Bump for 4.0-15
[LibreOffice.git] / libxmlsec / xmlsec1-nssmangleciphers.patch
blob96f5049f68ae68b7a768638c1bee3eeb86e88eb5
1 --- misc/xmlsec1-1.2.14/src/nss/ciphers.c 2009-09-10 05:16:27.000000000 -0400
2 +++ misc/build/xmlsec1-1.2.14/src/nss/ciphers.c 2009-09-10 06:59:39.000000000 -0400
3 @@ -11,180 +11,421 @@
5 #include <string.h>
7 -#include <nspr.h>
8 #include <nss.h>
9 -#include <secoid.h>
10 #include <pk11func.h>
12 #include <xmlsec/xmlsec.h>
13 +#include <xmlsec/xmltree.h>
14 +#include <xmlsec/base64.h>
15 #include <xmlsec/keys.h>
16 #include <xmlsec/transforms.h>
17 #include <xmlsec/errors.h>
19 #include <xmlsec/nss/crypto.h>
21 -#define XMLSEC_NSS_MAX_KEY_SIZE 32
22 -#define XMLSEC_NSS_MAX_IV_SIZE 32
23 -#define XMLSEC_NSS_MAX_BLOCK_SIZE 32
24 +#include <xmlsec/nss/ciphers.h>
26 /**************************************************************************
28 - * Internal Nss Block cipher CTX
29 + * Internal Nss Block Cipher Context
30 + * This context is designed for repositing a block cipher for transform
32 *****************************************************************************/
33 -typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
34 - *xmlSecNssBlockCipherCtxPtr;
35 +typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ;
36 +typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ;
38 struct _xmlSecNssBlockCipherCtx {
39 CK_MECHANISM_TYPE cipher;
40 + PK11SymKey* symkey ;
41 PK11Context* cipherCtx;
42 xmlSecKeyDataId keyId;
43 - int keyInitialized;
44 - int ctxInitialized;
45 - xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
46 - xmlSecSize keySize;
47 - xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
48 - xmlSecSize ivSize;
50 -static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
51 - xmlSecBufferPtr in,
52 - xmlSecBufferPtr out,
53 - int encrypt,
54 - const xmlChar* cipherName,
55 - xmlSecTransformCtxPtr transformCtx);
56 -static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
57 - xmlSecBufferPtr in,
58 - xmlSecBufferPtr out,
59 - int encrypt,
60 - const xmlChar* cipherName,
61 - xmlSecTransformCtxPtr transformCtx);
62 -static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
63 - xmlSecBufferPtr in,
64 - xmlSecBufferPtr out,
65 - int encrypt,
66 - const xmlChar* cipherName,
67 - xmlSecTransformCtxPtr transformCtx);
69 +#define xmlSecNssBlockCipherSize \
70 + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) )
72 +#define xmlSecNssBlockCipherGetCtx( transform ) \
73 + ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
75 +static int
76 +xmlSecNssBlockCipherCheckId(
77 + xmlSecTransformPtr transform
78 +) {
79 + #ifndef XMLSEC_NO_DES
80 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) {
81 + return 1 ;
82 + }
83 + #endif /* XMLSEC_NO_DES */
85 + #ifndef XMLSEC_NO_AES
86 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) ||
87 + xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) ||
88 + xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) {
90 + return 1 ;
91 + }
92 + #endif /* XMLSEC_NO_AES */
94 + return 0 ;
97 +static int
98 +xmlSecNssBlockCipherFetchCtx(
99 + xmlSecNssBlockCipherCtxPtr context ,
100 + xmlSecTransformId id
101 +) {
102 + xmlSecAssert2( context != NULL, -1 ) ;
104 + #ifndef XMLSEC_NO_DES
105 + if( id == xmlSecNssTransformDes3CbcId ) {
106 + context->cipher = CKM_DES3_CBC ;
107 + context->keyId = xmlSecNssKeyDataDesId ;
108 + } else
109 + #endif /* XMLSEC_NO_DES */
111 + #ifndef XMLSEC_NO_AES
112 + if( id == xmlSecNssTransformAes128CbcId ) {
113 + context->cipher = CKM_AES_CBC ;
114 + context->keyId = xmlSecNssKeyDataAesId ;
115 + } else
116 + if( id == xmlSecNssTransformAes192CbcId ) {
117 + context->cipher = CKM_AES_CBC ;
118 + context->keyId = xmlSecNssKeyDataAesId ;
119 + } else
120 + if( id == xmlSecNssTransformAes256CbcId ) {
121 + context->cipher = CKM_AES_CBC ;
122 + context->keyId = xmlSecNssKeyDataAesId ;
123 + } else
124 + #endif /* XMLSEC_NO_AES */
126 + if( 1 ) {
127 + xmlSecError( XMLSEC_ERRORS_HERE ,
128 + NULL ,
129 + NULL ,
130 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
131 + XMLSEC_ERRORS_NO_MESSAGE ) ;
132 + return -1 ;
135 + return 0 ;
138 +/**
139 + * xmlSecTransformInitializeMethod:
140 + * @transform: the pointer to transform object.
