssert( context != NULL ) ; + + if( context->pubkey != NULL ) { + SECKEY_DestroyPublicKey( context->pubkey ) ; + context->pubkey = NULL ; + } + + if( context->prikey != NULL ) { + SECKEY_DestroyPrivateKey( context->prikey ) ; + context->prikey = NULL ; + } + + if( context->material != NULL ) { + xmlSecBufferDestroy(context->material); + context->material = NULL ; + } +} + +static int +xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecNssKeyTransportCtxPtr context ; + xmlSecSize cipherSize = 0 ; + + + xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(keyReq != NULL, -1); + + context = xmlSecNssKeyTransportGetCtx( transform ) ; + xmlSecAssert2( context != NULL , -1 ) ; + + keyReq->keyId = context->keyId; + if(transform->operation == xmlSecTransformOperationEncrypt) { + keyReq->keyUsage = xmlSecKeyUsageEncrypt; + keyReq->keyType = xmlSecKeyDataTypePublic; + } else { + keyReq->keyUsage = xmlSecKeyUsageDecrypt; + keyReq->keyType = xmlSecKeyDataTypePrivate; + } + + return(0); +} + +static int +xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecNssKeyTransportCtxPtr context = NULL ; + xmlSecKeyDataPtr keyData = NULL ; + SECKEYPublicKey* pubkey = NULL ; + SECKEYPrivateKey* prikey = NULL ; + + xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(key != NULL, -1); + + context = xmlSecNssKeyTransportGetCtx( transform ) ; + if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyTransportGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; + + keyData = xmlSecKeyGetValue( key ) ; + if( keyData == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , + "xmlSecKeyGetValue" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if(transform->operation == xmlSecTransformOperationEncrypt) { + if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , + "xmlSecNssPKIKeyDataGetPubKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + context->pubkey = pubkey ; + } else { + if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , + "xmlSecNssPKIKeyDataGetPrivKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + context->prikey = prikey ; + } + + return(0) ; +} + +/** + * key wrap transform + */ +static int +xmlSecNssKeyTransportCtxInit( + xmlSecNssKeyTransportCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx +) { + xmlSecSize blockSize ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + if( ctx->material != NULL ) { + xmlSecBufferDestroy( ctx->material ) ; + ctx->material = NULL ; + } + + if( ctx->pubkey != NULL ) { + blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; + } else if( ctx->prikey != NULL ) { + blockSize = PK11_SignatureLen( ctx->prikey ) ; + } else { + blockSize = -1 ; + } + + if( blockSize < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + ctx->material = xmlSecBufferCreate( blockSize ) ; + if( ctx->material == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* read raw key material into context */ + if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetData" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + return(0); +} + +/** + * key wrap transform update + */ +static int +xmlSecNssKeyTransportCtxUpdate( + xmlSecNssKeyTransportCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx +) { + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + /* read raw key material and append into context */ + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + return(0); +} + +/** + * Block cipher transform final + */ +static int +xmlSecNssKeyTransportCtxFinal( + xmlSecNssKeyTransportCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx +) { + SECKEYPublicKey* targetKey ; + PK11SymKey* symKey ; + PK11SlotInfo* slot ; + SECItem oriskv ; + xmlSecSize blockSize ; + xmlSecBufferPtr result ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + /* read raw key material and append into context */ + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* Now we get all of the key materail */ + /* from now on we will wrap or unwrap the key */ + if( ctx->pubkey != NULL ) { + blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; + } else if( ctx->prikey != NULL ) { + blockSize = PK11_SignatureLen( ctx->prikey ) ; + } else { + blockSize = -1 ; + } + + if( blockSize < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetBlockSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + result = xmlSecBufferCreate( blockSize * 2 ) ; + if( result == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + oriskv.type = siBuffer ; + oriskv.data = xmlSecBufferGetData( ctx->material ) ; + oriskv.len = xmlSecBufferGetSize( ctx->material ) ; + + if( encrypt != 0 ) { + CK_OBJECT_HANDLE id ; + SECItem wrpskv ; + + /* Create template symmetric key from material */ + if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) { + slot = xmlSecNssSlotGet( ctx->cipher ) ; + if( slot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSlotGet" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + + id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; + if( id == CK_INVALID_HANDLE ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_ImportPublicKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + PK11_FreeSlot( slot ) ; + return(-1); + } + } + + /* pay attention to mechanism */ + symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; + if( symKey == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_ImportSymKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + PK11_FreeSlot( slot ) ; + return(-1); + } + + wrpskv.type = siBuffer ; + wrpskv.data = xmlSecBufferGetData( result ) ; + wrpskv.len = xmlSecBufferGetMaxSize( result ) ; + + if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_PubWrapSymKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + xmlSecBufferDestroy(result); + PK11_FreeSlot( slot ) ; + return(-1); + } + + if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + xmlSecBufferDestroy(result); + PK11_FreeSlot( slot ) ; + return(-1); + } + PK11_FreeSymKey( symKey ) ; + PK11_FreeSlot( slot ) ; + } else { + SECItem* keyItem ; + CK_OBJECT_HANDLE id1 ; + + /* pay attention to mechanism */ + if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_PubUnwrapSymKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + + /* Extract raw data from symmetric key */ + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_ExtractKeyValue" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + xmlSecBufferDestroy(result); + return(-1); + } + + if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetKeyData" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + xmlSecBufferDestroy(result); + return(-1); + } + + if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_PubUnwrapSymKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + xmlSecBufferDestroy(result); + return(-1); + } + PK11_FreeSymKey( symKey ) ; + } + + /* Write output */ + if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + xmlSecBufferDestroy(result); + + return(0); +} + +static int +xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecNssKeyTransportCtxPtr context = NULL ; + xmlSecBufferPtr inBuf, outBuf ; + int operation ; + int rtv ; + + xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + context = xmlSecNssKeyTransportGetCtx( transform ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyTransportGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + inBuf = &( transform->inBuf ) ; + outBuf = &( transform->outBuf ) ; + + if( transform->status == xmlSecTransformStatusNone ) { + transform->status = xmlSecTransformStatusWorking ; + } + + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; + if( transform->status == xmlSecTransformStatusWorking ) { + if( context->material == NULL ) { + rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyTransportCtxInit" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + } + + if( context->material == NULL && last != 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "No enough data to intialize transform" ) ; + return(-1); + } + + if( context->material != NULL ) { + rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyTransportCtxUpdate" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + } + + if( last ) { + rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyTransportCtxFinal" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + transform->status = xmlSecTransformStatusFinished ; + } + } else if( transform->status == xmlSecTransformStatusFinished ) { + if( xmlSecBufferGetSize( inBuf ) != 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "status=%d", transform->status ) ; + return(-1); + } + } else { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "status=%d", transform->status ) ; + return(-1); + } + + return(0); +} + + +#ifndef XMLSEC_NO_RSA + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { +#else +static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { +#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ + + xmlSecNameRsaPkcs1, /* const xmlChar* name; */ + xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssRsaOaepKlass = { +#else +static xmlSecTransformKlass xmlSecNssRsaOaepKlass = { +#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ + + xmlSecNameRsaOaep, /* const xmlChar* name; */ + xmlSecHrefRsaOaep, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformRsaPkcs1GetKlass: + * + * The RSA-PKCS1 key transport transform klass. + * + * Returns RSA-PKCS1 key transport transform klass. + */ +xmlSecTransformId +xmlSecNssTransformRsaPkcs1GetKlass(void) { + return(&xmlSecNssRsaPkcs1Klass); +} + +/** + * xmlSecNssTransformRsaOaepGetKlass: + * + * The RSA-PKCS1 key transport transform klass. + * + * Returns RSA-PKCS1 key transport transform klass. + */ +xmlSecTransformId +xmlSecNssTransformRsaOaepGetKlass(void) { + return(&xmlSecNssRsaOaepKlass); +} + +#endif /* XMLSEC_NO_RSA */ + --- misc/xmlsec1-1.2.6/src/nss/keywrapers.c 2008-06-29 23:44:40.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,1213 @@ -dummy +/** + * + * XMLSec library + * + * AES Algorithm support + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright ................................. + */ +#include "globals.h" + +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include + +#include +#include + +#define XMLSEC_NSS_AES128_KEY_SIZE 16 +#define XMLSEC_NSS_AES192_KEY_SIZE 24 +#define XMLSEC_NSS_AES256_KEY_SIZE 32 +#define XMLSEC_NSS_DES3_KEY_SIZE 24 +#define XMLSEC_NSS_DES3_KEY_LENGTH 24 +#define XMLSEC_NSS_DES3_IV_LENGTH 8 +#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 + +static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { + 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 +}; + +/********************************************************************* + * + * key wrap transforms + * + ********************************************************************/ +typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; +typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; + +#define xmlSecNssKeyWrapSize \ + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) + +#define xmlSecNssKeyWrapGetCtx( transform ) \ + ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) + +struct _xmlSecNssKeyWrapCtx { + CK_MECHANISM_TYPE cipher ; + PK11SymKey* symkey ; + xmlSecKeyDataId keyId ; + xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ +} ; + +static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); +static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); +static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, + xmlSecKeyReqPtr keyReq); +static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, + xmlSecKeyPtr key); +static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, + int last, + xmlSecTransformCtxPtr transformCtx); +static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); + +static int +xmlSecNssKeyWrapCheckId( + xmlSecTransformPtr transform +) { + #ifndef XMLSEC_NO_DES + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { + return(1); + } + #endif /* XMLSEC_NO_DES */ + + #ifndef XMLSEC_NO_AES + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || + xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || + xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { + + return(1); + } + #endif /* XMLSEC_NO_AES */ + + return(0); +} + +static xmlSecSize +xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { +#ifndef XMLSEC_NO_DES + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { + return(XMLSEC_NSS_DES3_KEY_SIZE); + } else +#endif /* XMLSEC_NO_DES */ + +#ifndef XMLSEC_NO_AES + if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { + return(XMLSEC_NSS_AES128_KEY_SIZE); + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { + return(XMLSEC_NSS_AES192_KEY_SIZE); + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { + return(XMLSEC_NSS_AES256_KEY_SIZE); + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { + return(XMLSEC_NSS_AES256_KEY_SIZE); + } else +#endif /* XMLSEC_NO_AES */ + + if(1) + return(0); +} + + +static int +xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { + xmlSecNssKeyWrapCtxPtr context ; + int ret; + + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); + + context = xmlSecNssKeyWrapGetCtx( transform ) ; + xmlSecAssert2( context != NULL , -1 ) ; + + #ifndef XMLSEC_NO_DES + if( transform->id == xmlSecNssTransformKWDes3Id ) { + context->cipher = CKM_DES3_CBC ; + context->keyId = xmlSecNssKeyDataDesId ; + } else + #endif /* XMLSEC_NO_DES */ + + #ifndef XMLSEC_NO_AES + if( transform->id == xmlSecNssTransformKWAes128Id ) { + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ + context->cipher = CKM_AES_CBC ; + context->keyId = xmlSecNssKeyDataAesId ; + } else + if( transform->id == xmlSecNssTransformKWAes192Id ) { + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ + context->cipher = CKM_AES_CBC ; + context->keyId = xmlSecNssKeyDataAesId ; + } else + if( transform->id == xmlSecNssTransformKWAes256Id ) { + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ + context->cipher = CKM_AES_CBC ; + context->keyId = xmlSecNssKeyDataAesId ; + } else + #endif /* XMLSEC_NO_AES */ + + + if( 1 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + context->symkey = NULL ; + context->material = NULL ; + + return(0); +} + +static void +xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { + xmlSecNssKeyWrapCtxPtr context ; + + xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); + + context = xmlSecNssKeyWrapGetCtx( transform ) ; + xmlSecAssert( context != NULL ) ; + + if( context->symkey != NULL ) { + PK11_FreeSymKey( context->symkey ) ; + context->symkey = NULL ; + } + + if( context->material != NULL ) { + xmlSecBufferDestroy(context->material); + context->material = NULL ; + } +} + +static int +xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecNssKeyWrapCtxPtr context ; + xmlSecSize cipherSize = 0 ; + + + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(keyReq != NULL, -1); + + context = xmlSecNssKeyWrapGetCtx( transform ) ; + xmlSecAssert2( context != NULL , -1 ) ; + + keyReq->keyId = context->keyId; + keyReq->keyType = xmlSecKeyDataTypeSymmetric; + if(transform->operation == xmlSecTransformOperationEncrypt) { + keyReq->keyUsage = xmlSecKeyUsageEncrypt; + } else { + keyReq->keyUsage = xmlSecKeyUsageDecrypt; + } + + keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; + + return(0); +} + +static int +xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecNssKeyWrapCtxPtr context = NULL ; + xmlSecKeyDataPtr keyData = NULL ; + PK11SymKey* symkey = NULL ; + + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(key != NULL, -1); + + context = xmlSecNssKeyWrapGetCtx( transform ) ; + if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyWrapGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; + + keyData = xmlSecKeyGetValue( key ) ; + if( keyData == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , + "xmlSecKeyGetValue" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , + "xmlSecNssSymKeyDataGetKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + context->symkey = symkey ; + + return(0) ; +} + +/** + * key wrap transform + */ +static int +xmlSecNssKeyWrapCtxInit( + xmlSecNssKeyWrapCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx +) { + xmlSecSize blockSize ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + if( ctx->material != NULL ) { + xmlSecBufferDestroy( ctx->material ) ; + ctx->material = NULL ; + } + + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetBlockSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + ctx->material = xmlSecBufferCreate( blockSize ) ; + if( ctx->material == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* read raw key material into context */ + if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetData" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + return(0); +} + +/** + * key wrap transform update + */ +static int +xmlSecNssKeyWrapCtxUpdate( + xmlSecNssKeyWrapCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx +) { + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + /* read raw key material and append into context */ + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + return(0); +} + +static int +xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { + xmlSecSize s; + xmlSecSize i; + xmlSecByte c; + + xmlSecAssert2(buf != NULL, -1); + + s = size / 2; + --size; + for(i = 0; i < s; ++i) { + c = buf[i]; + buf[i] = buf[size - i]; + buf[size - i] = c; + } + return(0); +} + +static xmlSecByte * +xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, + xmlSecByte *out, xmlSecSize outSize) +{ + PK11Context *context = NULL; + SECStatus s; + xmlSecByte *digest = NULL; + unsigned int len; + + xmlSecAssert2(in != NULL, NULL); + xmlSecAssert2(out != NULL, NULL); + xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); + + /* Create a context for hashing (digesting) */ + context = PK11_CreateDigestContext(SEC_OID_SHA1); + if (context == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_CreateDigestContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code = %d", PORT_GetError()); + goto done; + } + + s = PK11_DigestBegin(context); + if (s != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_DigestBegin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code = %d", PORT_GetError()); + goto done; + } + + s = PK11_DigestOp(context, in, inSize); + if (s != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_DigestOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code = %d", PORT_GetError()); + goto done; + } + + s = PK11_DigestFinal(context, out, &len, outSize); + if (s != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code = %d", PORT_GetError()); + goto done; + } + xmlSecAssert2(len == SHA1_LENGTH, NULL); + + digest = out; + +done: + if (context != NULL) { + PK11_DestroyContext(context, PR_TRUE); + } + return (digest); +} + +static int +xmlSecNssKWDes3Encrypt( + PK11SymKey* symKey , + CK_MECHANISM_TYPE cipherMech , + const xmlSecByte* iv , + xmlSecSize ivSize , + const xmlSecByte* in , + xmlSecSize inSize , + xmlSecByte* out , + xmlSecSize outSize , + int enc +) { + PK11Context* EncContext = NULL; + SECItem ivItem ; + SECItem* secParam = NULL ; + int tmp1_outlen; + unsigned int tmp2_outlen; + int result_len = -1; + SECStatus rv; + + xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( symKey != NULL , -1 ) ; + xmlSecAssert2(iv != NULL, -1); + xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(inSize > 0, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(outSize >= inSize, -1); + + /* Prepare IV */ + ivItem.data = ( unsigned char* )iv ; + ivItem.len = ivSize ; + + secParam = PK11_ParamFromIV(cipherMech, &ivItem); + if (secParam == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_ParamFromIV", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "Error code = %d", PORT_GetError()); + goto done; + } + + EncContext = PK11_CreateContextBySymKey(cipherMech, + enc ? CKA_ENCRYPT : CKA_DECRYPT, + symKey, secParam); + if (EncContext == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_CreateContextBySymKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "Error code = %d", PORT_GetError()); + goto done; + } + + tmp1_outlen = tmp2_outlen = 0; + rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, + (unsigned char *)in, inSize); + if (rv != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_CipherOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "Error code = %d", PORT_GetError()); + goto done; + } + + rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, + &tmp2_outlen, outSize-tmp1_outlen); + if (rv != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "Error code = %d", PORT_GetError()); + goto done; + } + + result_len = tmp1_outlen + tmp2_outlen; + +done: + if (secParam) { + SECITEM_FreeItem(secParam, PR_TRUE); + } + if (EncContext) { + PK11_DestroyContext(EncContext, PR_TRUE); + } + + return(result_len); +} + +static int +xmlSecNssKeyWrapDesOp( + xmlSecNssKeyWrapCtxPtr ctx , + int encrypt , + xmlSecBufferPtr result +) { + xmlSecByte sha1[SHA1_LENGTH]; + xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; + xmlSecByte* in; + xmlSecSize inSize; + xmlSecByte* out; + xmlSecSize outSize; + xmlSecSize s; + int ret; + SECStatus status; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( result != NULL , -1 ) ; + + in = xmlSecBufferGetData(ctx->material); + inSize = xmlSecBufferGetSize(ctx->material) ; + out = xmlSecBufferGetData(result); + outSize = xmlSecBufferGetMaxSize(result) ; + if( encrypt ) { + /* step 2: calculate sha1 and CMS */ + if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssComputeSHA1", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* step 3: construct WKCKS */ + memcpy(out, in, inSize); + memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); + + /* step 4: generate random iv */ + status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); + if(status != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_GenerateRandom", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code = %d", PORT_GetError()); + return(-1); + } + + /* step 5: first encryption, result is TEMP1 */ + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, + iv, XMLSEC_NSS_DES3_IV_LENGTH, + out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, + out, outSize, 1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3Encrypt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* step 6: construct TEMP2=IV || TEMP1 */ + memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, + inSize + XMLSEC_NSS_DES3_IV_LENGTH); + memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); + s = ret + XMLSEC_NSS_DES3_IV_LENGTH; + + /* step 7: reverse octets order, result is TEMP3 */ + ret = xmlSecNssKWDes3BufferReverse(out, s); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3BufferReverse", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* step 8: second encryption with static IV */ + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, + xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, + out, s, + out, outSize, 1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3Encrypt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + s = ret; + + if( xmlSecBufferSetSize( result , s ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else { + /* step 2: first decryption with static IV, result is TEMP3 */ + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, + xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, + in, inSize, + out, outSize, 0); + if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3Encrypt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + s = ret; + + /* step 3: reverse octets order in TEMP3, result is TEMP2 */ + ret = xmlSecNssKWDes3BufferReverse(out, s); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3BufferReverse", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, + out, XMLSEC_NSS_DES3_IV_LENGTH, + out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, + out, outSize, 0); + if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3Encrypt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + s = ret - XMLSEC_NSS_DES3_IV_LENGTH; + + /* steps 6 and 7: calculate SHA1 and validate it */ + if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssComputeSHA1", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "SHA1 does not match"); + return(-1); + } + + if( xmlSecBufferSetSize( result , s ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + return(0); +} + +static int +xmlSecNssKeyWrapAesOp( + xmlSecNssKeyWrapCtxPtr ctx , + int encrypt , + xmlSecBufferPtr result +) { + PK11Context* cipherCtx = NULL; + SECItem ivItem ; + SECItem* secParam = NULL ; + xmlSecSize inSize ; + xmlSecSize inBlocks ; + int blockSize ; + int midSize ; + int finSize ; + xmlSecByte* out ; + xmlSecSize outSize; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( result != NULL , -1 ) ; + + /* Do not set any IV */ + memset(&ivItem, 0, sizeof(ivItem)); + + /* Get block size */ + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetBlockSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + inSize = xmlSecBufferGetSize( ctx->material ) ; + if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetMaxSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* Get Param for context initialization */ + if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_ParamFromIV" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; + if( cipherCtx == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_CreateContextBySymKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + SECITEM_FreeItem( secParam , PR_TRUE ) ; + return(-1); + } + + out = xmlSecBufferGetData(result) ; + outSize = xmlSecBufferGetMaxSize(result) ; + if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_CipherOp" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_DigestFinal" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + return 0 ; +} + +/** + * Block cipher transform final + */ +static int +xmlSecNssKeyWrapCtxFinal( + xmlSecNssKeyWrapCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx +) { + PK11SymKey* targetKey ; + xmlSecSize blockSize ; + xmlSecBufferPtr result ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + /* read raw key material and append into context */ + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* Now we get all of the key materail */ + /* from now on we will wrap or unwrap the key */ + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetBlockSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + result = xmlSecBufferCreate( blockSize ) ; + if( result == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + switch( ctx->cipher ) { + case CKM_DES3_CBC : + if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssKeyWrapDesOp" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + break ; + /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ + case CKM_AES_CBC : + if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssKeyWrapAesOp" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + break ; + } + + /* Write output */ + if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + xmlSecBufferDestroy(result); + + return(0); +} + +static int +xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecNssKeyWrapCtxPtr context = NULL ; + xmlSecBufferPtr inBuf, outBuf ; + int operation ; + int rtv ; + + xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + context = xmlSecNssKeyWrapGetCtx( transform ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyWrapGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + inBuf = &( transform->inBuf ) ; + outBuf = &( transform->outBuf ) ; + + if( transform->status == xmlSecTransformStatusNone ) { + transform->status = xmlSecTransformStatusWorking ; + } + + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; + if( transform->status == xmlSecTransformStatusWorking ) { + if( context->material == NULL ) { + rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyWrapCtxInit" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + } + + if( context->material == NULL && last != 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "No enough data to intialize transform" ) ; + return(-1); + } + + if( context->material != NULL ) { + rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyWrapCtxUpdate" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + } + + if( last ) { + rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyWrapCtxFinal" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + transform->status = xmlSecTransformStatusFinished ; + } + } else if( transform->status == xmlSecTransformStatusFinished ) { + if( xmlSecBufferGetSize( inBuf ) != 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "status=%d", transform->status ) ; + return(-1); + } + } else { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "status=%d", transform->status ) ; + return(-1); + } + + return(0); +} + +#ifndef XMLSEC_NO_AES + + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { +#else +static xmlSecTransformKlass xmlSecNssKWAes128Klass = { +#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ + + xmlSecNameKWAes128, /* const xmlChar* name; */ + xmlSecHrefKWAes128, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { +#else +static xmlSecTransformKlass xmlSecNssKWAes192Klass = { +#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ + + xmlSecNameKWAes192, /* const xmlChar* name; */ + xmlSecHrefKWAes192, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { +#else +static xmlSecTransformKlass xmlSecNssKWAes256Klass = { +#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ + + xmlSecNameKWAes256, /* const xmlChar* name; */ + xmlSecHrefKWAes256, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformKWAes128GetKlass: + * + * The AES-128 key wrapper transform klass. + * + * Returns AES-128 key wrapper transform klass. + */ +xmlSecTransformId +xmlSecNssTransformKWAes128GetKlass(void) { + return(&xmlSecNssKWAes128Klass); +} + +/** + * xmlSecNssTransformKWAes192GetKlass: + * + * The AES-192 key wrapper transform klass. + * + * Returns AES-192 key wrapper transform klass. + */ +xmlSecTransformId +xmlSecNssTransformKWAes192GetKlass(void) { + return(&xmlSecNssKWAes192Klass); +} + +/** + * + * The AES-256 key wrapper transform klass. + * + * Returns AES-256 key wrapper transform klass. + */ +xmlSecTransformId +xmlSecNssTransformKWAes256GetKlass(void) { + return(&xmlSecNssKWAes256Klass); +} + +#endif /* XMLSEC_NO_AES */ + + +#ifndef XMLSEC_NO_DES + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { +#else +static xmlSecTransformKlass xmlSecNssKWDes3Klass = { +#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ + + xmlSecNameKWDes3, /* const xmlChar* name; */ + xmlSecHrefKWDes3, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformKWDes3GetKlass: + * + * The Triple DES key wrapper transform klass. + * + * Returns Triple DES key wrapper transform klass. + */ +xmlSecTransformId +xmlSecNssTransformKWDes3GetKlass(void) { + return(&xmlSecNssKWDes3Klass); +} + +#endif /* XMLSEC_NO_DES */ + --- misc/xmlsec1-1.2.6/src/nss/pkikeys.c 2004-03-17 06:06:45.000000000 +0100 +++ misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c 2008-06-29 23:44:19.000000000 +0200 @@ -5,6 +5,7 @@ * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. + * Copyright ........................... */ #include "globals.h" @@ -24,6 +25,7 @@ #include #include #include +#include /************************************************************************** * @@ -98,14 +100,13 @@ { xmlSecAssert(ctx != NULL); if (ctx->privkey != NULL) { - SECKEY_DestroyPrivateKey(ctx->privkey); - ctx->privkey = NULL; + SECKEY_DestroyPrivateKey(ctx->privkey); + ctx->privkey = NULL; } - if (ctx->pubkey) - { - SECKEY_DestroyPublicKey(ctx->pubkey); - ctx->pubkey = NULL; + if (ctx->pubkey) { + SECKEY_DestroyPublicKey(ctx->pubkey); + ctx->pubkey = NULL; } } @@ -115,29 +116,32 @@ xmlSecNssPKIKeyDataCtxPtr ctxSrc) { xmlSecNSSPKIKeyDataCtxFree(ctxDst); + ctxDst->privkey = NULL ; + ctxDst->pubkey = NULL ; if (ctxSrc->privkey != NULL) { - ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); - if(ctxDst->privkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_CopyPrivateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); + if(ctxDst->privkey == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "SECKEY_CopyPrivateKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code=%d", PORT_GetError()); + return(-1); + } } if (ctxSrc->pubkey != NULL) { - ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); - if(ctxDst->pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_CopyPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); + if(ctxDst->pubkey == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "SECKEY_CopyPublicKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code=%d", PORT_GetError()); + return(-1); + } } + return (0); } @@ -147,20 +151,41 @@ SECKEYPublicKey *pubkey) { xmlSecNssPKIKeyDataCtxPtr ctx; + KeyType pubType = nullKey ; + KeyType priType = nullKey ; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); + if( privkey != NULL ) { + priType = SECKEY_GetPrivateKeyType( privkey ) ; + } + + if( pubkey != NULL ) { + pubType = SECKEY_GetPublicKeyType( pubkey ) ; + } + + if( priType != nullKey && pubType != nullKey ) { + if( pubType != priType ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "different type of private and public key" ) ; + return -1 ; + } + } + ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); if (ctx->privkey) { - SECKEY_DestroyPrivateKey(ctx->privkey); + SECKEY_DestroyPrivateKey(ctx->privkey); } ctx->privkey = privkey; if (ctx->pubkey) { - SECKEY_DestroyPublicKey(ctx->pubkey); + SECKEY_DestroyPublicKey(ctx->pubkey); } ctx->pubkey = pubkey; @@ -183,61 +208,75 @@ { xmlSecKeyDataPtr data = NULL; int ret; - KeyType kt; - - if (pubkey != NULL) { - kt = SECKEY_GetPublicKeyType(pubkey); - } else { - kt = SECKEY_GetPrivateKeyType(privkey); - pubkey = SECKEY_ConvertToPublicKey(privkey); - } + KeyType pubType = nullKey ; + KeyType priType = nullKey ; - switch(kt) { + if( privkey != NULL ) { + priType = SECKEY_GetPrivateKeyType( privkey ) ; + } + + if( pubkey != NULL ) { + pubType = SECKEY_GetPublicKeyType( pubkey ) ; + } + + if( priType != nullKey && pubType != nullKey ) { + if( pubType != priType ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "different type of private and public key" ) ; + return( NULL ) ; + } + } + + pubType = priType != nullKey ? priType : pubType ; + switch(pubType) { #ifndef XMLSEC_NO_RSA case rsaKey: - data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); - if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssKeyDataRsaId"); - return(NULL); - } - break; + data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); + if(data == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "xmlSecNssKeyDataRsaId"); + return(NULL); + } + break; #endif /* XMLSEC_NO_RSA */ #ifndef XMLSEC_NO_DSA case dsaKey: - data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); - if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssKeyDataDsaId"); - return(NULL); - } - break; + data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); + if(data == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "xmlSecNssKeyDataDsaId"); + return(NULL); + } + break; #endif /* XMLSEC_NO_DSA */ default: - xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_TYPE, - "PKI key type %d not supported", kt); - return(NULL); + "PKI key type %d not supported", pubType); + return(NULL); } xmlSecAssert2(data != NULL, NULL); ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssPKIKeyDataAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDataDestroy(data); - return(NULL); + xmlSecKeyDataDestroy(data); + return(NULL); } return(data); } @@ -263,7 +302,7 @@ xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->pubkey != NULL, NULL); - ret = SECKEY_CopyPublicKey(ctx->pubkey); + ret = SECKEY_CopyPublicKey(ctx->pubkey); return(ret); } @@ -312,9 +351,9 @@ xmlSecAssert2(ctx != NULL, nullKey); if (ctx->pubkey != NULL) { - kt = SECKEY_GetPublicKeyType(ctx->pubkey); + kt = SECKEY_GetPublicKeyType(ctx->pubkey); } else { - kt = SECKEY_GetPrivateKeyType(ctx->privkey); + kt = SECKEY_GetPrivateKeyType(ctx->privkey); } return(kt); } @@ -453,7 +492,11 @@ static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data, FILE* output); +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { +#else static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = { +#endif sizeof(xmlSecKeyDataKlass), xmlSecNssPKIKeyDataSize, @@ -553,13 +596,13 @@ goto done; } - slot = PK11_GetBestSlot(CKM_DSA, NULL); + slot = xmlSecNssSlotGet(CKM_DSA); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_GetBestSlot", + "xmlSecNssSlotGet", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); ret = -1; goto done; } @@ -570,7 +613,7 @@ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_NewArena", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); ret = -1; goto done; } @@ -582,7 +625,7 @@ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_ArenaZAlloc", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; @@ -750,21 +793,21 @@ goto done; } data = NULL; - ret = 0; done: if (slot != NULL) { - PK11_FreeSlot(slot); + PK11_FreeSlot(slot); } - if (ret != 0) { - if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); - } - if (data != NULL) { - xmlSecKeyDataDestroy(data); - } + + if (pubkey != NULL) { + SECKEY_DestroyPublicKey(pubkey); + } + + if (data != NULL) { + xmlSecKeyDataDestroy(data); } + return(ret); } @@ -783,7 +826,7 @@ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { /* we can have only private key or public key */ @@ -905,7 +948,8 @@ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_PQG_ParamGen", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", sizeBits); + "size=%d, error code=%d", sizeBits, PORT_GetError()); + ret = -1; goto done; } @@ -915,11 +959,12 @@ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_PQG_VerifyParams", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", sizeBits); + "size=%d, error code=%d", sizeBits, PORT_GetError()); + ret = -1; goto done; } - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); + slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubkey, PR_FALSE, PR_TRUE, NULL); @@ -929,8 +974,9 @@ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_GenerateKeyPair", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); + ret = -1; goto done; } @@ -943,29 +989,32 @@ XMLSEC_ERRORS_NO_MESSAGE); goto done; } - + privkey = NULL ; + pubkey = NULL ; ret = 0; done: if (slot != NULL) { - PK11_FreeSlot(slot); + PK11_FreeSlot(slot); } + if (pqgParams != NULL) { - PK11_PQG_DestroyParams(pqgParams); + PK11_PQG_DestroyParams(pqgParams); } + if (pqgVerify != NULL) { - PK11_PQG_DestroyVerify(pqgVerify); - } - if (ret == 0) { - return (0); + PK11_PQG_DestroyVerify(pqgVerify); } + if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); + SECKEY_DestroyPublicKey(pubkey); } + if (privkey != NULL) { - SECKEY_DestroyPrivateKey(privkey); + SECKEY_DestroyPrivateKey(privkey); } - return(-1); + + return(ret); } static xmlSecKeyDataType @@ -975,11 +1024,11 @@ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ if (ctx->privkey != NULL) { - return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); - } else { - return(xmlSecKeyDataTypePublic); + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + } else if( ctx->pubkey != NULL ) { + return(xmlSecKeyDataTypePublic); } return(xmlSecKeyDataTypeUnknown); @@ -992,7 +1041,7 @@ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } @@ -1084,7 +1133,11 @@ static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data, FILE* output); +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { +#else static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = { +#endif sizeof(xmlSecKeyDataKlass), xmlSecNssPKIKeyDataSize, @@ -1181,13 +1234,13 @@ goto done; } - slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); + slot = xmlSecNssSlotGet(CKM_RSA_PKCS); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_GetBestSlot", + "xmlSecNssSlotGet", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); ret = -1; goto done; } @@ -1198,7 +1251,7 @@ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_NewArena", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); ret = -1; goto done; } @@ -1210,7 +1263,7 @@ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_ArenaZAlloc", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; @@ -1349,7 +1402,7 @@ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { @@ -1420,7 +1473,7 @@ params.keySizeInBits = sizeBits; params.pe = 65537; - slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); + slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, &pubkey, PR_FALSE, PR_TRUE, NULL); @@ -1430,7 +1483,7 @@ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_GenerateKeyPair", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); goto done; } @@ -1472,7 +1525,7 @@ ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ if (ctx->privkey != NULL) { return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); } else { @@ -1490,7 +1543,7 @@ ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } --- misc/xmlsec1-1.2.6/src/nss/signatures.c 2003-09-26 02:58:15.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/signatures.c 2008-06-29 23:44:19.000000000 +0200 @@ -199,7 +199,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_NewContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } } else { @@ -222,7 +222,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_CreateContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } } @@ -282,7 +282,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Update, VFY_End", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -341,7 +341,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_Begin", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } } else { @@ -351,7 +351,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Begin", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } } @@ -368,7 +368,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_Update", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } } else { @@ -378,7 +378,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Update", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } } @@ -404,7 +404,7 @@ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_End", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } @@ -459,7 +459,11 @@ * ***************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssDsaSha1Klass = { +#else static xmlSecTransformKlass xmlSecNssDsaSha1Klass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssSignatureSize, /* xmlSecSize objSize */ @@ -506,7 +510,11 @@ * RSA-SHA1 signature transform * ***************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssRsaSha1Klass = { +#else static xmlSecTransformKlass xmlSecNssRsaSha1Klass = { +#endif /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ xmlSecNssSignatureSize, /* xmlSecSize objSize */ --- misc/xmlsec1-1.2.6/src/nss/symkeys.c 2003-07-21 05:12:52.