142 + * The transform specific initialization method.
144 + * Returns 0 on success or a negative value otherwise.
145 + */
146 +static int
147 +xmlSecNssBlockCipherInitialize(
148 + xmlSecTransformPtr transform
149 +) {
150 + xmlSecNssBlockCipherCtxPtr context = NULL ;
152 + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
153 + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
155 + context = xmlSecNssBlockCipherGetCtx( transform ) ;
156 + if( context == NULL ) {
157 + xmlSecError( XMLSEC_ERRORS_HERE ,
158 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
159 + "xmlSecNssBlockCipherGetCtx" ,
160 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
161 + XMLSEC_ERRORS_NO_MESSAGE ) ;
162 + return -1 ;
165 + if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) {
166 + xmlSecError( XMLSEC_ERRORS_HERE ,
167 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
168 + "xmlSecNssBlockCipherFetchCtx" ,
169 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
170 + XMLSEC_ERRORS_NO_MESSAGE ) ;
171 + return -1 ;
174 + context->symkey = NULL ;
175 + context->cipherCtx = NULL ;
177 + return 0 ;
180 +/**
181 + * xmlSecTransformFinalizeMethod:
182 + * @transform: the pointer to transform object.
184 + * The transform specific destroy method.
185 + */
186 +static void
187 +xmlSecNssBlockCipherFinalize(
188 + xmlSecTransformPtr transform
189 +) {
190 + xmlSecNssBlockCipherCtxPtr context = NULL ;
192 + xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ;
193 + xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ;
195 + context = xmlSecNssBlockCipherGetCtx( transform ) ;
196 + if( context == NULL ) {
197 + xmlSecError( XMLSEC_ERRORS_HERE ,
198 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
199 + "xmlSecNssBlockCipherGetCtx" ,
200 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
201 + XMLSEC_ERRORS_NO_MESSAGE ) ;
202 + return ;
205 + if( context->cipherCtx != NULL ) {
206 + PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ;
207 + context->cipherCtx = NULL ;
210 + if( context->symkey != NULL ) {
211 + PK11_FreeSymKey( context->symkey ) ;
212 + context->symkey = NULL ;
215 + context->cipher = CKM_INVALID_MECHANISM ;
216 + context->keyId = NULL ;
219 +/**
220 + * xmlSecTransformSetKeyRequirementsMethod:
221 + * @transform: the pointer to transform object.
222 + * @keyReq: the pointer to key requirements structure.
224 + * Transform specific method to set transform's key requirements.
225 + *
226 + * Returns 0 on success or a negative value otherwise.
227 + */
228 +static int
229 +xmlSecNssBlockCipherSetKeyReq(
230 + xmlSecTransformPtr transform ,
231 + xmlSecKeyReqPtr keyReq
232 +) {
233 + xmlSecNssBlockCipherCtxPtr context = NULL ;
234 + xmlSecSize cipherSize = 0 ;
236 + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
237 + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
238 + xmlSecAssert2( keyReq != NULL , -1 ) ;
239 + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
241 + context = xmlSecNssBlockCipherGetCtx( transform ) ;
242 + if( context == NULL ) {
243 + xmlSecError( XMLSEC_ERRORS_HERE ,
244 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
245 + "xmlSecNssBlockCipherGetCtx" ,
246 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
247 + XMLSEC_ERRORS_NO_MESSAGE ) ;
248 + return -1 ;
251 + keyReq->keyId = context->keyId ;
252 + keyReq->keyType = xmlSecKeyDataTypeSymmetric ;
254 + if( transform->operation == xmlSecTransformOperationEncrypt ) {
255 + keyReq->keyUsage = xmlSecKeyUsageEncrypt ;
256 + } else {
257 + keyReq->keyUsage = xmlSecKeyUsageDecrypt ;
260 + /*
261 + if( context->symkey != NULL )
262 + cipherSize = PK11_GetKeyLength( context->symkey ) ;
264 + keyReq->keyBitsSize = cipherSize * 8 ;
265 + */
267 + return 0 ;
270 +/**
271 + * xmlSecTransformSetKeyMethod:
272 + * @transform: the pointer to transform object.
273 + * @key: the pointer to key.
275 + * The transform specific method to set the key for use.
276 + *
277 + * Returns 0 on success or a negative value otherwise.
278 + */
279 +static int
280 +xmlSecNssBlockCipherSetKey(
281 + xmlSecTransformPtr transform ,
282 + xmlSecKeyPtr key
283 +) {
284 + xmlSecNssBlockCipherCtxPtr context = NULL ;
285 + xmlSecKeyDataPtr keyData = NULL ;
286 + PK11SymKey* symkey = NULL ;
287 + CK_ATTRIBUTE_TYPE operation ;
288 + int ivLen ;
290 + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
291 + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
292 + xmlSecAssert2( key != NULL , -1 ) ;
293 + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
295 + context = xmlSecNssBlockCipherGetCtx( transform ) ;
296 + if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
297 + xmlSecError( XMLSEC_ERRORS_HERE ,
298 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
299 + "xmlSecNssBlockCipherGetCtx" ,
300 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
301 + XMLSEC_ERRORS_NO_MESSAGE ) ;
302 + return -1 ;
304 + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
306 + keyData = xmlSecKeyGetValue( key ) ;
307 + if( keyData == NULL ) {
308 + xmlSecError( XMLSEC_ERRORS_HERE ,
309 + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
310 + "xmlSecKeyGetValue" ,
311 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
312 + XMLSEC_ERRORS_NO_MESSAGE ) ;
313 + return -1 ;
316 + if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
317 + xmlSecError( XMLSEC_ERRORS_HERE ,
318 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
319 + "xmlSecNssSymKeyDataGetKey" ,
320 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
321 + XMLSEC_ERRORS_NO_MESSAGE ) ;
322 + return -1 ;
325 + context->symkey = symkey ;
327 + return 0 ;
330 static int
331 xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
332 xmlSecBufferPtr in, xmlSecBufferPtr out,
333 int encrypt,
334 const xmlChar* cipherName,
335 xmlSecTransformCtxPtr transformCtx) {
336 - SECItem keyItem;
337 SECItem ivItem;
338 - PK11SlotInfo* slot;
339 - PK11SymKey* symKey;
340 + SECItem* secParam = NULL ;
341 + xmlSecBufferPtr ivBuf = NULL ;
342 int ivLen;
343 - SECStatus rv;
344 - int ret;
346 xmlSecAssert2(ctx != NULL, -1);
347 - xmlSecAssert2(ctx->cipher != 0, -1);
348 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
349 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
350 xmlSecAssert2(ctx->cipherCtx == NULL, -1);
351 - xmlSecAssert2(ctx->keyInitialized != 0, -1);
352 - xmlSecAssert2(ctx->ctxInitialized == 0, -1);
353 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
354 xmlSecAssert2(in != NULL, -1);
355 xmlSecAssert2(out != NULL, -1);
356 xmlSecAssert2(transformCtx != NULL, -1);
358 ivLen = PK11_GetIVLength(ctx->cipher);
359 - xmlSecAssert2(ivLen > 0, -1);
360 - xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
361 + if( ivLen < 0 ) {
362 + xmlSecError( XMLSEC_ERRORS_HERE ,
363 + NULL ,
364 + "PK11_GetIVLength" ,
365 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
366 + XMLSEC_ERRORS_NO_MESSAGE ) ;
367 + return -1 ;
370 + if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) {
371 + xmlSecError( XMLSEC_ERRORS_HERE ,
372 + NULL ,
373 + "xmlSecBufferCreate" ,
374 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
375 + XMLSEC_ERRORS_NO_MESSAGE ) ;
376 + return -1 ;
379 if(encrypt) {
380 - /* generate random iv */
381 - rv = PK11_GenerateRandom(ctx->iv, ivLen);
382 - if(rv != SECSuccess) {
383 + if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) {
384 xmlSecError(XMLSEC_ERRORS_HERE,
385 xmlSecErrorsSafeString(cipherName),
386 "PK11_GenerateRandom",
387 XMLSEC_ERRORS_R_CRYPTO_FAILED,
388 - "size=%d", ivLen);
389 + XMLSEC_ERRORS_NO_MESSAGE);
390 + xmlSecBufferDestroy( ivBuf ) ;
391 return(-1);
393 + if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) {
394 + xmlSecError( XMLSEC_ERRORS_HERE ,
395 + NULL ,
396 + "xmlSecBufferSetSize" ,
397 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
398 + XMLSEC_ERRORS_NO_MESSAGE ) ;
399 + xmlSecBufferDestroy( ivBuf ) ;
400 + return -1 ;
403 - /* write iv to the output */
404 - ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
405 - if(ret < 0) {
406 + if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) {
407 xmlSecError(XMLSEC_ERRORS_HERE,
408 xmlSecErrorsSafeString(cipherName),
409 "xmlSecBufferAppend",
410 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
411 - "size=%d", ivLen);
412 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
413 + XMLSEC_ERRORS_NO_MESSAGE);
414 + xmlSecBufferDestroy( ivBuf ) ;
415 return(-1);
418 } else {
419 - /* if we don't have enough data, exit and hope that
420 - * we'll have iv next time */
421 - if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
422 - return(0);
425 - /* copy iv to our buffer*/
426 - xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
427 - memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
429 - /* and remove from input */
430 - ret = xmlSecBufferRemoveHead(in, ivLen);
431 - if(ret < 0) {
432 + if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) {
433 xmlSecError(XMLSEC_ERRORS_HERE,
434 xmlSecErrorsSafeString(cipherName),
435 - "xmlSecBufferRemoveHead",
436 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
437 - "size=%d", ivLen);
438 + "xmlSecBufferSetData",
439 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
440 + XMLSEC_ERRORS_NO_MESSAGE);
441 + xmlSecBufferDestroy( ivBuf ) ;
442 return(-1);
446 - memset(&keyItem, 0, sizeof(keyItem));
447 - keyItem.data = ctx->key;
448 - keyItem.len = ctx->keySize;
449 - memset(&ivItem, 0, sizeof(ivItem));
450 - ivItem.data = ctx->iv;
451 - ivItem.len = ctx->ivSize;
453 - slot = PK11_GetBestSlot(ctx->cipher, NULL);
454 - if(slot == NULL) {
455 + if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) {
456 xmlSecError(XMLSEC_ERRORS_HERE,
457 xmlSecErrorsSafeString(cipherName),
458 - "PK11_GetBestSlot",
459 + "xmlSecBufferRemoveHead",
460 XMLSEC_ERRORS_R_CRYPTO_FAILED,
461 XMLSEC_ERRORS_NO_MESSAGE);
462 + xmlSecBufferDestroy( ivBuf ) ;
463 return(-1);
466 - symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
467 - CKA_SIGN, &keyItem, NULL);
468 - if(symKey == NULL) {
469 + ivItem.data = xmlSecBufferGetData( ivBuf ) ;
470 + ivItem.len = xmlSecBufferGetSize( ivBuf ) ;
471 + if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
472 xmlSecError(XMLSEC_ERRORS_HERE,
473 xmlSecErrorsSafeString(cipherName),
474 - "PK11_ImportSymKey",
475 + "PK11_ParamFromIV",
476 XMLSEC_ERRORS_R_CRYPTO_FAILED,
477 XMLSEC_ERRORS_NO_MESSAGE);
478 - PK11_FreeSlot(slot);
479 + xmlSecBufferDestroy( ivBuf ) ;
480 return(-1);
483 ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
484 (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
485 - symKey, &ivItem);
486 + ctx->symkey, secParam);
487 if(ctx->cipherCtx == NULL) {
488 xmlSecError(XMLSEC_ERRORS_HERE,
489 xmlSecErrorsSafeString(cipherName),
490 - "PK11_CreateContextBySymKey",
491 + "xmlSecBufferRemoveHead",
492 XMLSEC_ERRORS_R_CRYPTO_FAILED,
493 XMLSEC_ERRORS_NO_MESSAGE);
494 - PK11_FreeSymKey(symKey);
495 - PK11_FreeSlot(slot);
496 + SECITEM_FreeItem( secParam , PR_TRUE ) ;
497 + xmlSecBufferDestroy( ivBuf ) ;
498 return(-1);
501 - ctx->ctxInitialized = 1;
502 - PK11_FreeSymKey(symKey);
503 - PK11_FreeSlot(slot);
504 + SECITEM_FreeItem( secParam , PR_TRUE ) ;
505 + xmlSecBufferDestroy( ivBuf ) ;
506 return(0);
509 +/**
510 + * Block cipher transform update
511 + */
512 static int
513 xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
514 xmlSecBufferPtr in, xmlSecBufferPtr out,
515 @@ -192,54 +433,49 @@
516 const xmlChar* cipherName,
517 xmlSecTransformCtxPtr transformCtx) {
518 xmlSecSize inSize, inBlocks, outSize;
519 - int blockLen;
520 + int blockSize;
521 int outLen = 0;
522 xmlSecByte* outBuf;
523 - SECStatus rv;
524 - int ret;
526 xmlSecAssert2(ctx != NULL, -1);
527 - xmlSecAssert2(ctx->cipher != 0, -1);
528 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
529 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
530 xmlSecAssert2(ctx->cipherCtx != NULL, -1);
531 - xmlSecAssert2(ctx->ctxInitialized != 0, -1);
532 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
533 xmlSecAssert2(in != NULL, -1);
534 xmlSecAssert2(out != NULL, -1);
535 xmlSecAssert2(transformCtx != NULL, -1);
537 - blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
538 - xmlSecAssert2(blockLen > 0, -1);
539 + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
540 + xmlSecError( XMLSEC_ERRORS_HERE ,
541 + xmlSecErrorsSafeString( cipherName ) ,
542 + "PK11_GetBlockSize" ,
543 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
544 + XMLSEC_ERRORS_NO_MESSAGE ) ;
545 + return -1 ;
548 inSize = xmlSecBufferGetSize(in);
549 outSize = xmlSecBufferGetSize(out);
551 - if(inSize < (xmlSecSize)blockLen) {
552 - return(0);
554 + inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ;
555 + inSize = inBlocks * blockSize ;
557 + if( inSize < blockSize ) {
558 + return 0 ;
561 - if(encrypt) {
562 - inBlocks = inSize / ((xmlSecSize)blockLen);
563 - } else {
564 - /* we want to have the last block in the input buffer
565 - * for padding check */
566 - inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
568 - inSize = inBlocks * ((xmlSecSize)blockLen);
570 - /* we write out the input size plus may be one block */
571 - ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
572 - if(ret < 0) {
573 + if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
574 xmlSecError(XMLSEC_ERRORS_HERE,
575 xmlSecErrorsSafeString(cipherName),
576 "xmlSecBufferSetMaxSize",
577 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
578 - "size=%d", outSize + inSize + blockLen);
579 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
580 + XMLSEC_ERRORS_NO_MESSAGE);
581 return(-1);
583 outBuf = xmlSecBufferGetData(out) + outSize;
585 - rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
586 - xmlSecBufferGetData(in), inSize);
587 - if(rv != SECSuccess) {
588 + if(PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
589 xmlSecError(XMLSEC_ERRORS_HERE,
590 xmlSecErrorsSafeString(cipherName),
591 "PK11_CipherOp",
592 @@ -247,27 +483,22 @@
593 XMLSEC_ERRORS_NO_MESSAGE);
594 return(-1);
596 - xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
598 - /* set correct output buffer size */
599 - ret = xmlSecBufferSetSize(out, outSize + outLen);
600 - if(ret < 0) {
601 + if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
602 xmlSecError(XMLSEC_ERRORS_HERE,
603 xmlSecErrorsSafeString(cipherName),
604 "xmlSecBufferSetSize",
605 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
606 - "size=%d", outSize + outLen);
607 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
608 + XMLSEC_ERRORS_NO_MESSAGE);
609 return(-1);
612 - /* remove the processed block from input */
613 - ret = xmlSecBufferRemoveHead(in, inSize);
614 - if(ret < 0) {
615 + if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
616 xmlSecError(XMLSEC_ERRORS_HERE,
617 xmlSecErrorsSafeString(cipherName),
618 "xmlSecBufferRemoveHead",
619 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
620 - "size=%d", inSize);
621 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
622 + XMLSEC_ERRORS_NO_MESSAGE);
623 return(-1);
625 return(0);
626 @@ -281,81 +512,82 @@
627 const xmlChar* cipherName,
628 xmlSecTransformCtxPtr transformCtx) {
629 xmlSecSize inSize, outSize;
630 - int blockLen, outLen = 0;
631 + int blockSize, outLen = 0;
632 xmlSecByte* inBuf;
633 xmlSecByte* outBuf;
634 - SECStatus rv;
635 - int ret;
637 xmlSecAssert2(ctx != NULL, -1);
638 - xmlSecAssert2(ctx->cipher != 0, -1);
639 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
640 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
641 xmlSecAssert2(ctx->cipherCtx != NULL, -1);
642 - xmlSecAssert2(ctx->ctxInitialized != 0, -1);
643 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
644 xmlSecAssert2(in != NULL, -1);
645 xmlSecAssert2(out != NULL, -1);
646 xmlSecAssert2(transformCtx != NULL, -1);
648 - blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
649 - xmlSecAssert2(blockLen > 0, -1);
650 + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
651 + xmlSecError( XMLSEC_ERRORS_HERE ,
652 + xmlSecErrorsSafeString( cipherName ) ,
653 + "PK11_GetBlockSize" ,
654 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
655 + XMLSEC_ERRORS_NO_MESSAGE ) ;
656 + return -1 ;
659 inSize = xmlSecBufferGetSize(in);
660 outSize = xmlSecBufferGetSize(out);
662 + /******************************************************************/
663 if(encrypt != 0) {
664 - xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
665 + xmlSecAssert2( inSize < blockSize, -1 ) ;
667 /* create padding */
668 - ret = xmlSecBufferSetMaxSize(in, blockLen);
669 - if(ret < 0) {
670 + if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) {
671 xmlSecError(XMLSEC_ERRORS_HERE,
672 xmlSecErrorsSafeString(cipherName),
673 "xmlSecBufferSetMaxSize",
674 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
675 - "size=%d", blockLen);
676 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
677 + XMLSEC_ERRORS_NO_MESSAGE);
678 return(-1);
680 inBuf = xmlSecBufferGetData(in);
682 - /* generate random padding */
683 - if((xmlSecSize)blockLen > (inSize + 1)) {
684 - rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
685 - if(rv != SECSuccess) {
686 + /* generate random */
687 + if( blockSize > ( inSize + 1 ) ) {
688 + if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) {
689 xmlSecError(XMLSEC_ERRORS_HERE,
690 xmlSecErrorsSafeString(cipherName),
691 "PK11_GenerateRandom",
692 XMLSEC_ERRORS_R_CRYPTO_FAILED,
693 - "size=%d", blockLen - inSize - 1);
694 + XMLSEC_ERRORS_NO_MESSAGE);
695 return(-1);
698 - inBuf[blockLen - 1] = blockLen - inSize;
699 - inSize = blockLen;
700 + inBuf[blockSize-1] = blockSize - inSize ;
701 + inSize = blockSize ;
702 } else {
703 - if(inSize != (xmlSecSize)blockLen) {
704 + if( inSize != blockSize ) {
705 xmlSecError(XMLSEC_ERRORS_HERE,
706 xmlSecErrorsSafeString(cipherName),
707 NULL,
708 - XMLSEC_ERRORS_R_INVALID_DATA,
709 - "data=%d;block=%d", inSize, blockLen);
710 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
711 + XMLSEC_ERRORS_NO_MESSAGE);
712 return(-1);
716 - /* process last block */
717 - ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
718 - if(ret < 0) {
719 + /* process the last block */
720 + if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
721 xmlSecError(XMLSEC_ERRORS_HERE,
722 xmlSecErrorsSafeString(cipherName),
723 "xmlSecBufferSetMaxSize",
724 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
725 - "size=%d", outSize + 2 * blockLen);
726 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
727 + XMLSEC_ERRORS_NO_MESSAGE);
728 return(-1);
730 outBuf = xmlSecBufferGetData(out) + outSize;
732 - rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
733 - xmlSecBufferGetData(in), inSize);
734 - if(rv != SECSuccess) {
735 + if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
736 xmlSecError(XMLSEC_ERRORS_HERE,
737 xmlSecErrorsSafeString(cipherName),
738 "PK11_CipherOp",
739 @@ -363,300 +595,169 @@
740 XMLSEC_ERRORS_NO_MESSAGE);
741 return(-1);
743 - xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
745 if(encrypt == 0) {
746 /* check padding */
747 - if(outLen < outBuf[blockLen - 1]) {
748 + if( outLen < outBuf[blockSize-1] ) {
749 xmlSecError(XMLSEC_ERRORS_HERE,
750 xmlSecErrorsSafeString(cipherName),
751 NULL,
752 - XMLSEC_ERRORS_R_INVALID_DATA,
753 - "padding=%d;buffer=%d",
754 - outBuf[blockLen - 1], outLen);
755 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
756 + XMLSEC_ERRORS_NO_MESSAGE);
757 return(-1);
759 - outLen -= outBuf[blockLen - 1];
760 + outLen -= outBuf[blockSize-1] ;
763 - /* set correct output buffer size */
764 - ret = xmlSecBufferSetSize(out, outSize + outLen);
765 - if(ret < 0) {
766 - xmlSecError(XMLSEC_ERRORS_HERE,
767 - xmlSecErrorsSafeString(cipherName),
768 - "xmlSecBufferSetSize",
769 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
770 - "size=%d", outSize + outLen);
771 - return(-1);
773 + /******************************************************************/
775 - /* remove the processed block from input */
776 - ret = xmlSecBufferRemoveHead(in, inSize);
777 - if(ret < 0) {
778 + /******************************************************************
779 + if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) {
780 xmlSecError(XMLSEC_ERRORS_HERE,
781 xmlSecErrorsSafeString(cipherName),
782 - "xmlSecBufferRemoveHead",
783 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
784 - "size=%d", inSize);
785 - return(-1);
788 - return(0);
792 -/******************************************************************************
794 - * EVP Block Cipher transforms
796 - * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
797 - *
798 - *****************************************************************************/
799 -#define xmlSecNssBlockCipherSize \
800 - (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
801 -#define xmlSecNssBlockCipherGetCtx(transform) \
802 - ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
804 -static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
805 -static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
806 -static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
807 - xmlSecKeyReqPtr keyReq);
808 -static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
809 - xmlSecKeyPtr key);
810 -static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
811 - int last,
812 - xmlSecTransformCtxPtr transformCtx);
813 -static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
817 -static int
818 -xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
819 -#ifndef XMLSEC_NO_DES
820 - if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
821 - return(1);
823 -#endif /* XMLSEC_NO_DES */
825 -#ifndef XMLSEC_NO_AES
826 - if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
827 - xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
828 - xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
830 - return(1);
832 -#endif /* XMLSEC_NO_AES */
834 - return(0);
837 -static int
838 -xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
839 - xmlSecNssBlockCipherCtxPtr ctx;
841 - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
842 - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
844 - ctx = xmlSecNssBlockCipherGetCtx(transform);
845 - xmlSecAssert2(ctx != NULL, -1);
847 - memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
849 -#ifndef XMLSEC_NO_DES
850 - if(transform->id == xmlSecNssTransformDes3CbcId) {
851 - ctx->cipher = CKM_DES3_CBC;
852 - ctx->keyId = xmlSecNssKeyDataDesId;
853 - ctx->keySize = 24;
854 - } else
855 -#endif /* XMLSEC_NO_DES */
857 -#ifndef XMLSEC_NO_AES
858 - if(transform->id == xmlSecNssTransformAes128CbcId) {
859 - ctx->cipher = CKM_AES_CBC;
860 - ctx->keyId = xmlSecNssKeyDataAesId;
861 - ctx->keySize = 16;
862 - } else if(transform->id == xmlSecNssTransformAes192CbcId) {
863 - ctx->cipher = CKM_AES_CBC;
864 - ctx->keyId = xmlSecNssKeyDataAesId;
865 - ctx->keySize = 24;
866 - } else if(transform->id == xmlSecNssTransformAes256CbcId) {
867 - ctx->cipher = CKM_AES_CBC;
868 - ctx->keyId = xmlSecNssKeyDataAesId;
869 - ctx->keySize = 32;
870 - } else
871 -#endif /* XMLSEC_NO_AES */
873 - if(1) {
874 - xmlSecError(XMLSEC_ERRORS_HERE,
875 - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
876 - NULL,
877 - XMLSEC_ERRORS_R_INVALID_TRANSFORM,
878 + "xmlSecBufferSetMaxSize",
879 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
880 XMLSEC_ERRORS_NO_MESSAGE);
881 return(-1);
882 - }
884 - return(0);
887 -static void
888 -xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
889 - xmlSecNssBlockCipherCtxPtr ctx;
891 - xmlSecAssert(xmlSecNssBlockCipherCheckId(transform));
892 - xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize));
894 - ctx = xmlSecNssBlockCipherGetCtx(transform);
895 - xmlSecAssert(ctx != NULL);
897 - if(ctx->cipherCtx != NULL) {
898 - PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
901 - memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
904 -static int
905 -xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
906 - xmlSecNssBlockCipherCtxPtr ctx;
908 - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
909 - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
910 - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
911 - xmlSecAssert2(keyReq != NULL, -1);
913 - ctx = xmlSecNssBlockCipherGetCtx(transform);
914 - xmlSecAssert2(ctx != NULL, -1);
915 - xmlSecAssert2(ctx->keyId != NULL, -1);
916 + outBuf = xmlSecBufferGetData( out ) + outSize ;
917 + if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) {
918 + xmlSecError( XMLSEC_ERRORS_HERE ,
919 + xmlSecErrorsSafeString( cipherName ) ,
920 + "PK11_DigestFinal" ,
921 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
922 + XMLSEC_ERRORS_NO_MESSAGE ) ;
923 + return -1 ;
925 + ******************************************************************/
927 + if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
928 + xmlSecError( XMLSEC_ERRORS_HERE ,
929 + xmlSecErrorsSafeString( cipherName ) ,
930 + "xmlSecBufferSetSize" ,
931 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
932 + XMLSEC_ERRORS_NO_MESSAGE ) ;
933 + return -1 ;
936 + if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
937 + xmlSecError( XMLSEC_ERRORS_HERE ,
938 + xmlSecErrorsSafeString( cipherName ) ,
939 + "xmlSecBufferRemoveHead" ,
940 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
941 + XMLSEC_ERRORS_NO_MESSAGE ) ;
942 + return -1 ;
945 +/* PK11_Finalize( ctx->cipherCtx ) ;*/
946 + PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
947 + ctx->cipherCtx = NULL ;
949 - keyReq->keyId = ctx->keyId;
950 - keyReq->keyType = xmlSecKeyDataTypeSymmetric;
951 - if(transform->operation == xmlSecTransformOperationEncrypt) {
952 - keyReq->keyUsage = xmlSecKeyUsageEncrypt;
953 - } else {
954 - keyReq->keyUsage = xmlSecKeyUsageDecrypt;
956 - keyReq->keyBitsSize = 8 * ctx->keySize;
957 return(0);
960 -static int
961 -xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
962 - xmlSecNssBlockCipherCtxPtr ctx;
963 - xmlSecBufferPtr buffer;
964 +/**
965 + * xmlSecTransformExecuteMethod:
966 + * @transform: the pointer to transform object.
967 + * @last: the flag: if set to 1 then it's the last data chunk.
968 + * @transformCtx: the pointer to transform context object.
970 + * Transform specific method to process a chunk of data.
972 + * Returns 0 on success or a negative value otherwise.
973 + */
974 +xmlSecNssBlockCipherExecute(
975 + xmlSecTransformPtr transform ,
976 + int last ,
977 + xmlSecTransformCtxPtr transformCtx
978 +) {
979 + xmlSecNssBlockCipherCtxPtr context = NULL ;
980 + xmlSecBufferPtr inBuf = NULL ;
981 + xmlSecBufferPtr outBuf = NULL ;
982 + const xmlChar* cipherName ;
983 + int operation ;
984 + int rtv ;
986 xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
987 - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
988 xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
989 - xmlSecAssert2(key != NULL, -1);
991 - ctx = xmlSecNssBlockCipherGetCtx(transform);
992 - xmlSecAssert2(ctx != NULL, -1);
993 - xmlSecAssert2(ctx->cipher != 0, -1);
994 - xmlSecAssert2(ctx->keyInitialized == 0, -1);
995 - xmlSecAssert2(ctx->keyId != NULL, -1);
996 - xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
998 - xmlSecAssert2(ctx->keySize > 0, -1);
999 - xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
1001 - buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
1002 - xmlSecAssert2(buffer != NULL, -1);
1003 + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
1004 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
1006 - if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
1007 + context = xmlSecNssBlockCipherGetCtx( transform ) ;
1008 + if( context == NULL ) {
1009 xmlSecError(XMLSEC_ERRORS_HERE,
1010 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
1011 - NULL,
1012 - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
1013 - "keySize=%d;expected=%d",
1014 - xmlSecBufferGetSize(buffer), ctx->keySize);
1015 - return(-1);
1016 + "xmlSecNssBlockCipherGetCtx" ,
1017 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
1018 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1021 - xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
1022 - memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
1024 - ctx->keyInitialized = 1;
1025 - return(0);
1028 -static int
1029 -xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
1030 - xmlSecNssBlockCipherCtxPtr ctx;
1031 - xmlSecBufferPtr in, out;
1032 - int ret;
1034 - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
1035 - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
1036 - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
1037 - xmlSecAssert2(transformCtx != NULL, -1);
1039 - in = &(transform->inBuf);
1040 - out = &(transform->outBuf);
1042 - ctx = xmlSecNssBlockCipherGetCtx(transform);
1043 - xmlSecAssert2(ctx != NULL, -1);
1044 + inBuf = &( transform->inBuf ) ;
1045 + outBuf = &( transform->outBuf ) ;
1047 if(transform->status == xmlSecTransformStatusNone) {
1048 transform->status = xmlSecTransformStatusWorking;
1051 + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
1052 + cipherName = xmlSecTransformGetName( transform ) ;
1054 if(transform->status == xmlSecTransformStatusWorking) {
1055 - if(ctx->ctxInitialized == 0) {
1056 - ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
1057 - (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
1058 - xmlSecTransformGetName(transform), transformCtx);
1059 - if(ret < 0) {
1060 + if( context->cipherCtx == NULL ) {
1061 + rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
1062 + if( rtv < 0 ) {
1063 xmlSecError(XMLSEC_ERRORS_HERE,
1064 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
1065 "xmlSecNssBlockCipherCtxInit",
1066 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
1067 + XMLSEC_ERRORS_R_INVALID_STATUS,
1068 XMLSEC_ERRORS_NO_MESSAGE);
1069 return(-1);
1072 - if((ctx->ctxInitialized == 0) && (last != 0)) {
1073 + if( context->cipherCtx == NULL && last != 0 ) {
1074 xmlSecError(XMLSEC_ERRORS_HERE,
1075 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
1076 NULL,
1077 - XMLSEC_ERRORS_R_INVALID_DATA,
1078 + XMLSEC_ERRORS_R_INVALID_STATUS,
1079 "not enough data to initialize transform");
1080 return(-1);
1083 - if(ctx->ctxInitialized != 0) {
1084 - ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
1085 - (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
1086 - xmlSecTransformGetName(transform), transformCtx);
1087 - if(ret < 0) {
1088 + if( context->cipherCtx != NULL ) {
1089 + rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
1090 + if( rtv < 0 ) {
1091 xmlSecError(XMLSEC_ERRORS_HERE,
1092 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
1093 "xmlSecNssBlockCipherCtxUpdate",
1094 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
1095 + XMLSEC_ERRORS_R_INVALID_STATUS,
1096 XMLSEC_ERRORS_NO_MESSAGE);
1097 return(-1);
1101 if(last) {
1102 - ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
1103 - (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
1104 - xmlSecTransformGetName(transform), transformCtx);
1105 - if(ret < 0) {
1106 + rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
1107 + if( rtv < 0 ) {
1108 xmlSecError(XMLSEC_ERRORS_HERE,
1109 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
1110 "xmlSecNssBlockCipherCtxFinal",
1111 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
1112 + XMLSEC_ERRORS_R_INVALID_STATUS,
1113 XMLSEC_ERRORS_NO_MESSAGE);
1114 return(-1);
1116 transform->status = xmlSecTransformStatusFinished;
1118 } else if(transform->status == xmlSecTransformStatusFinished) {
1119 - /* the only way we can get here is if there is no input */
1120 - xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
1121 - } else if(transform->status == xmlSecTransformStatusNone) {
1122 - /* the only way we can get here is if there is no enough data in the input */
1123 - xmlSecAssert2(last == 0, -1);
1124 + if( xmlSecBufferGetSize( inBuf ) != 0 ) {
1125 + xmlSecError( XMLSEC_ERRORS_HERE ,
1126 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
1127 + NULL ,
1128 + XMLSEC_ERRORS_R_INVALID_STATUS ,
1129 + "status=%d", transform->status ) ;
1130 + return -1 ;
1132 } else {
1133 xmlSecError(XMLSEC_ERRORS_HERE,
1134 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),