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/symkeys.c 2008-06-29 23:44:19.000000000 +0200 @@ -15,178 +15,837 @@ #include #include +#include +#include + #include #include +#include #include #include #include #include #include +#include +#include /***************************************************************************** * - * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary + * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey * ****************************************************************************/ -static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); -static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, - xmlSecKeyDataPtr src); -static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); -static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, - xmlSecKeyPtr key, - const xmlSecByte* buf, - xmlSecSize bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlSecByte** buf, - xmlSecSize* bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, - xmlSecSize sizeBits, - xmlSecKeyDataType type); - -static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); -static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); -static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, - FILE* output); -static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, - FILE* output); -static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); +typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; +typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; + +struct _xmlSecNssSymKeyDataCtx { + CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ + PK11SlotInfo* slot ; /* the key resident slot */ + PK11SymKey* symkey ; /* the symmetic key */ +} ; + +#define xmlSecNssSymKeyDataSize \ + ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) + +#define xmlSecNssSymKeyDataGetCtx( data ) \ + ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) + + +static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); +static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); +static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, + xmlSecKeyPtr key, + const xmlSecByte* buf, + xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlSecByte** buf, + xmlSecSize* bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, + xmlSecSize sizeBits, + xmlSecKeyDataType type); + +static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); +static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); +static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, + FILE* output); +static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); #define xmlSecNssSymKeyDataCheckId(data) \ (xmlSecKeyDataIsValid((data)) && \ xmlSecNssSymKeyDataKlassCheck((data)->id)) +/** + * xmlSecNssSymKeyDataAdoptKey: + * @data: the pointer to symmetric key data. + * @symkey: the symmetric key + * + * Set the value of symmetric key data. + * + * Returns 0 on success or a negative value if an error occurs. + */ +int +xmlSecNssSymKeyDataAdoptKey( + xmlSecKeyDataPtr data , + PK11SymKey* symkey +) { + xmlSecNssSymKeyDataCtxPtr context = NULL ; + + xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; + xmlSecAssert2( symkey != NULL, -1 ) ; + + context = xmlSecNssSymKeyDataGetCtx( data ) ; + xmlSecAssert2(context != NULL, -1); + + context->cipher = PK11_GetMechanism( symkey ) ; + + if( context->slot != NULL ) { + PK11_FreeSlot( context->slot ) ; + context->slot = NULL ; + } + context->slot = PK11_GetSlotFromKey( symkey ) ; + + if( context->symkey != NULL ) { + PK11_FreeSymKey( context->symkey ) ; + context->symkey = NULL ; + } + context->symkey = PK11_ReferenceSymKey( symkey ) ; + + return 0 ; +} + +xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( + PK11SymKey* symKey +) { + xmlSecKeyDataPtr data = NULL ; + CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; + + xmlSecAssert2( symKey != NULL , NULL ) ; + + mechanism = PK11_GetMechanism( symKey ) ; + switch( mechanism ) { + case CKM_DES3_KEY_GEN : + case CKM_DES3_CBC : + case CKM_DES3_MAC : + data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyDataCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "xmlSecNssKeyDataDesId" ) ; + return NULL ; + } + break ; + case CKM_AES_KEY_GEN : + case CKM_AES_CBC : + case CKM_AES_MAC : + data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyDataCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "xmlSecNssKeyDataDesId" ) ; + return NULL ; + } + break ; + default : + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "Unsupported mechanism" ) ; + return NULL ; + } + + if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataAdoptKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyDataDestroy( data ) ; + return NULL ; + } + + return data ; +} + + +PK11SymKey* +xmlSecNssSymKeyDataGetKey( + xmlSecKeyDataPtr data +) { + xmlSecNssSymKeyDataCtxPtr ctx; + PK11SymKey* symkey ; + + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); + + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, NULL); + + if( ctx->symkey != NULL ) { + symkey = PK11_ReferenceSymKey( ctx->symkey ) ; + } else { + symkey = NULL ; + } + + return(symkey); +} + static int xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { + xmlSecNssSymKeyDataCtxPtr ctx; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); - - return(xmlSecKeyDataBinaryValueInitialize(data)); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); + + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); + + /* Set the block cipher mechanism */ +#ifndef XMLSEC_NO_DES + if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { + ctx->cipher = CKM_DES3_KEY_GEN; + } else +#endif /* XMLSEC_NO_DES */ + +#ifndef XMLSEC_NO_AES + if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { + ctx->cipher = CKM_AES_KEY_GEN; + } else +#endif /* XMLSEC_NO_AES */ + + if(1) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + "Unsupported block cipher" ) ; + return(-1) ; + } + + return(0); } static int xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecNssSymKeyDataCtxPtr ctxDst; + xmlSecNssSymKeyDataCtxPtr ctxSrc; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); xmlSecAssert2(dst->id == src->id, -1); - - return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); + + ctxDst = xmlSecNssSymKeyDataGetCtx(dst); + xmlSecAssert2(ctxDst != NULL, -1); + + ctxSrc = xmlSecNssSymKeyDataGetCtx(src); + xmlSecAssert2(ctxSrc != NULL, -1); + + ctxDst->cipher = ctxSrc->cipher ; + + if( ctxSrc->slot != NULL ) { + if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { + PK11_FreeSlot( ctxDst->slot ) ; + ctxDst->slot = NULL ; + } + + if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) + ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; + } else { + if( ctxDst->slot != NULL ) { + PK11_FreeSlot( ctxDst->slot ) ; + ctxDst->slot = NULL ; + } + } + + if( ctxSrc->symkey != NULL ) { + if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { + PK11_FreeSymKey( ctxDst->symkey ) ; + ctxDst->symkey = NULL ; + } + + if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) + ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; + } else { + if( ctxDst->symkey != NULL ) { + PK11_FreeSymKey( ctxDst->symkey ) ; + ctxDst->symkey = NULL ; + } + } + + return(0); } static void xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { + xmlSecNssSymKeyDataCtxPtr ctx; + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - - xmlSecKeyDataBinaryValueFinalize(data); + xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); + + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert(ctx != NULL); + + if( ctx->slot != NULL ) { + PK11_FreeSlot( ctx->slot ) ; + ctx->slot = NULL ; + } + + if( ctx->symkey != NULL ) { + PK11_FreeSymKey( ctx->symkey ) ; + ctx->symkey = NULL ; + } + + ctx->cipher = CKM_INVALID_MECHANISM ; } static int xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + PK11SymKey* symKey ; + PK11SlotInfo* slot ; + xmlSecBufferPtr keyBuf; + xmlSecSize len; + xmlSecKeyDataPtr data; + xmlSecNssSymKeyDataCtxPtr ctx; + SECItem keyItem ; + int ret; + + xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + /* Create a new KeyData from a id */ + data = xmlSecKeyDataCreate(id); + if(data == NULL ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + /* Create a buffer for raw symmetric key value */ + if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + /* Read the raw key value */ + if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecBufferDestroy( keyBuf ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + /* Get slot */ + slot = xmlSecNssSlotGet(ctx->cipher); + if( slot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecNssSlotGet" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecBufferDestroy( keyBuf ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + /* Wrap the raw key value SECItem */ + keyItem.type = siBuffer ; + keyItem.data = xmlSecBufferGetData( keyBuf ) ; + keyItem.len = xmlSecBufferGetSize( keyBuf ) ; + + /* Import the raw key into slot temporalily and get the key handler*/ + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; + if( symKey == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_ImportSymKey" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + PK11_FreeSlot( slot ) ; + xmlSecBufferDestroy( keyBuf ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + PK11_FreeSlot( slot ) ; + + /* raw key material has been copied into symKey, it isn't used any more */ + xmlSecBufferDestroy( keyBuf ) ; - return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); + /* Adopt the symmetric key into key data */ + ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeyDataBinaryValueSetBuffer", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1); + } + /* symKey has been duplicated into data, it isn't used any more */ + PK11_FreeSymKey( symKey ) ; + + /* Check value */ + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeyReqMatchKeyValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecKeyDataDestroy( data ) ; + return(0); + } + + ret = xmlSecKeySetValue(key, data); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeySetValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecKeyDataDestroy( data ) ; + return(-1); + } + + return(0); } static int xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + PK11SymKey* symKey ; + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + /* Get symmetric key from "key" */ + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); + if( symKey != NULL ) { + SECItem* keyItem ; + xmlSecBufferPtr keyBuf ; + + /* Extract raw key data from symmetric key */ + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_ExtractKeyValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + /* Get raw key data from "symKey" */ + keyItem = PK11_GetKeyData( symKey ) ; + if(keyItem == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_GetKeyData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + /* Create key data buffer with raw kwy material */ + keyBuf = xmlSecBufferCreate(keyItem->len) ; + if(keyBuf == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; + + /* Write raw key material into current xml node */ + if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferBase64NodeContentWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBufferDestroy(keyBuf); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + xmlSecBufferDestroy(keyBuf); + PK11_FreeSymKey( symKey ) ; + } - return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); + return 0 ; } static int xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - const xmlSecByte* buf, xmlSecSize bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + const xmlSecByte* buf, xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + PK11SymKey* symKey ; + PK11SlotInfo* slot ; + xmlSecKeyDataPtr data; + xmlSecNssSymKeyDataCtxPtr ctx; + SECItem keyItem ; + int ret; - return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); + xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(buf != NULL, -1); + xmlSecAssert2(bufSize != 0, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + /* Create a new KeyData from a id */ + data = xmlSecKeyDataCreate(id); + if(data == NULL ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + /* Get slot */ + slot = xmlSecNssSlotGet(ctx->cipher); + if( slot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecNssSlotGet" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + /* Wrap the raw key value SECItem */ + keyItem.type = siBuffer ; + keyItem.data = buf ; + keyItem.len = bufSize ; + + /* Import the raw key into slot temporalily and get the key handler*/ + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; + if( symKey == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_ImportSymKey" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSlot( slot ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + /* Adopt the symmetric key into key data */ + ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeyDataBinaryValueSetBuffer", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + PK11_FreeSlot( slot ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1); + } + /* symKey has been duplicated into data, it isn't used any more */ + PK11_FreeSymKey( symKey ) ; + PK11_FreeSlot( slot ) ; + + /* Check value */ + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeyReqMatchKeyValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecKeyDataDestroy( data ) ; + return(0); + } + + ret = xmlSecKeySetValue(key, data); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeySetValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecKeyDataDestroy( data ) ; + return(-1); + } + + return(0); } static int xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlSecByte** buf, xmlSecSize* bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecByte** buf, xmlSecSize* bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + PK11SymKey* symKey ; + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(buf != NULL, -1); + xmlSecAssert2(bufSize != 0, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + /* Get symmetric key from "key" */ + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); + if( symKey != NULL ) { + SECItem* keyItem ; + + /* Extract raw key data from symmetric key */ + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_ExtractKeyValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + /* Get raw key data from "symKey" */ + keyItem = PK11_GetKeyData( symKey ) ; + if(keyItem == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_GetKeyData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + *bufSize = keyItem->len; + *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); + if( *buf == NULL ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + NULL, + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + memcpy((*buf), keyItem->data, (*bufSize)); + PK11_FreeSymKey( symKey ) ; + } - return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); + return 0 ; } static int xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { - xmlSecBufferPtr buffer; - + PK11SymKey* symkey ; + PK11SlotInfo* slot ; + xmlSecNssSymKeyDataCtxPtr ctx; + int ret; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); xmlSecAssert2(sizeBits > 0, -1); - buffer = xmlSecKeyDataBinaryValueGetBuffer(data); - xmlSecAssert2(buffer != NULL, -1); - - return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + if( sizeBits % 8 != 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + NULL, + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "Symmetric key size must be octuple"); + return(-1); + } + + /* Get slot */ + slot = xmlSecNssSlotGet(ctx->cipher); + if( slot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecNssSlotGet" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + + if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "PK11_Authenticate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSlot( slot ) ; + return -1 ; + } + + symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; + if( symkey == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "PK11_KeyGen" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSlot( slot ) ; + return -1 ; + } + + if( ctx->slot != NULL ) { + PK11_FreeSlot( ctx->slot ) ; + ctx->slot = NULL ; + } + ctx->slot = slot ; + + if( ctx->symkey != NULL ) { + PK11_FreeSymKey( ctx->symkey ) ; + ctx->symkey = NULL ; + } + ctx->symkey = symkey ; + + return 0 ; } static xmlSecKeyDataType xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { - xmlSecBufferPtr buffer; + xmlSecNssSymKeyDataCtxPtr context = NULL ; + xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; - buffer = xmlSecKeyDataBinaryValueGetBuffer(data); - xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); + context = xmlSecNssSymKeyDataGetCtx( data ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "xmlSecNssSymKeyDataGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return xmlSecKeyDataTypeUnknown ; + } + + if( context->symkey != NULL ) { + type |= xmlSecKeyDataTypeSymmetric ; + } else { + type |= xmlSecKeyDataTypeUnknown ; + } - return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); + return type ; } static xmlSecSize xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { + xmlSecNssSymKeyDataCtxPtr context ; + unsigned int length = 0 ; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); - - return(xmlSecKeyDataBinaryValueGetSize(data)); + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; + + context = xmlSecNssSymKeyDataGetCtx( data ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "xmlSecNssSymKeyDataGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return 0 ; + } + + if( context->symkey != NULL ) { + length = PK11_GetKeyLength( context->symkey ) ; + length *= 8 ; + } + + return length ; } static void xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - xmlSecKeyDataBinaryValueDebugDump(data, output); + /* print only size, everything else is sensitive */ + fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , + xmlSecKeyDataGetSize(data)) ; } static void xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - xmlSecKeyDataBinaryValueDebugXmlDump(data, output); + /* print only size, everything else is sensitive */ + fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , + xmlSecKeyDataGetSize(data)) ; } static int xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { #ifndef XMLSEC_NO_DES if(klass == xmlSecNssKeyDataDesId) { - return(1); + return(1); } #endif /* XMLSEC_NO_DES */ #ifndef XMLSEC_NO_AES if(klass == xmlSecNssKeyDataAesId) { - return(1); + return(1); } #endif /* XMLSEC_NO_AES */ #ifndef XMLSEC_NO_HMAC if(klass == xmlSecNssKeyDataHmacId) { - return(1); + return(1); } #endif /* XMLSEC_NO_HMAC */ @@ -199,42 +858,46 @@ * processing * *************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { +#else static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { +#endif sizeof(xmlSecKeyDataKlass), - xmlSecKeyDataBinarySize, + xmlSecNssSymKeyDataSize, /* data */ xmlSecNameAESKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, - /* xmlSecKeyDataUsage usage; */ - xmlSecHrefAESKeyValue, /* const xmlChar* href; */ - xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ - xmlSecNs, /* const xmlChar* dataNodeNs; */ + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefAESKeyValue, /* const xmlChar* href; */ + xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ - xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ - xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ - xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ - xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ - xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ - xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ - xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ - xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ + xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ - xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ - xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; /** @@ -251,9 +914,9 @@ /** * xmlSecNssKeyDataAesSet: - * @data: the pointer to AES key data. - * @buf: the pointer to key value. - * @bufSize: the key value size (in bytes). + * @data: the pointer to AES key data. + * @buf: the pointer to key value. + * @bufSize: the key value size (in bytes). * * Sets the value of AES key data. * @@ -280,42 +943,46 @@ * processing * *************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { +#else static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { +#endif sizeof(xmlSecKeyDataKlass), - xmlSecKeyDataBinarySize, + xmlSecNssSymKeyDataSize, /* data */ xmlSecNameDESKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, - /* xmlSecKeyDataUsage usage; */ - xmlSecHrefDESKeyValue, /* const xmlChar* href; */ - xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ - xmlSecNs, /* const xmlChar* dataNodeNs; */ + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefDESKeyValue, /* const xmlChar* href; */ + xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ - xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ - xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ - xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ - xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ - xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ - xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ - xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ - xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ + xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ - xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ - xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; /** @@ -332,9 +999,9 @@ /** * xmlSecNssKeyDataDesSet: - * @data: the pointer to DES key data. - * @buf: the pointer to key value. - * @bufSize: the key value size (in bytes). + * @data: the pointer to DES key data. + * @buf: the pointer to key value. + * @bufSize: the key value size (in bytes). * * Sets the value of DES key data. * @@ -362,42 +1029,46 @@ * processing * *************************************************************************/ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { +#else static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { +#endif sizeof(xmlSecKeyDataKlass), - xmlSecKeyDataBinarySize, + xmlSecNssSymKeyDataSize, /* data */ xmlSecNameHMACKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, - /* xmlSecKeyDataUsage usage; */ - xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ - xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ - xmlSecNs, /* const xmlChar* dataNodeNs; */ + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ + xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ - xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ - xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ - xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ - xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ - xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ - xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ - xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ - xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ + xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ - xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ - xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; /** @@ -414,9 +1085,9 @@ /** * xmlSecNssKeyDataHmacSet: - * @data: the pointer to HMAC key data. - * @buf: the pointer to key value. - * @bufSize: the key value size (in bytes). + * @data: the pointer to HMAC key data. + * @buf: the pointer to key value. + * @bufSize: the key value size (in bytes). * * Sets the value of HMAC key data. * --- misc/xmlsec1-1.2.6/src/nss/tokens.c 2008-06-29 23:44:40.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/tokens.c 2008-06-29 23:44:19.000000000 +0200 @@ -1 +1,548 @@ -dummy +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright.................................. + * + * Contributor(s): _____________________________ + * + */ + +/** + * In order to ensure that particular crypto operation is performed on + * particular crypto device, a subclass of xmlSecList is used to store slot and + * mechanism information. + * + * In the list, a slot is bound with a mechanism. If the mechanism is available, + * this mechanism only can perform on the slot; otherwise, it can perform on + * every eligibl slot in the list. + * + * When try to find a slot for a particular mechanism, the slot bound with + * avaliable mechanism will be looked up firstly. + */ +#include "globals.h" +#include + +#include +#include +#include + +#include + +int +xmlSecNssKeySlotSetMechList( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE_PTR mechanismList +) { + int counter ; + + xmlSecAssert2( keySlot != NULL , -1 ) ; + + if( keySlot->mechanismList != CK_NULL_PTR ) { + xmlFree( keySlot->mechanismList ) ; + + for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; + keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; + if( keySlot->mechanismList == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ); + } + for( ; counter >= 0 ; counter -- ) + *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; + } + + return( 0 ); +} + +int +xmlSecNssKeySlotEnableMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE mechanism +) { + int counter ; + CK_MECHANISM_TYPE_PTR newList ; + + xmlSecAssert2( keySlot != NULL , -1 ) ; + + if( mechanism != CKM_INVALID_MECHANISM ) { + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; + newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; + if( newList == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ); + } + *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; + *( newList + counter ) = mechanism ; + for( counter -= 1 ; counter >= 0 ; counter -- ) + *( newList + counter ) = *( keySlot->mechanismList + counter ) ; + + xmlFree( keySlot->mechanismList ) ; + keySlot->mechanismList = newList ; + } + + return(0); +} + +int +xmlSecNssKeySlotDisableMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE mechanism +) { + int counter ; + + xmlSecAssert2( keySlot != NULL , -1 ) ; + + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { + if( *( keySlot->mechanismList + counter ) == mechanism ) { + for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { + *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; + } + + break ; + } + } + + return(0); +} + +CK_MECHANISM_TYPE_PTR +xmlSecNssKeySlotGetMechList( + xmlSecNssKeySlotPtr keySlot +) { + if( keySlot != NULL ) + return keySlot->mechanismList ; + else + return NULL ; +} + +int +xmlSecNssKeySlotSetSlot( + xmlSecNssKeySlotPtr keySlot , + PK11SlotInfo* slot +) { + xmlSecAssert2( keySlot != NULL , -1 ) ; + + if( slot != NULL && keySlot->slot != slot ) { + if( keySlot->slot != NULL ) + PK11_FreeSlot( keySlot->slot ) ; + + if( keySlot->mechanismList != NULL ) { + xmlFree( keySlot->mechanismList ) ; + keySlot->mechanismList = NULL ; + } + + keySlot->slot = PK11_ReferenceSlot( slot ) ; + } + + return(0); +} + +int +xmlSecNssKeySlotInitialize( + xmlSecNssKeySlotPtr keySlot , + PK11SlotInfo* slot +) { + xmlSecAssert2( keySlot != NULL , -1 ) ; + xmlSecAssert2( keySlot->slot == NULL , -1 ) ; + xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; + + if( slot != NULL ) { + keySlot->slot = PK11_ReferenceSlot( slot ) ; + } + + return(0); +} + +void +xmlSecNssKeySlotFinalize( + xmlSecNssKeySlotPtr keySlot +) { + xmlSecAssert( keySlot != NULL ) ; + + if( keySlot->mechanismList != NULL ) { + xmlFree( keySlot->mechanismList ) ; + keySlot->mechanismList = NULL ; + } + + if( keySlot->slot != NULL ) { + PK11_FreeSlot( keySlot->slot ) ; + keySlot->slot = NULL ; + } + +} + +PK11SlotInfo* +xmlSecNssKeySlotGetSlot( + xmlSecNssKeySlotPtr keySlot +) { + if( keySlot != NULL ) + return keySlot->slot ; + else + return NULL ; +} + +xmlSecNssKeySlotPtr +xmlSecNssKeySlotCreate() { + xmlSecNssKeySlotPtr keySlot ; + + /* Allocates a new xmlSecNssKeySlot and fill the fields */ + keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; + if( keySlot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( NULL ); + } + memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; + + return( keySlot ) ; +} + +int +xmlSecNssKeySlotCopy( + xmlSecNssKeySlotPtr newKeySlot , + xmlSecNssKeySlotPtr keySlot +) { + CK_MECHANISM_TYPE_PTR mech ; + int counter ; + + xmlSecAssert2( newKeySlot != NULL , -1 ) ; + xmlSecAssert2( keySlot != NULL , -1 ) ; + + if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { + if( newKeySlot->slot != NULL ) + PK11_FreeSlot( newKeySlot->slot ) ; + + newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; + } + + if( keySlot->mechanismList != CK_NULL_PTR ) { + xmlFree( newKeySlot->mechanismList ) ; + + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; + newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; + if( newKeySlot->mechanismList == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ); + } + for( ; counter >= 0 ; counter -- ) + *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; + } + + return( 0 ); +} + +xmlSecNssKeySlotPtr +xmlSecNssKeySlotDuplicate( + xmlSecNssKeySlotPtr keySlot +) { + xmlSecNssKeySlotPtr newKeySlot ; + int ret ; + + xmlSecAssert2( keySlot != NULL , NULL ) ; + + newKeySlot = xmlSecNssKeySlotCreate() ; + if( newKeySlot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( NULL ); + } + + if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( NULL ); + } + + return( newKeySlot ); +} + +void +xmlSecNssKeySlotDestroy( + xmlSecNssKeySlotPtr keySlot +) { + xmlSecAssert( keySlot != NULL ) ; + + if( keySlot->mechanismList != NULL ) + xmlFree( keySlot->mechanismList ) ; + + if( keySlot->slot != NULL ) + PK11_FreeSlot( keySlot->slot ) ; + + xmlFree( keySlot ) ; +} + +int +xmlSecNssKeySlotBindMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE type +) { + int counter ; + + xmlSecAssert2( keySlot != NULL , 0 ) ; + xmlSecAssert2( keySlot->slot != NULL , 0 ) ; + xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; + + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { + if( *( keySlot->mechanismList + counter ) == type ) + return(1) ; + } + + return( 0 ) ; +} + +int +xmlSecNssKeySlotSupportMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE type +) { + xmlSecAssert2( keySlot != NULL , 0 ) ; + xmlSecAssert2( keySlot->slot != NULL , 0 ) ; + xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; + + if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { + return(1); + } else + return(0); +} + +void +xmlSecNssKeySlotDebugDump( + xmlSecNssKeySlotPtr keySlot , + FILE* output +) { + xmlSecAssert( keySlot != NULL ) ; + xmlSecAssert( output != NULL ) ; + + fprintf( output, "== KEY SLOT\n" ); +} + +void +xmlSecNssKeySlotDebugXmlDump( + xmlSecNssKeySlotPtr keySlot , + FILE* output +) { +} + +/** + * Key Slot List + */ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { +#else +static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { +#endif + BAD_CAST "mechanism-list", + (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, + (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, + (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, + (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, +}; + +xmlSecPtrListId +xmlSecNssKeySlotListGetKlass(void) { + return(&xmlSecNssKeySlotPtrListKlass); +} + + +/*- + * Global PKCS#11 crypto token repository -- Key slot list + */ +static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; + +PK11SlotInfo* +xmlSecNssSlotGet( + CK_MECHANISM_TYPE type +) { + PK11SlotInfo* slot = NULL ; + xmlSecNssKeySlotPtr keySlot ; + xmlSecSize ksSize ; + xmlSecSize ksPos ; + char flag ; + + if( _xmlSecNssKeySlotList == NULL ) { + slot = PK11_GetBestSlot( type , NULL ) ; + } else { + ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; + + /*- + * Firstly, checking whether the mechanism is bound with a special slot. + * If no bound slot, we try to find the first eligible slot in the list. + */ + for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; + if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { + slot = xmlSecNssKeySlotGetSlot( keySlot ) ; + flag = 2 ; + } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { + slot = xmlSecNssKeySlotGetSlot( keySlot ) ; + flag = 1 ; + } + + if( flag == 2 ) + break ; + } + if( slot != NULL ) + slot = PK11_ReferenceSlot( slot ) ; + } + + if( slot != NULL && PK11_NeedLogin( slot ) ) { + if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSlot( slot ) ; + return( NULL ); + } + } + + return slot ; +} + +int +xmlSecNssSlotInitialize( + void +) { + if( _xmlSecNssKeySlotList != NULL ) { + xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; + _xmlSecNssKeySlotList = NULL ; + } + + _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; + if( _xmlSecNssKeySlotList == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ); + } + + return(0); +} + +void +xmlSecNssSlotShutdown( + void +) { + if( _xmlSecNssKeySlotList != NULL ) { + xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; + _xmlSecNssKeySlotList = NULL ; + } +} + +int +xmlSecNssSlotAdopt( + PK11SlotInfo* slot, + CK_MECHANISM_TYPE type +) { + xmlSecNssKeySlotPtr keySlot ; + xmlSecSize ksSize ; + xmlSecSize ksPos ; + char flag ; + + xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; + xmlSecAssert2( slot != NULL, -1 ) ; + + ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; + + /*- + * Firstly, checking whether the slot is in the repository already. + */ + flag = 0 ; + for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; + /* If find the slot in the list */ + if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { + /* If mechnism type is valid, bind the slot with the mechanism */ + if( type != CKM_INVALID_MECHANISM ) { + if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + } + + flag = 1 ; + } + } + + /* If the slot do not in the list, add a new item to the list */ + if( flag == 0 ) { + /* Create a new KeySlot */ + keySlot = xmlSecNssKeySlotCreate() ; + if( keySlot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* Initialize the keySlot with a slot */ + if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return(-1); + } + + /* If mechnism type is valid, bind the slot with the mechanism */ + if( type != CKM_INVALID_MECHANISM ) { + if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return(-1); + } + } + + /* Add keySlot into the list */ + if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return(-1); + } + } + + return(0); +} + --- misc/xmlsec1-1.2.6/src/nss/x509.c 2003-09-26 05:53:09.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/x509.c 2008-06-29 23:44:19.000000000 +0200 @@ -34,7 +34,6 @@ #include #include #include -#include #include #include @@ -61,37 +60,21 @@ static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx); - static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf, xmlSecSize size); static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf); @@ -104,9 +87,6 @@ xmlSecKeyInfoCtxPtr keyInfoCtx); static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, int base64LineWrap); -static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); -static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); -static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, FILE* output); static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, @@ -254,7 +234,11 @@ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { +#else static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = { +#endif sizeof(xmlSecKeyDataKlass), xmlSecNssX509DataSize, @@ -378,7 +362,7 @@ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_NewCertList", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } } @@ -389,7 +373,7 @@ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_AddCertToListTail", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } ctx->numCerts++; @@ -588,7 +572,7 @@ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } @@ -627,7 +611,7 @@ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "SEC_DupCrl", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } @@ -652,7 +636,7 @@ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); @@ -752,31 +736,22 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; + xmlNodePtr cur; + xmlChar* buf; CERTCertificate* cert; CERTSignedCrl* crl; xmlSecSize size, pos; - int content = 0; - int ret; xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); - if (content < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecX509DataGetNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "content=%d", content); - return(-1); - } else if(content == 0) { - /* by default we are writing certificates and crls */ - content = XMLSEC_X509DATA_DEFAULT; + /* todo: flag in ctx remove all existing content */ + if(0) { + xmlNodeSetContent(node, NULL); } - /* get x509 data */ data = xmlSecKeyGetData(key, id); if(data == NULL) { /* no x509 data in the key */ @@ -795,80 +770,75 @@ "pos=%d", pos); return(-1); } - - if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { - ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509CertificateNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } + + /* set base64 lines size from context */ + buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); + if(buf == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecNssX509CertBase64DerWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } - - if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { - ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509SubjectNameNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } + + cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); + if(cur == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); + xmlFree(buf); + return(-1); } + /* todo: add \n around base64 data - from context */ + /* todo: add errors check */ + xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, buf); + xmlFree(buf); + } - if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { - ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509IssuerSerialNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - } + /* write crls */ + size = xmlSecNssKeyDataX509GetCrlsSize(data); + for(pos = 0; pos < size; ++pos) { + crl = xmlSecNssKeyDataX509GetCrl(data, pos); + if(crl == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecNssKeyDataX509GetCrl", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return(-1); + } - if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { - ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509SKINodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - } - } + /* set base64 lines size from context */ + buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); + if(buf == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecNssX509CrlBase64DerWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } - /* write crls if needed */ - if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { - size = xmlSecNssKeyDataX509GetCrlsSize(data); - for(pos = 0; pos < size; ++pos) { - crl = xmlSecNssKeyDataX509GetCrl(data, pos); - if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - - ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509CRLNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - } + cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); + if(cur == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "new_node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlFree(buf); + return(-1); + } + /* todo: add \n around base64 data - from context */ + /* todo: add errors check */ + xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, buf); } return(0); @@ -1015,19 +985,13 @@ xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); - if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { - if(content != NULL) { - xmlFree(content); - } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - return(0); + if(content == NULL){ + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } cert = xmlSecNssX509CertBase64DerRead(content); @@ -1057,46 +1021,6 @@ return(0); } -static int -xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlChar* buf; - xmlNodePtr cur; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); - - /* set base64 lines size from context */ - buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); - xmlFree(buf); - return(-1); - } - - /* todo: add \n around base64 data - from context */ - /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); - xmlNodeSetContent(cur, buf); - xmlFree(buf); - return(0); -} - static int xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; @@ -1120,19 +1044,13 @@ } subject = xmlNodeGetContent(node); - if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { - if(subject != NULL) { - xmlFree(subject); - } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - return(0); + if(subject == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); @@ -1167,40 +1085,6 @@ return(0); } -static int -xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlChar* buf = NULL; - xmlNodePtr cur = NULL; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - buf = xmlSecNssX509NameWrite(&(cert->subject)); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->subject))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); - xmlFree(buf); - return(-1); - } - xmlNodeSetContent(cur, buf); - xmlFree(buf); - return(0); -} - static int xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; @@ -1226,21 +1110,9 @@ } cur = xmlSecGetNextElementNode(node->children); - if(cur == NULL) { - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); - return(-1); - } - return(0); - } - + /* the first is required node X509IssuerName */ - if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { + if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), @@ -1332,78 +1204,6 @@ return(0); } -static int -xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlNodePtr cur; - xmlNodePtr issuerNameNode; - xmlNodePtr issuerNumberNode; - xmlChar* buf; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); - return(-1); - } - - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); - if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); - return(-1); - } - - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); - if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); - return(-1); - } - - /* write data */ - buf = xmlSecNssX509NameWrite(&(cert->issuer)); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->issuer))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - xmlNodeSetContent(issuerNameNode, buf); - xmlFree(buf); - - buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - xmlNodeSetContent(issuerNumberNode, buf); - xmlFree(buf); - - return(0); -} - static int xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; @@ -1427,20 +1227,14 @@ } ski = xmlNodeGetContent(node); - if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { - if(ski != NULL) { - xmlFree(ski); - } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); - return(-1); - } - return(0); + if(ski == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + return(-1); } cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); @@ -1475,41 +1269,6 @@ return(0); } -static int -xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlChar *buf = NULL; - xmlNodePtr cur = NULL; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - buf = xmlSecNssX509SKIWrite(cert); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509SKIWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); - xmlFree(buf); - return(-1); - } - xmlNodeSetContent(cur, buf); - xmlFree(buf); - - return(0); -} - static int xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlChar *content; @@ -1520,19 +1279,13 @@ xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); - if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { - if(content != NULL) { - xmlFree(content); - } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - return(0); + if(content == NULL){ + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); @@ -1552,47 +1305,6 @@ } static int -xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlChar* buf = NULL; - xmlNodePtr cur = NULL; - - xmlSecAssert2(crl != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); - - /* set base64 lines size from context */ - buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); - xmlFree(buf); - return(-1); - } - /* todo: add \n around base64 data - from context */ - /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); - xmlNodeSetContent(cur, buf); - xmlFree(buf); - - return(0); -} - - -static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecNssX509DataCtxPtr ctx; @@ -1600,6 +1312,10 @@ int ret; SECStatus status; PRTime notBefore, notAfter; + + PK11SlotInfo* slot ; + SECKEYPublicKey *pubKey = NULL; + SECKEYPrivateKey *priKey = NULL; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); xmlSecAssert2(key != NULL, -1); @@ -1632,10 +1348,13 @@ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(-1); } + /*- + * Get Public key from cert, which does not always work for sign action. + * keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -1645,6 +1364,54 @@ XMLSEC_ERRORS_NO_MESSAGE); return(-1); } + */ + + /*- + * I'll search key according to KeyReq. + */ + slot = cert->slot ; + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { + if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "PK11_FindPrivateKeyFromCert" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + } + + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { + if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "CERT_ExtractPublicKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + if( priKey != NULL ) + SECKEY_DestroyPrivateKey( priKey ) ; + return -1 ; + } + } + + keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); + if( keyValue == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "xmlSecNssPKIAdoptKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + if( priKey != NULL ) + SECKEY_DestroyPrivateKey( priKey ) ; + + if( pubKey != NULL ) + SECKEY_DestroyPublicKey( pubKey ) ; + + return -1 ; + } + /* Modify keyValue get Done */ /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { @@ -1725,14 +1492,6 @@ return(0); } -/** - * xmlSecNssX509CertGetKey: - * @cert: the certificate. - * - * Extracts public key from the @cert. - * - * Returns public key value or NULL if an error occurs. - */ xmlSecKeyDataPtr xmlSecNssX509CertGetKey(CERTCertificate* cert) { xmlSecKeyDataPtr data; @@ -1746,7 +1505,7 @@ NULL, "CERT_ExtractPublicKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(NULL); } @@ -1804,7 +1563,7 @@ NULL, "__CERT_NewTempCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(NULL); } @@ -1827,7 +1586,7 @@ NULL, "cert->derCert", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(NULL); } @@ -1890,7 +1649,7 @@ NULL, "PK11_GetInternalKeySlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return NULL; } @@ -1905,7 +1664,7 @@ NULL, "PK11_ImportCRL", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); PK11_FreeSlot(slot); return(NULL); } @@ -1929,7 +1688,7 @@ NULL, "crl->derCrl", XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "error code=%d", PORT_GetError()); return(NULL); } @@ -1946,86 +1705,6 @@ return(res); } -static xmlChar* -xmlSecNssX509NameWrite(CERTName* nm) { - xmlChar *res = NULL; - char *str; - - xmlSecAssert2(nm != NULL, NULL); - - str = CERT_NameToAscii(nm); - if (str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_NameToAscii", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - - res = xmlStrdup(BAD_CAST str); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - PORT_Free(str); - return(NULL); - } - PORT_Free(str); - return(res); -} - -static xmlChar* -xmlSecNssASN1IntegerWrite(SECItem *num) { - xmlChar *res = NULL; - - xmlSecAssert2(num != NULL, NULL); - - /* TODO : to be implemented after - * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed - */ - return(res); -} - -static xmlChar* -xmlSecNssX509SKIWrite(CERTCertificate* cert) { - xmlChar *res = NULL; - SECItem ski; - SECStatus rv; - - xmlSecAssert2(cert != NULL, NULL); - - memset(&ski, 0, sizeof(ski)); - - rv = CERT_FindSubjectKeyIDExtension(cert, &ski); - if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_FindSubjectKeyIDExtension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - SECITEM_FreeItem(&ski, PR_FALSE); - return(NULL); - } - - res = xmlSecBase64Encode(ski.data, ski.len, 0); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - SECITEM_FreeItem(&ski, PR_FALSE); - return(NULL); - } - SECITEM_FreeItem(&ski, PR_FALSE); - - return(res); -} - - static void xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { SECItem *sn; @@ -2084,7 +1763,11 @@ xmlSecSize bufSize, xmlSecKeyInfoCtxPtr keyInfoCtx); +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { +#else static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = { +#endif sizeof(xmlSecKeyDataKlass), sizeof(xmlSecKeyData), --- misc/xmlsec1-1.2.6/src/nss/x509vfy.c 2003-09-26 02:58:15.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c 2008-06-29 23:44:19.000000000 +0200 @@ -30,6 +30,7 @@ #include #include #include +#include #include #include @@ -43,8 +44,8 @@ typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, *xmlSecNssX509StoreCtxPtr; struct _xmlSecNssX509StoreCtx { - CERTCertList* certsList; /* just keeping a reference to destroy later */ -}; + CERTCertList* certsList; /* just keeping a reference to destroy later */ +}; /**************************************************************************** * @@ -54,45 +55,40 @@ * ***************************************************************************/ #define xmlSecNssX509StoreGetCtx(store) \ - ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ - sizeof(xmlSecKeyDataStoreKlass))) + ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ + sizeof(xmlSecKeyDataStoreKlass))) #define xmlSecNssX509StoreSize \ - (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) + (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); -static int xmlSecNssX509NameStringRead (xmlSecByte **str, - int *strLen, - xmlSecByte *res, - int resLen, - xmlSecByte delim, - int ingoreTrailingSpaces); -static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, - int len); - -static void xmlSecNssNumToItem(SECItem *it, unsigned long num); +static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { +#else static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { - sizeof(xmlSecKeyDataStoreKlass), - xmlSecNssX509StoreSize, - - /* data */ - xmlSecNameX509Store, /* const xmlChar* name; */ - - /* constructors/destructor */ - xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ - xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ - - /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ +#endif + sizeof(xmlSecKeyDataStoreKlass), + xmlSecNssX509StoreSize, + + /* data */ + xmlSecNameX509Store, /* const xmlChar* name; */ + + /* constructors/destructor */ + xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ + xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, - xmlChar *issuerName, - xmlChar *issuerSerial, - xmlChar *ski); + xmlChar *issuerName, + xmlChar *issuerSerial, + xmlChar *ski); /** @@ -104,7 +100,7 @@ */ xmlSecKeyDataStoreId xmlSecNssX509StoreGetKlass(void) { - return(&xmlSecNssX509StoreKlass); + return(&xmlSecNssX509StoreKlass); } /** @@ -125,15 +121,15 @@ xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, xmlChar *issuerName, xmlChar *issuerSerial, xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { - xmlSecNssX509StoreCtxPtr ctx; - - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); - xmlSecAssert2(keyInfoCtx != NULL, NULL); + xmlSecNssX509StoreCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); - ctx = xmlSecNssX509StoreGetCtx(store); - xmlSecAssert2(ctx != NULL, NULL); + ctx = xmlSecNssX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, NULL); - return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); + return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); } /** @@ -148,116 +144,130 @@ */ CERTCertificate * xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, - xmlSecKeyInfoCtx* keyInfoCtx) { - xmlSecNssX509StoreCtxPtr ctx; - CERTCertListNode* head; - CERTCertificate* cert = NULL; - CERTCertListNode* head1; - CERTCertificate* cert1 = NULL; - SECStatus status = SECFailure; - int64 timeboundary; - int64 tmp1, tmp2; - - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); - xmlSecAssert2(certs != NULL, NULL); - xmlSecAssert2(keyInfoCtx != NULL, NULL); - - ctx = xmlSecNssX509StoreGetCtx(store); - xmlSecAssert2(ctx != NULL, NULL); - - for (head = CERT_LIST_HEAD(certs); - !CERT_LIST_END(head, certs); - head = CERT_LIST_NEXT(head)) { - cert = head->cert; + xmlSecKeyInfoCtx* keyInfoCtx) { + xmlSecNssX509StoreCtxPtr ctx; + CERTCertListNode* head; + CERTCertificate* cert = NULL; + CERTCertListNode* head1; + CERTCertificate* cert1 = NULL; + SECStatus status = SECFailure; + int64 timeboundary; + int64 tmp1, tmp2; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); + xmlSecAssert2(certs != NULL, NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); + + ctx = xmlSecNssX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, NULL); + + for (head = CERT_LIST_HEAD(certs); + !CERT_LIST_END(head, certs); + head = CERT_LIST_NEXT(head)) { + cert = head->cert; if(keyInfoCtx->certsVerificationTime > 0) { - /* convert the time since epoch in seconds to microseconds */ - LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); - tmp1 = (int64)PR_USEC_PER_SEC; - tmp2 = timeboundary; - LL_MUL(timeboundary, tmp1, tmp2); + /* convert the time since epoch in seconds to microseconds */ + LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); + tmp1 = (int64)PR_USEC_PER_SEC; + tmp2 = timeboundary; + LL_MUL(timeboundary, tmp1, tmp2); } else { - timeboundary = PR_Now(); + timeboundary = PR_Now(); } /* if cert is the issuer of any other cert in the list, then it is * to be skipped */ for (head1 = CERT_LIST_HEAD(certs); - !CERT_LIST_END(head1, certs); - head1 = CERT_LIST_NEXT(head1)) { + !CERT_LIST_END(head1, certs); + head1 = CERT_LIST_NEXT(head1)) { - cert1 = head1->cert; - if (cert1 == cert) { + cert1 = head1->cert; + if (cert1 == cert) { continue; - } + } - if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) - == SECEqual) { + if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) + == SECEqual) { break; - } + } } if (!CERT_LIST_END(head1, certs)) { - continue; + continue; } - - status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), - cert, PR_FALSE, - (SECCertificateUsage)0, - timeboundary , NULL, NULL, NULL); - if (status == SECSuccess) { - break; + /* JL: OpenOffice.org implements its own certificate verification routine. + The goal is to seperate validation of the signature + and the certificate. For example, OOo could show that the document signature is valid, + but the certificate could not be verified. If we do not prevent the verification of + the certificate by libxmlsec and the verification fails, then the XML signature may not be + verified. This would happen, for example, if the root certificate is not installed. + + In the store schould only be the certificate from the X509Certificate element + and the X509IssuerSerial element. The latter is only there + if the certificate is installed. Both certificates must be the same! + In case of writing the signature, the store contains only the certificate that + was created based on the information from the X509IssuerSerial element. */ + status = SECSuccess; + break; +/* status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), + cert, PR_FALSE, + (SECCertificateUsage)0, + timeboundary , NULL, NULL, NULL); + if (status == SECSuccess) { + break; + } */ } - } - if (status == SECSuccess) { + if (status == SECSuccess) { return (cert); - } - - switch(PORT_GetError()) { + } + + switch(PORT_GetError()) { case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: case SEC_ERROR_CA_CERT_INVALID: case SEC_ERROR_UNKNOWN_SIGNER: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, - "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", - cert->subjectName); - break; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + NULL, + XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, + "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", + cert->subjectName); + break; case SEC_ERROR_EXPIRED_CERTIFICATE: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, - "cert with subject name %s has expired", - cert->subjectName); - break; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + NULL, + XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, + "cert with subject name %s has expired", + cert->subjectName); + break; case SEC_ERROR_REVOKED_CERTIFICATE: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_REVOKED, - "cert with subject name %s has been revoked", - cert->subjectName); - break; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + NULL, + XMLSEC_ERRORS_R_CERT_REVOKED, + "cert with subject name %s has been revoked", + cert->subjectName); + break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - "cert with subject name %s could not be verified", - cert->subjectName); - break; - } + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + NULL, + XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + "cert with subject name %s could not be verified, errcode %d", + cert->subjectName, + PORT_GetError()); + break; + } - return (NULL); + return (NULL); } /** * xmlSecNssX509StoreAdoptCert: - * @store: the pointer to X509 key data store klass. - * @cert: the pointer to NSS X509 certificate. - * @type: the certificate type (trusted/untrusted). + * @store: the pointer to X509 key data store klass. + * @cert: the pointer to NSS X509 certificate. + * @type: the certificate type (trusted/untrusted). * * Adds trusted (root) or untrusted certificate to the store. * @@ -265,67 +275,67 @@ */ int xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { - xmlSecNssX509StoreCtxPtr ctx; - int ret; + xmlSecNssX509StoreCtxPtr ctx; + int ret; - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); - xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); + xmlSecAssert2(cert != NULL, -1); - ctx = xmlSecNssX509StoreGetCtx(store); - xmlSecAssert2(ctx != NULL, -1); + ctx = xmlSecNssX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); - if(ctx->certsList == NULL) { - ctx->certsList = CERT_NewCertList(); - if(ctx->certsList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CERT_NewCertList", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - - ret = CERT_AddCertToListTail(ctx->certsList, cert); - if(ret != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CERT_AddCertToListTail", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + if(ctx->certsList == NULL) { + ctx->certsList = CERT_NewCertList(); + if(ctx->certsList == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CERT_NewCertList", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code=%d", PORT_GetError()); + return(-1); + } + } - return(0); + ret = CERT_AddCertToListTail(ctx->certsList, cert); + if(ret != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CERT_AddCertToListTail", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code=%d", PORT_GetError()); + return(-1); + } + + return(0); } static int xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { - xmlSecNssX509StoreCtxPtr ctx; - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); + xmlSecNssX509StoreCtxPtr ctx; + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); - ctx = xmlSecNssX509StoreGetCtx(store); - xmlSecAssert2(ctx != NULL, -1); + ctx = xmlSecNssX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); - memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); + memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); - return(0); + return(0); } static void xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { - xmlSecNssX509StoreCtxPtr ctx; - xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); + xmlSecNssX509StoreCtxPtr ctx; + xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); - ctx = xmlSecNssX509StoreGetCtx(store); - xmlSecAssert(ctx != NULL); - - if (ctx->certsList) { + ctx = xmlSecNssX509StoreGetCtx(store); + xmlSecAssert(ctx != NULL); + + if (ctx->certsList) { CERT_DestroyCertList(ctx->certsList); ctx->certsList = NULL; - } + } - memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); + memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); } @@ -340,376 +350,213 @@ */ static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, - xmlChar *issuerSerial, xmlChar *ski) { - CERTCertificate *cert = NULL; - xmlChar *p = NULL; - CERTName *name = NULL; - SECItem *nameitem = NULL; - PRArenaPool *arena = NULL; - - if (subjectName != NULL) { - p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); - if (p == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "subject=%s", - xmlSecErrorsSafeString(subjectName)); - goto done; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - name = CERT_AsciiToName((char*)p); - if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_AsciiToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, - SEC_ASN1_GET(CERT_NameTemplate)); - if (nameitem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_ASN1EncodeItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); - goto done; - } - - if((issuerName != NULL) && (issuerSerial != NULL)) { - CERTIssuerAndSN issuerAndSN; - - p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); - if (p == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "issuer=%s", - xmlSecErrorsSafeString(issuerName)); - goto done; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - name = CERT_AsciiToName((char*)p); - if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_AsciiToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, - SEC_ASN1_GET(CERT_NameTemplate)); - if (nameitem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_ASN1EncodeItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - memset(&issuerAndSN, 0, sizeof(issuerAndSN)); + xmlChar *issuerSerial, xmlChar *ski) { + CERTCertificate *cert = NULL; + CERTName *name = NULL; + SECItem *nameitem = NULL; + PRArenaPool *arena = NULL; + + if (subjectName != NULL) { + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PORT_NewArena", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code=%d", PORT_GetError()); + goto done; + } - issuerAndSN.derIssuer.data = nameitem->data; - issuerAndSN.derIssuer.len = nameitem->len; + name = CERT_AsciiToName((char*)subjectName); + if (name == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CERT_AsciiToName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "error code=%d", PORT_GetError()); + goto done; + } - /* TBD: serial num can be arbitrarily long */ - xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); + nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, + SEC_ASN1_GET(CERT_NameTemplate)); + if (nameitem == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "SEC_ASN1EncodeItem", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "error code=%d", PORT_GetError()); + goto done; + } - cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), - &issuerAndSN); - SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); - goto done; - } - - if(ski != NULL) { - SECItem subjKeyID; - int len; - - len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); - if(len < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ski=%s", - xmlSecErrorsSafeString(ski)); - goto done; - } - - memset(&subjKeyID, 0, sizeof(subjKeyID)); - subjKeyID.data = ski; - subjKeyID.len = xmlStrlen(ski); - cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), - &subjKeyID); - } + cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); + goto done; + } -done: - if (p != NULL) { - PORT_Free(p); - } - if (arena != NULL) { - PORT_FreeArena(arena, PR_FALSE); - } - if (name != NULL) { - CERT_DestroyName(name); - } + if((issuerName != NULL) && (issuerSerial != NULL)) { + CERTIssuerAndSN issuerAndSN; - return(cert); -} + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PORT_NewArena", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code=%d", PORT_GetError()); + goto done; + } -/** - * xmlSecNssX509NameRead: - */ -static xmlSecByte * -xmlSecNssX509NameRead(xmlSecByte *str, int len) { - xmlSecByte name[256]; - xmlSecByte value[256]; - xmlSecByte *retval = NULL; - xmlSecByte *p = NULL; - int nameLen, valueLen; - - xmlSecAssert2(str != NULL, NULL); - - /* return string should be no longer than input string */ - retval = (xmlSecByte *)PORT_Alloc(len+1); - if(retval == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_Alloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - p = retval; - - while(len > 0) { - /* skip spaces after comma or semicolon */ - while((len > 0) && isspace(*str)) { - ++str; --len; - } - - nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); - if(nameLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - memcpy(p, name, nameLen); - p+=nameLen; - *p++='='; - if(len > 0) { - ++str; --len; - if((*str) == '\"') { - valueLen = xmlSecNssX509NameStringRead(&str, &len, - value, sizeof(value), '"', 1); - if(valueLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, + name = CERT_AsciiToName((char*)issuerName); + if (name == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "xmlSecNssX509NameStringRead", + "CERT_AsciiToName", XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - /* skip spaces before comma or semicolon */ - while((len > 0) && isspace(*str)) { - ++str; --len; + "error code=%d", PORT_GetError()); + goto done; } - if((len > 0) && ((*str) != ',')) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "comma is expected"); - goto done; - } - if(len > 0) { - ++str; --len; + + nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, + SEC_ASN1_GET(CERT_NameTemplate)); + if (nameitem == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "SEC_ASN1EncodeItem", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "error code=%d", PORT_GetError()); + goto done; } - *p++='\"'; - memcpy(p, value, valueLen); - p+=valueLen; - *p++='\"'; - } else if((*str) == '#') { - /* TODO: read octect values */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "reading octect values is not implemented yet"); - goto done; - } else { - valueLen = xmlSecNssX509NameStringRead(&str, &len, - value, sizeof(value), ',', 1); - if(valueLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, + + memset(&issuerAndSN, 0, sizeof(issuerAndSN)); + + issuerAndSN.derIssuer.data = nameitem->data; + issuerAndSN.derIssuer.len = nameitem->len; + + if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "xmlSecNssX509NameStringRead", + "xmlSecNssIntegerToItem", XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - memcpy(p, value, valueLen); - p+=valueLen; - if (len > 0) - *p++=','; - } - } else { - valueLen = 0; + "serial number=%s", + xmlSecErrorsSafeString(issuerSerial)); + goto done; + } + + cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), + &issuerAndSN); + SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); + goto done; + } + + if(ski != NULL) { + SECItem subjKeyID; + int len; + + len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); + if(len < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBase64Decode", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "ski=%s", + xmlSecErrorsSafeString(ski)); + goto done; + } + + memset(&subjKeyID, 0, sizeof(subjKeyID)); + subjKeyID.data = ski; + subjKeyID.len = xmlStrlen(ski); + cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), + &subjKeyID); } - if(len > 0) { - ++str; --len; - } - } - - *p = 0; - return(retval); - + done: - PORT_Free(retval); - return (NULL); + if (arena != NULL) { + PORT_FreeArena(arena, PR_FALSE); + } + if (name != NULL) { + CERT_DestroyName(name); + } + + return(cert); } +static int +xmlSecNssIntegerToItem( + const xmlChar* integer , + SECItem *item +) { + xmlSecBn bn ; + xmlSecSize i, length ; + const xmlSecByte* bnInteger ; + xmlSecAssert2( integer != NULL, -1 ) ; + xmlSecAssert2( item != NULL, -1 ) ; -/** - * xmlSecNssX509NameStringRead: - */ -static int -xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, - xmlSecByte *res, int resLen, - xmlSecByte delim, int ingoreTrailingSpaces) { - xmlSecByte *p, *q, *nonSpace; - - xmlSecAssert2(str != NULL, -1); - xmlSecAssert2(strLen != NULL, -1); - xmlSecAssert2(res != NULL, -1); - - p = (*str); - nonSpace = q = res; - while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { - if((*p) != '\\') { - if(ingoreTrailingSpaces && !isspace(*p)) { - nonSpace = q; - } - *(q++) = *(p++); - } else { - ++p; - nonSpace = q; - if(xmlSecIsHex((*p))) { - if((p - (*str) + 1) >= (*strLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "two hex digits expected"); - return(-1); - } - *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); - p += 2; - } else { - if(((++p) - (*str)) >= (*strLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "escaped symbol missed"); - return(-1); - } - *(q++) = *(p++); - } - } - } - if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "buffer is too small"); - return(-1); - } - (*strLen) -= (p - (*str)); - (*str) = p; - return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); -} + if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnInitialize", + XMLSEC_ERRORS_R_INVALID_DATA, + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } -/* code lifted from NSS */ -static void -xmlSecNssNumToItem(SECItem *it, unsigned long ui) -{ - unsigned char bb[5]; - int len; - - bb[0] = 0; - bb[1] = (unsigned char) (ui >> 24); - bb[2] = (unsigned char) (ui >> 16); - bb[3] = (unsigned char) (ui >> 8); - bb[4] = (unsigned char) (ui); - - /* - ** Small integers are encoded in a single byte. Larger integers - ** require progressively more space. - */ - if (ui > 0x7f) { - if (ui > 0x7fff) { - if (ui > 0x7fffffL) { - if (ui >= 0x80000000L) { - len = 5; - } else { - len = 4; - } - } else { - len = 3; - } - } else { - len = 2; - } - } else { - len = 1; - } - - it->data = (unsigned char *)PORT_Alloc(len); - if (it->data == NULL) { - return; - } + if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnFromDecString", + XMLSEC_ERRORS_R_INVALID_DATA, + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecBnFinalize( &bn ) ; + return -1 ; + } + + length = xmlSecBnGetSize( &bn ) ; + if( length <= 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnGetSize", + XMLSEC_ERRORS_R_INVALID_DATA, + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecBnFinalize( &bn ) ; + return -1 ; + } + + bnInteger = xmlSecBnGetData( &bn ) ; + if( bnInteger == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnGetData", + XMLSEC_ERRORS_R_INVALID_DATA, + XMLSEC_ERRORS_NO_MESSAGE ) ; - it->len = len; - PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); + xmlSecBnFinalize( &bn ) ; + return -1 ; + } + + item->data = ( unsigned char * )PORT_Alloc( length ); + if( item->data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + NULL, + "PORT_Alloc", + XMLSEC_ERRORS_R_INVALID_DATA, + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecBnFinalize( &bn ) ; + return -1 ; + } + + item->len = length; + + for( i = 0 ; i < length ; i ++ ) + item->data[i] = *( bnInteger + i ) ; + + xmlSecBnFinalize( &bn ) ; + + return 0 ; } -#endif /* XMLSEC_NO_X509 */ +#endif /* XMLSEC_NO_X509 */ --- misc/xmlsec1-1.2.6/win32/Makefile.msvc 2004-06-09 16:35:12.000000000 +0200 +++ misc/build/xmlsec1-1.2.6/win32/Makefile.msvc 2008-06-29 23:44:19.000000000 +0200 @@ -223,6 +223,10 @@ $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj XMLSEC_NSS_OBJS = \ + $(XMLSEC_NSS_INTDIR)\akmngr.obj\ + $(XMLSEC_NSS_INTDIR)\keytrans.obj\ + $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ + $(XMLSEC_NSS_INTDIR)\tokens.obj\ $(XMLSEC_NSS_INTDIR)\app.obj\ $(XMLSEC_NSS_INTDIR)\bignum.obj\ $(XMLSEC_NSS_INTDIR)\ciphers.obj \ @@ -235,9 +239,6 @@ $(XMLSEC_NSS_INTDIR)\x509.obj\ $(XMLSEC_NSS_INTDIR)\x509vfy.obj\ $(XMLSEC_NSS_INTDIR)\keysstore.obj\ - $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\ - $(XMLSEC_NSS_INTDIR)\kw_des.obj\ - $(XMLSEC_NSS_INTDIR)\kw_aes.obj\ $(XMLSEC_NSS_INTDIR)\strings.obj XMLSEC_NSS_OBJS_A = \ $(XMLSEC_NSS_INTDIR_A)\app.obj\ @@ -258,6 +259,7 @@ $(XMLSEC_NSS_INTDIR_A)\strings.obj XMLSEC_MSCRYPTO_OBJS = \ + $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ @@ -376,7 +378,7 @@ XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib -XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib +XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib