update dev300-m58
[ooovba.git] / libxmlsec / xmlsec1-1.2.6.patch
blobcc899ea3dbe038de4d3f6dce5fea265e43727f9f
1 --- misc/xmlsec1-1.2.6/apps/Makefile.in 2004-08-26 08:00:30.000000000 +0200
2 +++ misc/build/xmlsec1-1.2.6/apps/Makefile.in 2008-06-29 23:44:19.000000000 +0200
3 @@ -370,7 +370,7 @@
4 $(CRYPTO_DEPS) \
5 $(NULL)
7 -all: all-am
8 +all:
10 .SUFFIXES:
11 .SUFFIXES: .c .lo .o .obj
12 --- misc/xmlsec1-1.2.6/configure 2004-08-26 08:00:34.000000000 +0200
13 +++ misc/build/xmlsec1-1.2.6/configure 2008-06-29 23:44:19.000000000 +0200
14 @@ -463,7 +463,7 @@
15 # include <unistd.h>
16 #endif"
18 -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS'
19 +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os XMLSEC_VERSION XMLSEC_PACKAGE XMLSEC_VERSION_SAFE XMLSEC_VERSION_MAJOR XMLSEC_VERSION_MINOR XMLSEC_VERSION_SUBMINOR XMLSEC_VERSION_INFO INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL RM CP MV TAR HELP2MAN MAN2HTML U ANSI2KNR INSTALL_LTDL_TRUE INSTALL_LTDL_FALSE CONVENIENCE_LTDL_TRUE CONVENIENCE_LTDL_FALSE LIBADD_DL PKG_CONFIG_ENABLED PKG_CONFIG LIBXML_CFLAGS LIBXML_LIBS LIBXML262_CFLAGS LIBXML262_LIBS LIBXML_CONFIG LIBXML_MIN_VERSION LIBXSLT_CFLAGS LIBXSLT_LIBS XMLSEC_NO_LIBXSLT LIBXSLT_CONFIG LIBXSLT_MIN_VERSION OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL097_CFLAGS OPENSSL097_LIBS XMLSEC_NO_OPENSSL_TRUE XMLSEC_NO_OPENSSL_FALSE XMLSEC_NO_OPENSSL OPENSSL_CRYPTO_LIB OPENSSL_MIN_VERSION GNUTLS_CFLAGS GNUTLS_LIBS XMLSEC_NO_GNUTLS_TRUE XMLSEC_NO_GNUTLS_FALSE XMLSEC_NO_GNUTLS GNUTLS_CRYPTO_LIB GNUTLS_MIN_VERSION NSS_CFLAGS NSS_LIBS XMLSEC_NO_NSS_TRUE XMLSEC_NO_NSS_FALSE XMLSEC_NO_NSS NSS_CRYPTO_LIB NSS_MIN_VERSION NSPR_MIN_VERSION MOZILLA_MIN_VERSION MSCRYPTO_CFLAGS MSCRYPTO_LIBS XMLSEC_NO_SHA1_TRUE XMLSEC_NO_SHA1_FALSE XMLSEC_NO_SHA1 XMLSEC_NO_RIPEMD160_TRUE XMLSEC_NO_RIPEMD160_FALSE XMLSEC_NO_RIPEMD160 XMLSEC_NO_HMAC_TRUE XMLSEC_NO_HMAC_FALSE XMLSEC_NO_HMAC XMLSEC_NO_DSA_TRUE XMLSEC_NO_DSA_FALSE XMLSEC_NO_DSA XMLSEC_NO_RSA_TRUE XMLSEC_NO_RSA_FALSE XMLSEC_NO_RSA XMLSEC_NO_X509_TRUE XMLSEC_NO_X509_FALSE XMLSEC_NO_X509 XMLSEC_NO_DES_TRUE XMLSEC_NO_DES_FALSE XMLSEC_NO_DES XMLSEC_NO_AES_TRUE XMLSEC_NO_AES_FALSE XMLSEC_NO_AES XMLSEC_NO_XMLDSIG_TRUE XMLSEC_NO_XMLDSIG_FALSE XMLSEC_NO_XMLDSIG XMLSEC_NO_XMLENC_TRUE XMLSEC_NO_XMLENC_FALSE XMLSEC_NO_XMLENC XMLSEC_NO_XKMS_TRUE XMLSEC_NO_XKMS_FALSE XMLSEC_NO_XKMS XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_CRYPTO_DYNAMIC_LOADING XMLSEC_DL_INCLUDES XMLSEC_DL_LIBS XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING XMLSEC_DOCDIR XMLSEC_STATIC_BINARIES XMLSEC_CORE_CFLAGS XMLSEC_CORE_LIBS XMLSEC_LIBDIR XMLSEC_OPENSSL_CFLAGS XMLSEC_OPENSSL_LIBS XMLSEC_GNUTLS_CFLAGS XMLSEC_GNUTLS_LIBS XMLSEC_NSS_CFLAGS XMLSEC_NSS_LIBS XMLSEC_CFLAGS XMLSEC_LIBS XMLSEC_DEFINES XMLSEC_APP_DEFINES XMLSEC_CRYPTO XMLSEC_CRYPTO_LIST XMLSEC_CRYPTO_DISABLED_LIST XMLSEC_CRYPTO_LIB XMLSEC_CRYPTO_CFLAGS XMLSEC_CRYPTO_LIBS XMLSEC_CRYPTO_PC_FILES_LIST LIBOBJS LTLIBOBJS'
20 ac_subst_files=''
22 # Initialize some variables set by options.
23 @@ -1072,6 +1072,7 @@
24 --with-nss=PFX nss location
25 --with-nspr=PFX nspr location (needed for NSS)
26 --with-mozilla-ver=VER mozilla version (alt to --with-nss, --with-nspr)
27 + --with-mscrypto try to use mscrypto
28 --with-html-dir=PATH path to installed docs
30 Some influential environment variables:
31 @@ -2045,8 +2046,8 @@
33 ac_ext=c
34 ac_cpp='$CPP $CPPFLAGS'
35 -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
36 -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
37 +ac_compile='$CC -c $ADDCFLAGS $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
38 +ac_link='$CC -o conftest$ac_exeext $ADDCFLAGS $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
39 ac_compiler_gnu=$ac_cv_c_compiler_gnu
40 if test -n "$ac_tool_prefix"; then
41 # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
42 @@ -2698,15 +2699,15 @@
43 CFLAGS=$ac_save_CFLAGS
44 elif test $ac_cv_prog_cc_g = yes; then
45 if test "$GCC" = yes; then
46 - CFLAGS="-g -O2"
47 + CFLAGS="$ADDCFLAGS -g -O2"
48 else
49 - CFLAGS="-g"
50 + CFLAGS="$ADDCFLAGS -g"
52 else
53 if test "$GCC" = yes; then
54 - CFLAGS="-O2"
55 + CFLAGS="$ADDCFLAGS -O2"
56 else
57 - CFLAGS=
58 + CFLAGS="$ADDCFLAGS"
61 echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
62 @@ -6350,11 +6351,11 @@
63 lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
66 - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
67 + beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
68 # PIC is the default for these OSes.
71 - mingw* | pw32* | os2*)
72 + pw32* | os2*)
73 # This hack is so that the source file can tell whether it is being
74 # built for inclusion in a dll (and should export symbols for example).
75 lt_prog_compiler_pic='-DDLL_EXPORT'
76 @@ -6409,7 +6410,7 @@
80 - mingw* | pw32* | os2*)
81 + pw32* | os2*)
82 # This hack is so that the source file can tell whether it is being
83 # built for inclusion in a dll (and should export symbols for example).
84 lt_prog_compiler_pic='-DDLL_EXPORT'
85 @@ -6752,7 +6753,7 @@
86 export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
88 if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
89 - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
90 + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib'
91 # If the export-symbols file already is a .def file (1st line
92 # is EXPORTS), use it as is; otherwise, prepend...
93 archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
94 @@ -7778,7 +7779,7 @@
97 freebsd*)
98 - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
99 + objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf`
100 version_type=freebsd-$objformat
101 case $version_type in
102 freebsd-elf*)
103 @@ -9046,7 +9047,7 @@
105 esac
106 output_verbose_link_cmd='echo'
107 - archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring'
108 + archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name @executable_path/$soname $verstring'
109 module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
110 # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
111 archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
112 @@ -10088,7 +10089,7 @@
113 enable_shared_with_static_runtimes_CXX=yes
115 if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
116 - archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
117 + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib'
118 # If the export-symbols file already is a .def file (1st line
119 # is EXPORTS), use it as is; otherwise, prepend...
120 archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
121 @@ -10816,10 +10817,10 @@
122 # like `-m68040'.
123 lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
125 - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
126 + beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
127 # PIC is the default for these OSes.
129 - mingw* | os2* | pw32*)
130 + os2* | pw32*)
131 # This hack is so that the source file can tell whether it is being
132 # built for inclusion in a dll (and should export symbols for example).
133 lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
134 @@ -11497,7 +11498,7 @@
137 freebsd*)
138 - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
139 + objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf`
140 version_type=freebsd-$objformat
141 case $version_type in
142 freebsd-elf*)
143 @@ -13259,11 +13260,11 @@
144 lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4'
147 - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
148 + beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
149 # PIC is the default for these OSes.
152 - mingw* | pw32* | os2*)
153 + pw32* | os2*)
154 # This hack is so that the source file can tell whether it is being
155 # built for inclusion in a dll (and should export symbols for example).
156 lt_prog_compiler_pic_F77='-DDLL_EXPORT'
157 @@ -13661,7 +13662,7 @@
158 export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
160 if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
161 - archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
162 + archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib'
163 # If the export-symbols file already is a .def file (1st line
164 # is EXPORTS), use it as is; otherwise, prepend...
165 archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
166 @@ -14667,7 +14668,7 @@
169 freebsd*)
170 - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
171 + objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf`
172 version_type=freebsd-$objformat
173 case $version_type in
174 freebsd-elf*)
175 @@ -15607,11 +15608,11 @@
176 lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4'
179 - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
180 + beos* | cygwin* | mingw* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
181 # PIC is the default for these OSes.
184 - mingw* | pw32* | os2*)
185 + pw32* | os2*)
186 # This hack is so that the source file can tell whether it is being
187 # built for inclusion in a dll (and should export symbols for example).
188 lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
189 @@ -15666,7 +15667,7 @@
193 - mingw* | pw32* | os2*)
194 + pw32* | os2*)
195 # This hack is so that the source file can tell whether it is being
196 # built for inclusion in a dll (and should export symbols for example).
197 lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
198 @@ -16009,7 +16010,7 @@
199 export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
201 if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
202 - archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--out-implib,$lib'
203 + archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--image-base=0x10000000 ${wl}--exclude-libs,ALL ${wl}--out-implib,$lib'
204 # If the export-symbols file already is a .def file (1st line
205 # is EXPORTS), use it as is; otherwise, prepend...
206 archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
207 @@ -17035,7 +17036,7 @@
210 freebsd*)
211 - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
212 + objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo elf`
213 version_type=freebsd-$objformat
214 case $version_type in
215 freebsd-elf*)
216 @@ -24598,7 +24599,7 @@
219 LIBXML_MIN_VERSION="2.4.2"
220 -LIBXML_CONFIG="xml2-config"
221 +LIBXML_CONFIG="./libxml2-config"
222 LIBXML_CFLAGS=""
223 LIBXML_LIBS=""
224 LIBXML_FOUND="no"
225 @@ -25678,12 +25679,26 @@
227 XMLSEC_NO_NSS="1"
228 MOZILLA_MIN_VERSION="1.4"
229 +if test "z$MOZ_FLAVOUR" = "zfirefox" ; then
230 + MOZILLA_MIN_VERSION="1.0"
232 NSS_MIN_VERSION="3.2"
233 NSPR_MIN_VERSION="4.0"
234 NSS_CFLAGS=""
235 NSS_LIBS=""
236 -NSS_LIBS_LIST="-lnss3 -lsmime3"
237 -NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
239 +case $host_os in
240 +cygwin* | mingw* | pw32*)
241 + NSS_LIBS_LIST="-lnss3 -lsmime3"
242 + NSPR_LIBS_LIST="-lnspr4"
243 + ;;
246 + NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3"
247 + NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
248 + ;;
249 +esac
251 NSS_CRYPTO_LIB="$PACKAGE-nss"
252 NSS_FOUND="no"
254 @@ -25766,23 +25781,122 @@
255 else
256 PKG_CONFIG_MIN_VERSION=0.9.0
257 if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then
258 - echo "$as_me:$LINENO: checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" >&5
259 -echo $ECHO_N "checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6
260 + echo "$as_me:$LINENO: checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" >&5
261 +echo $ECHO_N "checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6
263 + if $PKG_CONFIG --exists "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" ; then
264 + echo "$as_me:$LINENO: result: yes" >&5
265 +echo "${ECHO_T}yes" >&6
266 + succeeded=yes
268 + echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5
269 +echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6
270 + NSS_CFLAGS=`$PKG_CONFIG --cflags "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"`
271 + echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5
272 +echo "${ECHO_T}$NSS_CFLAGS" >&6
274 + echo "$as_me:$LINENO: checking NSS_LIBS" >&5
275 +echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6
276 + NSS_LIBS=`$PKG_CONFIG --libs "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"`
277 + echo "$as_me:$LINENO: result: $NSS_LIBS" >&5
278 +echo "${ECHO_T}$NSS_LIBS" >&6
279 + else
280 + NSS_CFLAGS=""
281 + NSS_LIBS=""
282 + ## If we have a custom action on failure, don't print errors, but
283 + ## do set a variable so people can do so.
284 + NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"`
286 + fi
290 + else
291 + echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer."
292 + echo "*** See http://www.freedesktop.org/software/pkgconfig"
293 + fi
294 + fi
296 + if test $succeeded = yes; then
297 + NSS_FOUND=yes
298 + else
299 + NSS_FOUND=no
300 + fi
302 + echo "$as_me:$LINENO: result: $NSS_FOUND" >&5
303 +echo "${ECHO_T}$NSS_FOUND" >&6
304 + if test "z$NSS_FOUND" = "zno" ; then
306 + succeeded=no
308 + if test -z "$PKG_CONFIG"; then
309 + # Extract the first word of "pkg-config", so it can be a program name with args.
310 +set dummy pkg-config; ac_word=$2
311 +echo "$as_me:$LINENO: checking for $ac_word" >&5
312 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
313 +if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
314 + echo $ECHO_N "(cached) $ECHO_C" >&6
315 +else
316 + case $PKG_CONFIG in
317 + [\\/]* | ?:[\\/]*)
318 + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
319 + ;;
320 + *)
321 + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
322 +for as_dir in $PATH
324 + IFS=$as_save_IFS
325 + test -z "$as_dir" && as_dir=.
326 + for ac_exec_ext in '' $ac_executable_extensions; do
327 + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
328 + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
329 + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
330 + break 2
331 + fi
332 +done
333 +done
335 + test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no"
336 + ;;
337 +esac
339 +PKG_CONFIG=$ac_cv_path_PKG_CONFIG
341 +if test -n "$PKG_CONFIG"; then
342 + echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
343 +echo "${ECHO_T}$PKG_CONFIG" >&6
344 +else
345 + echo "$as_me:$LINENO: result: no" >&5
346 +echo "${ECHO_T}no" >&6
349 + fi
351 + if test "$PKG_CONFIG" = "no" ; then
352 + echo "*** The pkg-config script could not be found. Make sure it is"
353 + echo "*** in your path, or set the PKG_CONFIG environment variable"
354 + echo "*** to the full path to pkg-config."
355 + echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config."
356 + else
357 + PKG_CONFIG_MIN_VERSION=0.9.0
358 + if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then
359 + echo "$as_me:$LINENO: checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" >&5
360 +echo $ECHO_N "checking for nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION... $ECHO_C" >&6
362 - if $PKG_CONFIG --exists "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" ; then
363 + if $PKG_CONFIG --exists "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" ; then
364 echo "$as_me:$LINENO: result: yes" >&5
365 echo "${ECHO_T}yes" >&6
366 succeeded=yes
368 echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5
369 echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6
370 - NSS_CFLAGS=`$PKG_CONFIG --cflags "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"`
371 + NSS_CFLAGS=`$PKG_CONFIG --cflags "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"`
372 echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5
373 echo "${ECHO_T}$NSS_CFLAGS" >&6
375 echo "$as_me:$LINENO: checking NSS_LIBS" >&5
376 echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6
377 - NSS_LIBS=`$PKG_CONFIG --libs "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"`
378 + NSS_LIBS=`$PKG_CONFIG --libs "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"`
379 echo "$as_me:$LINENO: result: $NSS_LIBS" >&5
380 echo "${ECHO_T}$NSS_LIBS" >&6
381 else
382 @@ -25790,7 +25904,7 @@
383 NSS_LIBS=""
384 ## If we have a custom action on failure, don't print errors, but
385 ## do set a variable so people can do so.
386 - NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"`
387 + NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION"`
391 @@ -25808,6 +25922,9 @@
392 NSS_FOUND=no
395 + echo "$as_me:$LINENO: result: $NSS_FOUND" >&5
396 +echo "${ECHO_T}$NSS_FOUND" >&6
397 + fi
400 if test "z$NSS_FOUND" = "zno" ; then
401 @@ -25817,8 +25934,8 @@
402 ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
405 - ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
406 - ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
407 + ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
408 + ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
410 echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5
411 echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6
412 @@ -25853,8 +25970,11 @@
413 done
415 for dir in $ac_nss_lib_dir ; do
416 - if test -f $dir/libnspr4.so ; then
417 - if test "z$dir" = "z/usr/lib" ; then
418 + case $host_os in
419 + cygwin* | mingw* | pw32*)
420 + if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then
421 + # do not add -L/usr/lib because compiler does it anyway
422 + if test "z$dir" = "z/usr/lib" ; then
423 NSPR_LIBS="$NSPR_LIBS_LIST"
424 else
425 if test "z$with_gnu_ld" = "zyes" ; then
426 @@ -25865,7 +25985,26 @@
428 NSPR_LIBS_FOUND="yes"
429 break
430 - fi
431 + fi
432 + ;;
434 + *)
435 + if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
436 + # do not add -L/usr/lib because compiler does it anyway
437 + if test "z$dir" = "z/usr/lib" ; then
438 + NSPR_LIBS="$NSPR_LIBS_LIST"
439 + else
440 + if test "z$with_gnu_ld" = "zyes" ; then
441 + NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST"
442 + else
443 + NSPR_LIBS="-L$dir $NSPR_LIBS_LIST"
444 + fi
445 + fi
446 + NSPR_LIBS_FOUND="yes"
447 + break
448 + fi
449 + ;;
450 + esac
451 done
454 @@ -25939,8 +26078,11 @@
455 done
457 for dir in $ac_nss_lib_dir ; do
458 - if test -f $dir/libnss3.so ; then
459 - if test "z$dir" = "z/usr/lib" ; then
460 + case $host_os in
461 + cygwin* | mingw* | pw32*)
462 + if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then
463 + # do not add -L/usr/lib because compiler does it anyway
464 + if test "z$dir" = "z/usr/lib" ; then
465 NSS_LIBS="$NSS_LIBS_LIST"
466 else
467 if test "z$with_gnu_ld" = "zyes" ; then
468 @@ -25951,7 +26093,26 @@
470 NSS_LIBS_FOUND="yes"
471 break
472 - fi
473 + fi
474 + ;;
476 + *)
477 + if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
478 + # do not add -L/usr/lib because compiler does it anyway
479 + if test "z$dir" = "z/usr/lib" ; then
480 + NSS_LIBS="$NSS_LIBS_LIST"
481 + else
482 + if test "z$with_gnu_ld" = "zyes" ; then
483 + NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST"
484 + else
485 + NSS_LIBS="-L$dir $NSS_LIBS_LIST"
486 + fi
487 + fi
488 + NSS_LIBS_FOUND="yes"
489 + break
490 + fi
491 + ;;
492 + esac
493 done
496 @@ -26004,6 +26165,12 @@
500 +case $host_os in
501 +darwin*)
502 + NSS_LIBS="$NSS_LIBS "`"$PERL" "$SOLARENV/bin/macosx-dylib-link-list.pl" $NSS_LIBS`
503 + ;;
504 +esac
506 if test "z$NSS_FOUND" = "zyes" ; then
507 XMLSEC_NO_NSS="0"
508 NSS_CFLAGS="$NSS_CFLAGS -DXMLSEC_CRYPTO_NSS=1"
509 @@ -26037,6 +26204,109 @@
513 +MSCRYPTO_CFLAGS=""
514 +MSCRYPTO_LIBS=""
515 +MSCRYPTO_FOUND="no"
518 +# Check whether --with-mscrypto or --without-mscrypto was given.
519 +if test "${with_mscrypto+set}" = set; then
520 + withval="$with_mscrypto"
522 +fi;
523 +if test "z$with_mscrypto" = "zno" ; then
524 + echo "$as_me:$LINENO: checking for MSCRYPTO libraries" >&5
525 +echo $ECHO_N "checking for MSCRYPTO libraries... $ECHO_C" >&6
526 + echo "$as_me:$LINENO: result: no" >&5
527 +echo "${ECHO_T}no" >&6
528 + MSCRYPTO_FOUND="without"
529 +else
530 + ac_mscrypto_lib_dir="${PSDK_HOME}/lib"
531 + ac_mscrypto_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external/mingw/include ${COMPATH}/include ${COMPATH}/include/w32api"
532 + echo "$as_me:$LINENO: checking for mscrypto libraries" >&5
533 +echo $ECHO_N "checking for mscrypto libraries... $ECHO_C" >&6
534 + MSCRYPTO_INCLUDES_FOUND="no"
535 + MSCRYPTO_LIBS_FOUND="no"
536 + WINCRYPT_H=""
538 + for dir in $ac_mscrypto_inc_dir ; do
539 + if test -f $dir/wincrypt.h ; then
540 + MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -I$dir"
541 + MSCRYPTO_INCLUDES_FOUND="yes"
542 + WINCRYPT_H="$dir/wincrypt.h"
543 + break
544 + fi
545 + done
547 + for dir in $ac_mscrypto_lib_dir ; do
548 + if test -f $dir/crypt32.lib ; then
549 + if test "z$with_gnu_ld" = "zyes" ; then
550 + MSCRYPTO_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $dir/crypt32.lib"
551 + else
552 + MSCRYPTO_LIBS="-L$dir $dir/crypt32.lib"
553 + fi
554 + MSCRYPTO_LIBS_FOUND="yes"
555 + break
556 + fi
557 + done
559 + if test "z$MSCRYPTO_INCLUDES_FOUND" = "zyes" -a "z$MSCRYPTO_LIBS_FOUND" = "zyes" ; then
560 + OLD_CPPFLAGS=$CPPFLAGS
561 + CPPFLAGS="$MSCRYPTO_CFLAGS"
562 + cat >conftest.$ac_ext <<_ACEOF
563 +/* confdefs.h. */
564 +_ACEOF
565 +cat confdefs.h >>conftest.$ac_ext
566 +cat >>conftest.$ac_ext <<_ACEOF
567 +/* end confdefs.h. */
569 + #include <wincrypt.h>
570 + #if defined(_WINCRYPT_H) || defined(__WINCRYPT_H__)
571 + yes
572 + #endif
574 +_ACEOF
575 +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
576 + $EGREP "yes" >/dev/null 2>&1; then
578 + MSCRYPTO_FOUND=yes
580 +else
582 + MSCRYPTO_FOUND=no
585 +rm -f conftest*
587 + CPPFLAGS="$OLD_CPPFLAGS"
588 + fi
590 + if test "z$MSCRYPTO_FOUND" = "zyes" ; then
591 + echo "$as_me:$LINENO: result: yes" >&5
592 +echo "${ECHO_T}yes" >&6
593 + else
594 + echo "$as_me:$LINENO: result: no" >&5
595 +echo "${ECHO_T}no" >&6
596 + fi
600 +if test "z$MSCRYPTO_FOUND" = "zyes" ; then
601 + MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1"
603 + if test "z$XMLSEC_CRYPTO" = "z" ; then
604 + XMLSEC_CRYPTO="mscrypto"
605 + XMLSEC_CRYPTO_LIB="$PACKAGE-mscrypto"
606 + XMLSEC_CRYPTO_CFLAGS="$MSCRYPTO_CFLAGS"
607 + XMLSEC_CRYPTO_LIBS="$MSCRYPTO_LIBS"
608 + fi
609 + XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscrypto"
610 +else
611 + XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscrypto"
616 echo "$as_me:$LINENO: checking for crypto library" >&5
617 echo $ECHO_N "checking for crypto library... $ECHO_C" >&6
618 if test "z$XMLSEC_CRYPTO" = "z" ; then
619 @@ -26604,7 +26874,7 @@
620 done
623 - ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1.spec:xmlsec.spec.in"
624 + ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1-mscrypto.pc:xmlsec-mscrypto.pc.in xmlsec1.spec:xmlsec.spec.in"
625 cat >confcache <<\_ACEOF
626 # This file is a shell script that caches the results of configure
627 # tests run on this system so they can be shared between configure
628 @@ -27521,6 +27791,8 @@
629 s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
630 s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
631 s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
632 +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
633 +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
634 s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
635 s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
636 s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
637 @@ -29231,6 +29503,8 @@
638 s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
639 s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
640 s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
641 +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
642 +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
643 s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
644 s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
645 s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
646 @@ -30941,6 +31215,8 @@
647 s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
648 s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
649 s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
650 +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
651 +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
652 s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
653 s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
654 s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
655 @@ -32653,6 +32929,1724 @@
656 s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
657 s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
658 s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
659 +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
660 +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
661 +s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
662 +s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
663 +s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
664 +s,@XMLSEC_NO_RIPEMD160_TRUE@,$XMLSEC_NO_RIPEMD160_TRUE,;t t
665 +s,@XMLSEC_NO_RIPEMD160_FALSE@,$XMLSEC_NO_RIPEMD160_FALSE,;t t
666 +s,@XMLSEC_NO_RIPEMD160@,$XMLSEC_NO_RIPEMD160,;t t
667 +s,@XMLSEC_NO_HMAC_TRUE@,$XMLSEC_NO_HMAC_TRUE,;t t
668 +s,@XMLSEC_NO_HMAC_FALSE@,$XMLSEC_NO_HMAC_FALSE,;t t
669 +s,@XMLSEC_NO_HMAC@,$XMLSEC_NO_HMAC,;t t
670 +s,@XMLSEC_NO_DSA_TRUE@,$XMLSEC_NO_DSA_TRUE,;t t
671 +s,@XMLSEC_NO_DSA_FALSE@,$XMLSEC_NO_DSA_FALSE,;t t
672 +s,@XMLSEC_NO_DSA@,$XMLSEC_NO_DSA,;t t
673 +s,@XMLSEC_NO_RSA_TRUE@,$XMLSEC_NO_RSA_TRUE,;t t
674 +s,@XMLSEC_NO_RSA_FALSE@,$XMLSEC_NO_RSA_FALSE,;t t
675 +s,@XMLSEC_NO_RSA@,$XMLSEC_NO_RSA,;t t
676 +s,@XMLSEC_NO_X509_TRUE@,$XMLSEC_NO_X509_TRUE,;t t
677 +s,@XMLSEC_NO_X509_FALSE@,$XMLSEC_NO_X509_FALSE,;t t
678 +s,@XMLSEC_NO_X509@,$XMLSEC_NO_X509,;t t
679 +s,@XMLSEC_NO_DES_TRUE@,$XMLSEC_NO_DES_TRUE,;t t
680 +s,@XMLSEC_NO_DES_FALSE@,$XMLSEC_NO_DES_FALSE,;t t
681 +s,@XMLSEC_NO_DES@,$XMLSEC_NO_DES,;t t
682 +s,@XMLSEC_NO_AES_TRUE@,$XMLSEC_NO_AES_TRUE,;t t
683 +s,@XMLSEC_NO_AES_FALSE@,$XMLSEC_NO_AES_FALSE,;t t
684 +s,@XMLSEC_NO_AES@,$XMLSEC_NO_AES,;t t
685 +s,@XMLSEC_NO_XMLDSIG_TRUE@,$XMLSEC_NO_XMLDSIG_TRUE,;t t
686 +s,@XMLSEC_NO_XMLDSIG_FALSE@,$XMLSEC_NO_XMLDSIG_FALSE,;t t
687 +s,@XMLSEC_NO_XMLDSIG@,$XMLSEC_NO_XMLDSIG,;t t
688 +s,@XMLSEC_NO_XMLENC_TRUE@,$XMLSEC_NO_XMLENC_TRUE,;t t
689 +s,@XMLSEC_NO_XMLENC_FALSE@,$XMLSEC_NO_XMLENC_FALSE,;t t
690 +s,@XMLSEC_NO_XMLENC@,$XMLSEC_NO_XMLENC,;t t
691 +s,@XMLSEC_NO_XKMS_TRUE@,$XMLSEC_NO_XKMS_TRUE,;t t
692 +s,@XMLSEC_NO_XKMS_FALSE@,$XMLSEC_NO_XKMS_FALSE,;t t
693 +s,@XMLSEC_NO_XKMS@,$XMLSEC_NO_XKMS,;t t
694 +s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE,;t t
695 +s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE,;t t
696 +s,@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING,;t t
697 +s,@XMLSEC_DL_INCLUDES@,$XMLSEC_DL_INCLUDES,;t t
698 +s,@XMLSEC_DL_LIBS@,$XMLSEC_DL_LIBS,;t t
699 +s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE,;t t
700 +s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE,;t t
701 +s,@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@,$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING,;t t
702 +s,@XMLSEC_DOCDIR@,$XMLSEC_DOCDIR,;t t
703 +s,@XMLSEC_STATIC_BINARIES@,$XMLSEC_STATIC_BINARIES,;t t
704 +s,@XMLSEC_CORE_CFLAGS@,$XMLSEC_CORE_CFLAGS,;t t
705 +s,@XMLSEC_CORE_LIBS@,$XMLSEC_CORE_LIBS,;t t
706 +s,@XMLSEC_LIBDIR@,$XMLSEC_LIBDIR,;t t
707 +s,@XMLSEC_OPENSSL_CFLAGS@,$XMLSEC_OPENSSL_CFLAGS,;t t
708 +s,@XMLSEC_OPENSSL_LIBS@,$XMLSEC_OPENSSL_LIBS,;t t
709 +s,@XMLSEC_GNUTLS_CFLAGS@,$XMLSEC_GNUTLS_CFLAGS,;t t
710 +s,@XMLSEC_GNUTLS_LIBS@,$XMLSEC_GNUTLS_LIBS,;t t
711 +s,@XMLSEC_NSS_CFLAGS@,$XMLSEC_NSS_CFLAGS,;t t
712 +s,@XMLSEC_NSS_LIBS@,$XMLSEC_NSS_LIBS,;t t
713 +s,@XMLSEC_CFLAGS@,$XMLSEC_CFLAGS,;t t
714 +s,@XMLSEC_LIBS@,$XMLSEC_LIBS,;t t
715 +s,@XMLSEC_DEFINES@,$XMLSEC_DEFINES,;t t
716 +s,@XMLSEC_APP_DEFINES@,$XMLSEC_APP_DEFINES,;t t
717 +s,@XMLSEC_CRYPTO@,$XMLSEC_CRYPTO,;t t
718 +s,@XMLSEC_CRYPTO_LIST@,$XMLSEC_CRYPTO_LIST,;t t
719 +s,@XMLSEC_CRYPTO_DISABLED_LIST@,$XMLSEC_CRYPTO_DISABLED_LIST,;t t
720 +s,@XMLSEC_CRYPTO_LIB@,$XMLSEC_CRYPTO_LIB,;t t
721 +s,@XMLSEC_CRYPTO_CFLAGS@,$XMLSEC_CRYPTO_CFLAGS,;t t
722 +s,@XMLSEC_CRYPTO_LIBS@,$XMLSEC_CRYPTO_LIBS,;t t
723 +s,@XMLSEC_CRYPTO_PC_FILES_LIST@,$XMLSEC_CRYPTO_PC_FILES_LIST,;t t
724 +s,@LIBOBJS@,$LIBOBJS,;t t
725 +s,@LTLIBOBJS@,$LTLIBOBJS,;t t
726 +CEOF
728 +_ACEOF
730 + cat >>$CONFIG_STATUS <<\_ACEOF
731 + # Split the substitutions into bite-sized pieces for seds with
732 + # small command number limits, like on Digital OSF/1 and HP-UX.
733 + ac_max_sed_lines=48
734 + ac_sed_frag=1 # Number of current file.
735 + ac_beg=1 # First line for current file.
736 + ac_end=$ac_max_sed_lines # Line after last line for current file.
737 + ac_more_lines=:
738 + ac_sed_cmds=
739 + while $ac_more_lines; do
740 + if test $ac_beg -gt 1; then
741 + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
742 + else
743 + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
744 + fi
745 + if test ! -s $tmp/subs.frag; then
746 + ac_more_lines=false
747 + else
748 + # The purpose of the label and of the branching condition is to
749 + # speed up the sed processing (if there are no `@' at all, there
750 + # is no need to browse any of the substitutions).
751 + # These are the two extra sed commands mentioned above.
752 + (echo ':t
753 + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
754 + if test -z "$ac_sed_cmds"; then
755 + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
756 + else
757 + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
758 + fi
759 + ac_sed_frag=`expr $ac_sed_frag + 1`
760 + ac_beg=$ac_end
761 + ac_end=`expr $ac_end + $ac_max_sed_lines`
762 + fi
763 + done
764 + if test -z "$ac_sed_cmds"; then
765 + ac_sed_cmds=cat
766 + fi
767 +fi # test -n "$CONFIG_FILES"
769 +_ACEOF
770 +cat >>$CONFIG_STATUS <<\_ACEOF
771 +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
772 + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
773 + case $ac_file in
774 + - | *:- | *:-:* ) # input from stdin
775 + cat >$tmp/stdin
776 + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
777 + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
778 + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
779 + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
780 + * ) ac_file_in=$ac_file.in ;;
781 + esac
783 + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
784 + ac_dir=`(dirname "$ac_file") 2>/dev/null ||
785 +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
786 + X"$ac_file" : 'X\(//\)[^/]' \| \
787 + X"$ac_file" : 'X\(//\)$' \| \
788 + X"$ac_file" : 'X\(/\)' \| \
789 + . : '\(.\)' 2>/dev/null ||
790 +echo X"$ac_file" |
791 + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
792 + /^X\(\/\/\)[^/].*/{ s//\1/; q; }
793 + /^X\(\/\/\)$/{ s//\1/; q; }
794 + /^X\(\/\).*/{ s//\1/; q; }
795 + s/.*/./; q'`
796 + { if $as_mkdir_p; then
797 + mkdir -p "$ac_dir"
798 + else
799 + as_dir="$ac_dir"
800 + as_dirs=
801 + while test ! -d "$as_dir"; do
802 + as_dirs="$as_dir $as_dirs"
803 + as_dir=`(dirname "$as_dir") 2>/dev/null ||
804 +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
805 + X"$as_dir" : 'X\(//\)[^/]' \| \
806 + X"$as_dir" : 'X\(//\)$' \| \
807 + X"$as_dir" : 'X\(/\)' \| \
808 + . : '\(.\)' 2>/dev/null ||
809 +echo X"$as_dir" |
810 + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
811 + /^X\(\/\/\)[^/].*/{ s//\1/; q; }
812 + /^X\(\/\/\)$/{ s//\1/; q; }
813 + /^X\(\/\).*/{ s//\1/; q; }
814 + s/.*/./; q'`
815 + done
816 + test ! -n "$as_dirs" || mkdir $as_dirs
817 + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
818 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
819 + { (exit 1); exit 1; }; }; }
821 + ac_builddir=.
823 +if test "$ac_dir" != .; then
824 + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
825 + # A "../" for each directory in $ac_dir_suffix.
826 + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
827 +else
828 + ac_dir_suffix= ac_top_builddir=
831 +case $srcdir in
832 + .) # No --srcdir option. We are building in place.
833 + ac_srcdir=.
834 + if test -z "$ac_top_builddir"; then
835 + ac_top_srcdir=.
836 + else
837 + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
838 + fi ;;
839 + [\\/]* | ?:[\\/]* ) # Absolute path.
840 + ac_srcdir=$srcdir$ac_dir_suffix;
841 + ac_top_srcdir=$srcdir ;;
842 + *) # Relative path.
843 + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
844 + ac_top_srcdir=$ac_top_builddir$srcdir ;;
845 +esac
847 +# Do not use `cd foo && pwd` to compute absolute paths, because
848 +# the directories may not exist.
849 +case `pwd` in
850 +.) ac_abs_builddir="$ac_dir";;
852 + case "$ac_dir" in
853 + .) ac_abs_builddir=`pwd`;;
854 + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
855 + *) ac_abs_builddir=`pwd`/"$ac_dir";;
856 + esac;;
857 +esac
858 +case $ac_abs_builddir in
859 +.) ac_abs_top_builddir=${ac_top_builddir}.;;
861 + case ${ac_top_builddir}. in
862 + .) ac_abs_top_builddir=$ac_abs_builddir;;
863 + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
864 + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
865 + esac;;
866 +esac
867 +case $ac_abs_builddir in
868 +.) ac_abs_srcdir=$ac_srcdir;;
870 + case $ac_srcdir in
871 + .) ac_abs_srcdir=$ac_abs_builddir;;
872 + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
873 + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
874 + esac;;
875 +esac
876 +case $ac_abs_builddir in
877 +.) ac_abs_top_srcdir=$ac_top_srcdir;;
879 + case $ac_top_srcdir in
880 + .) ac_abs_top_srcdir=$ac_abs_builddir;;
881 + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
882 + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
883 + esac;;
884 +esac
887 + case $INSTALL in
888 + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
889 + *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
890 + esac
892 + if test x"$ac_file" != x-; then
893 + { echo "$as_me:$LINENO: creating $ac_file" >&5
894 +echo "$as_me: creating $ac_file" >&6;}
895 + rm -f "$ac_file"
896 + fi
897 + # Let's still pretend it is `configure' which instantiates (i.e., don't
898 + # use $as_me), people would be surprised to read:
899 + # /* config.h. Generated by config.status. */
900 + if test x"$ac_file" = x-; then
901 + configure_input=
902 + else
903 + configure_input="$ac_file. "
904 + fi
905 + configure_input=$configure_input"Generated from `echo $ac_file_in |
906 + sed 's,.*/,,'` by configure."
908 + # First look for the input files in the build tree, otherwise in the
909 + # src tree.
910 + ac_file_inputs=`IFS=:
911 + for f in $ac_file_in; do
912 + case $f in
913 + -) echo $tmp/stdin ;;
914 + [\\/$]*)
915 + # Absolute (can't be DOS-style, as IFS=:)
916 + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
917 +echo "$as_me: error: cannot find input file: $f" >&2;}
918 + { (exit 1); exit 1; }; }
919 + echo "$f";;
920 + *) # Relative
921 + if test -f "$f"; then
922 + # Build tree
923 + echo "$f"
924 + elif test -f "$srcdir/$f"; then
925 + # Source tree
926 + echo "$srcdir/$f"
927 + else
928 + # /dev/null tree
929 + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
930 +echo "$as_me: error: cannot find input file: $f" >&2;}
931 + { (exit 1); exit 1; }; }
932 + fi;;
933 + esac
934 + done` || { (exit 1); exit 1; }
935 +_ACEOF
936 +cat >>$CONFIG_STATUS <<_ACEOF
937 + sed "$ac_vpsub
938 +$extrasub
939 +_ACEOF
940 +cat >>$CONFIG_STATUS <<\_ACEOF
942 +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
943 +s,@configure_input@,$configure_input,;t t
944 +s,@srcdir@,$ac_srcdir,;t t
945 +s,@abs_srcdir@,$ac_abs_srcdir,;t t
946 +s,@top_srcdir@,$ac_top_srcdir,;t t
947 +s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t
948 +s,@builddir@,$ac_builddir,;t t
949 +s,@abs_builddir@,$ac_abs_builddir,;t t
950 +s,@top_builddir@,$ac_top_builddir,;t t
951 +s,@abs_top_builddir@,$ac_abs_top_builddir,;t t
952 +s,@INSTALL@,$ac_INSTALL,;t t
953 +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
954 + rm -f $tmp/stdin
955 + if test x"$ac_file" != x-; then
956 + mv $tmp/out $ac_file
957 + else
958 + cat $tmp/out
959 + rm -f $tmp/out
960 + fi
962 +done
963 +_ACEOF
964 +cat >>$CONFIG_STATUS <<\_ACEOF
967 +# CONFIG_HEADER section.
970 +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
971 +# NAME is the cpp macro being defined and VALUE is the value it is being given.
973 +# ac_d sets the value in "#define NAME VALUE" lines.
974 +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)'
975 +ac_dB='[ ].*$,\1#\2'
976 +ac_dC=' '
977 +ac_dD=',;t'
978 +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
979 +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
980 +ac_uB='$,\1#\2define\3'
981 +ac_uC=' '
982 +ac_uD=',;t'
984 +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
985 + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
986 + case $ac_file in
987 + - | *:- | *:-:* ) # input from stdin
988 + cat >$tmp/stdin
989 + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
990 + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
991 + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
992 + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
993 + * ) ac_file_in=$ac_file.in ;;
994 + esac
996 + test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
997 +echo "$as_me: creating $ac_file" >&6;}
999 + # First look for the input files in the build tree, otherwise in the
1000 + # src tree.
1001 + ac_file_inputs=`IFS=:
1002 + for f in $ac_file_in; do
1003 + case $f in
1004 + -) echo $tmp/stdin ;;
1005 + [\\/$]*)
1006 + # Absolute (can't be DOS-style, as IFS=:)
1007 + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
1008 +echo "$as_me: error: cannot find input file: $f" >&2;}
1009 + { (exit 1); exit 1; }; }
1010 + # Do quote $f, to prevent DOS paths from being IFS'd.
1011 + echo "$f";;
1012 + *) # Relative
1013 + if test -f "$f"; then
1014 + # Build tree
1015 + echo "$f"
1016 + elif test -f "$srcdir/$f"; then
1017 + # Source tree
1018 + echo "$srcdir/$f"
1019 + else
1020 + # /dev/null tree
1021 + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
1022 +echo "$as_me: error: cannot find input file: $f" >&2;}
1023 + { (exit 1); exit 1; }; }
1024 + fi;;
1025 + esac
1026 + done` || { (exit 1); exit 1; }
1027 + # Remove the trailing spaces.
1028 + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in
1030 +_ACEOF
1032 +# Transform confdefs.h into two sed scripts, `conftest.defines' and
1033 +# `conftest.undefs', that substitutes the proper values into
1034 +# config.h.in to produce config.h. The first handles `#define'
1035 +# templates, and the second `#undef' templates.
1036 +# And first: Protect against being on the right side of a sed subst in
1037 +# config.status. Protect against being in an unquoted here document
1038 +# in config.status.
1039 +rm -f conftest.defines conftest.undefs
1040 +# Using a here document instead of a string reduces the quoting nightmare.
1041 +# Putting comments in sed scripts is not portable.
1043 +# `end' is used to avoid that the second main sed command (meant for
1044 +# 0-ary CPP macros) applies to n-ary macro definitions.
1045 +# See the Autoconf documentation for `clear'.
1046 +cat >confdef2sed.sed <<\_ACEOF
1047 +s/[\\&,]/\\&/g
1048 +s,[\\$`],\\&,g
1049 +t clear
1050 +: clear
1051 +s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
1052 +t end
1053 +s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
1054 +: end
1055 +_ACEOF
1056 +# If some macros were called several times there might be several times
1057 +# the same #defines, which is useless. Nevertheless, we may not want to
1058 +# sort them, since we want the *last* AC-DEFINE to be honored.
1059 +uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
1060 +sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
1061 +rm -f confdef2sed.sed
1063 +# This sed command replaces #undef with comments. This is necessary, for
1064 +# example, in the case of _POSIX_SOURCE, which is predefined and required
1065 +# on some systems where configure will not decide to define it.
1066 +cat >>conftest.undefs <<\_ACEOF
1067 +s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
1068 +_ACEOF
1070 +# Break up conftest.defines because some shells have a limit on the size
1071 +# of here documents, and old seds have small limits too (100 cmds).
1072 +echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
1073 +echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
1074 +echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
1075 +echo ' :' >>$CONFIG_STATUS
1076 +rm -f conftest.tail
1077 +while grep . conftest.defines >/dev/null
1079 + # Write a limited-size here document to $tmp/defines.sed.
1080 + echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
1081 + # Speed up: don't consider the non `#define' lines.
1082 + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS
1083 + # Work around the forget-to-reset-the-flag bug.
1084 + echo 't clr' >>$CONFIG_STATUS
1085 + echo ': clr' >>$CONFIG_STATUS
1086 + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
1087 + echo 'CEOF
1088 + sed -f $tmp/defines.sed $tmp/in >$tmp/out
1089 + rm -f $tmp/in
1090 + mv $tmp/out $tmp/in
1091 +' >>$CONFIG_STATUS
1092 + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
1093 + rm -f conftest.defines
1094 + mv conftest.tail conftest.defines
1095 +done
1096 +rm -f conftest.defines
1097 +echo ' fi # grep' >>$CONFIG_STATUS
1098 +echo >>$CONFIG_STATUS
1100 +# Break up conftest.undefs because some shells have a limit on the size
1101 +# of here documents, and old seds have small limits too (100 cmds).
1102 +echo ' # Handle all the #undef templates' >>$CONFIG_STATUS
1103 +rm -f conftest.tail
1104 +while grep . conftest.undefs >/dev/null
1106 + # Write a limited-size here document to $tmp/undefs.sed.
1107 + echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
1108 + # Speed up: don't consider the non `#undef'
1109 + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS
1110 + # Work around the forget-to-reset-the-flag bug.
1111 + echo 't clr' >>$CONFIG_STATUS
1112 + echo ': clr' >>$CONFIG_STATUS
1113 + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
1114 + echo 'CEOF
1115 + sed -f $tmp/undefs.sed $tmp/in >$tmp/out
1116 + rm -f $tmp/in
1117 + mv $tmp/out $tmp/in
1118 +' >>$CONFIG_STATUS
1119 + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
1120 + rm -f conftest.undefs
1121 + mv conftest.tail conftest.undefs
1122 +done
1123 +rm -f conftest.undefs
1125 +cat >>$CONFIG_STATUS <<\_ACEOF
1126 + # Let's still pretend it is `configure' which instantiates (i.e., don't
1127 + # use $as_me), people would be surprised to read:
1128 + # /* config.h. Generated by config.status. */
1129 + if test x"$ac_file" = x-; then
1130 + echo "/* Generated by configure. */" >$tmp/config.h
1131 + else
1132 + echo "/* $ac_file. Generated by configure. */" >$tmp/config.h
1133 + fi
1134 + cat $tmp/in >>$tmp/config.h
1135 + rm -f $tmp/in
1136 + if test x"$ac_file" != x-; then
1137 + if diff $ac_file $tmp/config.h >/dev/null 2>&1; then
1138 + { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
1139 +echo "$as_me: $ac_file is unchanged" >&6;}
1140 + else
1141 + ac_dir=`(dirname "$ac_file") 2>/dev/null ||
1142 +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1143 + X"$ac_file" : 'X\(//\)[^/]' \| \
1144 + X"$ac_file" : 'X\(//\)$' \| \
1145 + X"$ac_file" : 'X\(/\)' \| \
1146 + . : '\(.\)' 2>/dev/null ||
1147 +echo X"$ac_file" |
1148 + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
1149 + /^X\(\/\/\)[^/].*/{ s//\1/; q; }
1150 + /^X\(\/\/\)$/{ s//\1/; q; }
1151 + /^X\(\/\).*/{ s//\1/; q; }
1152 + s/.*/./; q'`
1153 + { if $as_mkdir_p; then
1154 + mkdir -p "$ac_dir"
1155 + else
1156 + as_dir="$ac_dir"
1157 + as_dirs=
1158 + while test ! -d "$as_dir"; do
1159 + as_dirs="$as_dir $as_dirs"
1160 + as_dir=`(dirname "$as_dir") 2>/dev/null ||
1161 +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1162 + X"$as_dir" : 'X\(//\)[^/]' \| \
1163 + X"$as_dir" : 'X\(//\)$' \| \
1164 + X"$as_dir" : 'X\(/\)' \| \
1165 + . : '\(.\)' 2>/dev/null ||
1166 +echo X"$as_dir" |
1167 + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
1168 + /^X\(\/\/\)[^/].*/{ s//\1/; q; }
1169 + /^X\(\/\/\)$/{ s//\1/; q; }
1170 + /^X\(\/\).*/{ s//\1/; q; }
1171 + s/.*/./; q'`
1172 + done
1173 + test ! -n "$as_dirs" || mkdir $as_dirs
1174 + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
1175 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
1176 + { (exit 1); exit 1; }; }; }
1178 + rm -f $ac_file
1179 + mv $tmp/config.h $ac_file
1180 + fi
1181 + else
1182 + cat $tmp/config.h
1183 + rm -f $tmp/config.h
1184 + fi
1185 +# Compute $ac_file's index in $config_headers.
1186 +_am_stamp_count=1
1187 +for _am_header in $config_headers :; do
1188 + case $_am_header in
1189 + $ac_file | $ac_file:* )
1190 + break ;;
1191 + * )
1192 + _am_stamp_count=`expr $_am_stamp_count + 1` ;;
1193 + esac
1194 +done
1195 +echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null ||
1196 +$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1197 + X$ac_file : 'X\(//\)[^/]' \| \
1198 + X$ac_file : 'X\(//\)$' \| \
1199 + X$ac_file : 'X\(/\)' \| \
1200 + . : '\(.\)' 2>/dev/null ||
1201 +echo X$ac_file |
1202 + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
1203 + /^X\(\/\/\)[^/].*/{ s//\1/; q; }
1204 + /^X\(\/\/\)$/{ s//\1/; q; }
1205 + /^X\(\/\).*/{ s//\1/; q; }
1206 + s/.*/./; q'`/stamp-h$_am_stamp_count
1207 +done
1208 +_ACEOF
1209 +cat >>$CONFIG_STATUS <<\_ACEOF
1212 +# CONFIG_COMMANDS section.
1214 +for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue
1215 + ac_dest=`echo "$ac_file" | sed 's,:.*,,'`
1216 + ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'`
1217 + ac_dir=`(dirname "$ac_dest") 2>/dev/null ||
1218 +$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1219 + X"$ac_dest" : 'X\(//\)[^/]' \| \
1220 + X"$ac_dest" : 'X\(//\)$' \| \
1221 + X"$ac_dest" : 'X\(/\)' \| \
1222 + . : '\(.\)' 2>/dev/null ||
1223 +echo X"$ac_dest" |
1224 + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
1225 + /^X\(\/\/\)[^/].*/{ s//\1/; q; }
1226 + /^X\(\/\/\)$/{ s//\1/; q; }
1227 + /^X\(\/\).*/{ s//\1/; q; }
1228 + s/.*/./; q'`
1229 + { if $as_mkdir_p; then
1230 + mkdir -p "$ac_dir"
1231 + else
1232 + as_dir="$ac_dir"
1233 + as_dirs=
1234 + while test ! -d "$as_dir"; do
1235 + as_dirs="$as_dir $as_dirs"
1236 + as_dir=`(dirname "$as_dir") 2>/dev/null ||
1237 +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1238 + X"$as_dir" : 'X\(//\)[^/]' \| \
1239 + X"$as_dir" : 'X\(//\)$' \| \
1240 + X"$as_dir" : 'X\(/\)' \| \
1241 + . : '\(.\)' 2>/dev/null ||
1242 +echo X"$as_dir" |
1243 + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
1244 + /^X\(\/\/\)[^/].*/{ s//\1/; q; }
1245 + /^X\(\/\/\)$/{ s//\1/; q; }
1246 + /^X\(\/\).*/{ s//\1/; q; }
1247 + s/.*/./; q'`
1248 + done
1249 + test ! -n "$as_dirs" || mkdir $as_dirs
1250 + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
1251 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
1252 + { (exit 1); exit 1; }; }; }
1254 + ac_builddir=.
1256 +if test "$ac_dir" != .; then
1257 + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
1258 + # A "../" for each directory in $ac_dir_suffix.
1259 + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
1260 +else
1261 + ac_dir_suffix= ac_top_builddir=
1264 +case $srcdir in
1265 + .) # No --srcdir option. We are building in place.
1266 + ac_srcdir=.
1267 + if test -z "$ac_top_builddir"; then
1268 + ac_top_srcdir=.
1269 + else
1270 + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
1271 + fi ;;
1272 + [\\/]* | ?:[\\/]* ) # Absolute path.
1273 + ac_srcdir=$srcdir$ac_dir_suffix;
1274 + ac_top_srcdir=$srcdir ;;
1275 + *) # Relative path.
1276 + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
1277 + ac_top_srcdir=$ac_top_builddir$srcdir ;;
1278 +esac
1280 +# Do not use `cd foo && pwd` to compute absolute paths, because
1281 +# the directories may not exist.
1282 +case `pwd` in
1283 +.) ac_abs_builddir="$ac_dir";;
1285 + case "$ac_dir" in
1286 + .) ac_abs_builddir=`pwd`;;
1287 + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
1288 + *) ac_abs_builddir=`pwd`/"$ac_dir";;
1289 + esac;;
1290 +esac
1291 +case $ac_abs_builddir in
1292 +.) ac_abs_top_builddir=${ac_top_builddir}.;;
1294 + case ${ac_top_builddir}. in
1295 + .) ac_abs_top_builddir=$ac_abs_builddir;;
1296 + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
1297 + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
1298 + esac;;
1299 +esac
1300 +case $ac_abs_builddir in
1301 +.) ac_abs_srcdir=$ac_srcdir;;
1303 + case $ac_srcdir in
1304 + .) ac_abs_srcdir=$ac_abs_builddir;;
1305 + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
1306 + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
1307 + esac;;
1308 +esac
1309 +case $ac_abs_builddir in
1310 +.) ac_abs_top_srcdir=$ac_top_srcdir;;
1312 + case $ac_top_srcdir in
1313 + .) ac_abs_top_srcdir=$ac_abs_builddir;;
1314 + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
1315 + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
1316 + esac;;
1317 +esac
1320 + { echo "$as_me:$LINENO: executing $ac_dest commands" >&5
1321 +echo "$as_me: executing $ac_dest commands" >&6;}
1322 + case $ac_dest in
1323 + depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
1324 + # Strip MF so we end up with the name of the file.
1325 + mf=`echo "$mf" | sed -e 's/:.*$//'`
1326 + # Check whether this is an Automake generated Makefile or not.
1327 + # We used to match only the files named `Makefile.in', but
1328 + # some people rename them; so instead we look at the file content.
1329 + # Grep'ing the first line is not enough: some people post-process
1330 + # each Makefile.in and add a new line on top of each file to say so.
1331 + # So let's grep whole file.
1332 + if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
1333 + dirpart=`(dirname "$mf") 2>/dev/null ||
1334 +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1335 + X"$mf" : 'X\(//\)[^/]' \| \
1336 + X"$mf" : 'X\(//\)$' \| \
1337 + X"$mf" : 'X\(/\)' \| \
1338 + . : '\(.\)' 2>/dev/null ||
1339 +echo X"$mf" |
1340 + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
1341 + /^X\(\/\/\)[^/].*/{ s//\1/; q; }
1342 + /^X\(\/\/\)$/{ s//\1/; q; }
1343 + /^X\(\/\).*/{ s//\1/; q; }
1344 + s/.*/./; q'`
1345 + else
1346 + continue
1347 + fi
1348 + grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue
1349 + # Extract the definition of DEP_FILES from the Makefile without
1350 + # running `make'.
1351 + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
1352 + test -z "$DEPDIR" && continue
1353 + # When using ansi2knr, U may be empty or an underscore; expand it
1354 + U=`sed -n 's/^U = //p' < "$mf"`
1355 + test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR"
1356 + # We invoke sed twice because it is the simplest approach to
1357 + # changing $(DEPDIR) to its actual value in the expansion.
1358 + for file in `sed -n '
1359 + /^DEP_FILES = .*\\\\$/ {
1360 + s/^DEP_FILES = //
1361 + :loop
1362 + s/\\\\$//
1365 + /\\\\$/ b loop
1368 + /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \
1369 + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
1370 + # Make sure the directory exists.
1371 + test -f "$dirpart/$file" && continue
1372 + fdir=`(dirname "$file") 2>/dev/null ||
1373 +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1374 + X"$file" : 'X\(//\)[^/]' \| \
1375 + X"$file" : 'X\(//\)$' \| \
1376 + X"$file" : 'X\(/\)' \| \
1377 + . : '\(.\)' 2>/dev/null ||
1378 +echo X"$file" |
1379 + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
1380 + /^X\(\/\/\)[^/].*/{ s//\1/; q; }
1381 + /^X\(\/\/\)$/{ s//\1/; q; }
1382 + /^X\(\/\).*/{ s//\1/; q; }
1383 + s/.*/./; q'`
1384 + { if $as_mkdir_p; then
1385 + mkdir -p $dirpart/$fdir
1386 + else
1387 + as_dir=$dirpart/$fdir
1388 + as_dirs=
1389 + while test ! -d "$as_dir"; do
1390 + as_dirs="$as_dir $as_dirs"
1391 + as_dir=`(dirname "$as_dir") 2>/dev/null ||
1392 +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1393 + X"$as_dir" : 'X\(//\)[^/]' \| \
1394 + X"$as_dir" : 'X\(//\)$' \| \
1395 + X"$as_dir" : 'X\(/\)' \| \
1396 + . : '\(.\)' 2>/dev/null ||
1397 +echo X"$as_dir" |
1398 + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
1399 + /^X\(\/\/\)[^/].*/{ s//\1/; q; }
1400 + /^X\(\/\/\)$/{ s//\1/; q; }
1401 + /^X\(\/\).*/{ s//\1/; q; }
1402 + s/.*/./; q'`
1403 + done
1404 + test ! -n "$as_dirs" || mkdir $as_dirs
1405 + fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5
1406 +echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;}
1407 + { (exit 1); exit 1; }; }; }
1409 + # echo "creating $dirpart/$file"
1410 + echo '# dummy' > "$dirpart/$file"
1411 + done
1412 +done
1413 + ;;
1414 + esac
1415 +done
1416 +_ACEOF
1418 +cat >>$CONFIG_STATUS <<\_ACEOF
1420 +{ (exit 0); exit 0; }
1421 +_ACEOF
1422 +chmod +x $CONFIG_STATUS
1423 +ac_clean_files=$ac_clean_files_save
1426 +# configure is writing to config.log, and then calls config.status.
1427 +# config.status does its own redirection, appending to config.log.
1428 +# Unfortunately, on DOS this fails, as config.log is still kept open
1429 +# by configure, so config.status won't be able to write to it; its
1430 +# output is simply discarded. So we exec the FD to /dev/null,
1431 +# effectively closing config.log, so it can be properly (re)opened and
1432 +# appended to by config.status. When coming back to configure, we
1433 +# need to make the FD available again.
1434 +if test "$no_create" != yes; then
1435 + ac_cs_success=:
1436 + ac_config_status_args=
1437 + test "$silent" = yes &&
1438 + ac_config_status_args="$ac_config_status_args --quiet"
1439 + exec 5>/dev/null
1440 + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
1441 + exec 5>>config.log
1442 + # Use ||, not &&, to avoid exiting from the if with $? = 1, which
1443 + # would make configure fail if this is the last instruction.
1444 + $ac_cs_success || { (exit 1); exit 1; }
1449 +if test "z$MSCRYPTO_FOUND" = "zyes" ; then
1450 + ac_config_files="$ac_config_files include/xmlsec/mscrypto/Makefile src/mscrypto/Makefile"
1451 +cat >confcache <<\_ACEOF
1452 +# This file is a shell script that caches the results of configure
1453 +# tests run on this system so they can be shared between configure
1454 +# scripts and configure runs, see configure's option --config-cache.
1455 +# It is not useful on other systems. If it contains results you don't
1456 +# want to keep, you may remove or edit it.
1458 +# config.status only pays attention to the cache file if you give it
1459 +# the --recheck option to rerun configure.
1461 +# `ac_cv_env_foo' variables (set or unset) will be overridden when
1462 +# loading this file, other *unset* `ac_cv_foo' will be assigned the
1463 +# following values.
1465 +_ACEOF
1467 +# The following way of writing the cache mishandles newlines in values,
1468 +# but we know of no workaround that is simple, portable, and efficient.
1469 +# So, don't put newlines in cache variables' values.
1470 +# Ultrix sh set writes to stderr and can't be redirected directly,
1471 +# and sets the high bit in the cache file unless we assign to the vars.
1473 + (set) 2>&1 |
1474 + case `(ac_space=' '; set | grep ac_space) 2>&1` in
1475 + *ac_space=\ *)
1476 + # `set' does not quote correctly, so add quotes (double-quote
1477 + # substitution turns \\\\ into \\, and sed turns \\ into \).
1478 + sed -n \
1479 + "s/'/'\\\\''/g;
1480 + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
1481 + ;;
1482 + *)
1483 + # `set' quotes correctly as required by POSIX, so do not add quotes.
1484 + sed -n \
1485 + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
1486 + ;;
1487 + esac;
1488 +} |
1489 + sed '
1490 + t clear
1491 + : clear
1492 + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
1493 + t end
1494 + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
1495 + : end' >>confcache
1496 +if diff $cache_file confcache >/dev/null 2>&1; then :; else
1497 + if test -w $cache_file; then
1498 + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file"
1499 + cat confcache >$cache_file
1500 + else
1501 + echo "not updating unwritable cache $cache_file"
1502 + fi
1504 +rm -f confcache
1506 +test "x$prefix" = xNONE && prefix=$ac_default_prefix
1507 +# Let make expand exec_prefix.
1508 +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
1510 +# VPATH may cause trouble with some makes, so we remove $(srcdir),
1511 +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
1512 +# trailing colons and then remove the whole line if VPATH becomes empty
1513 +# (actually we leave an empty line to preserve line numbers).
1514 +if test "x$srcdir" = x.; then
1515 + ac_vpsub='/^[ ]*VPATH[ ]*=/{
1516 +s/:*\$(srcdir):*/:/;
1517 +s/:*\${srcdir}:*/:/;
1518 +s/:*@srcdir@:*/:/;
1519 +s/^\([^=]*=[ ]*\):*/\1/;
1520 +s/:*$//;
1521 +s/^[^=]*=[ ]*$//;
1525 +DEFS=-DHAVE_CONFIG_H
1527 +ac_libobjs=
1528 +ac_ltlibobjs=
1529 +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
1530 + # 1. Remove the extension, and $U if already installed.
1531 + ac_i=`echo "$ac_i" |
1532 + sed 's/\$U\././;s/\.o$//;s/\.obj$//'`
1533 + # 2. Add them.
1534 + ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext"
1535 + ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo'
1536 +done
1537 +LIBOBJS=$ac_libobjs
1539 +LTLIBOBJS=$ac_ltlibobjs
1542 +if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then
1543 + { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined.
1544 +Usually this means the macro was only invoked conditionally." >&5
1545 +echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined.
1546 +Usually this means the macro was only invoked conditionally." >&2;}
1547 + { (exit 1); exit 1; }; }
1549 +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
1550 + { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
1551 +Usually this means the macro was only invoked conditionally." >&5
1552 +echo "$as_me: error: conditional \"AMDEP\" was never defined.
1553 +Usually this means the macro was only invoked conditionally." >&2;}
1554 + { (exit 1); exit 1; }; }
1556 +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
1557 + { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
1558 +Usually this means the macro was only invoked conditionally." >&5
1559 +echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
1560 +Usually this means the macro was only invoked conditionally." >&2;}
1561 + { (exit 1); exit 1; }; }
1563 +if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
1564 + { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined.
1565 +Usually this means the macro was only invoked conditionally." >&5
1566 +echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined.
1567 +Usually this means the macro was only invoked conditionally." >&2;}
1568 + { (exit 1); exit 1; }; }
1570 +if test -z "${INSTALL_LTDL_TRUE}" && test -z "${INSTALL_LTDL_FALSE}"; then
1571 + { { echo "$as_me:$LINENO: error: conditional \"INSTALL_LTDL\" was never defined.
1572 +Usually this means the macro was only invoked conditionally." >&5
1573 +echo "$as_me: error: conditional \"INSTALL_LTDL\" was never defined.
1574 +Usually this means the macro was only invoked conditionally." >&2;}
1575 + { (exit 1); exit 1; }; }
1577 +if test -z "${CONVENIENCE_LTDL_TRUE}" && test -z "${CONVENIENCE_LTDL_FALSE}"; then
1578 + { { echo "$as_me:$LINENO: error: conditional \"CONVENIENCE_LTDL\" was never defined.
1579 +Usually this means the macro was only invoked conditionally." >&5
1580 +echo "$as_me: error: conditional \"CONVENIENCE_LTDL\" was never defined.
1581 +Usually this means the macro was only invoked conditionally." >&2;}
1582 + { (exit 1); exit 1; }; }
1584 +if test -z "${XMLSEC_NO_OPENSSL_TRUE}" && test -z "${XMLSEC_NO_OPENSSL_FALSE}"; then
1585 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined.
1586 +Usually this means the macro was only invoked conditionally." >&5
1587 +echo "$as_me: error: conditional \"XMLSEC_NO_OPENSSL\" was never defined.
1588 +Usually this means the macro was only invoked conditionally." >&2;}
1589 + { (exit 1); exit 1; }; }
1591 +if test -z "${XMLSEC_NO_GNUTLS_TRUE}" && test -z "${XMLSEC_NO_GNUTLS_FALSE}"; then
1592 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined.
1593 +Usually this means the macro was only invoked conditionally." >&5
1594 +echo "$as_me: error: conditional \"XMLSEC_NO_GNUTLS\" was never defined.
1595 +Usually this means the macro was only invoked conditionally." >&2;}
1596 + { (exit 1); exit 1; }; }
1598 +if test -z "${XMLSEC_NO_NSS_TRUE}" && test -z "${XMLSEC_NO_NSS_FALSE}"; then
1599 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_NSS\" was never defined.
1600 +Usually this means the macro was only invoked conditionally." >&5
1601 +echo "$as_me: error: conditional \"XMLSEC_NO_NSS\" was never defined.
1602 +Usually this means the macro was only invoked conditionally." >&2;}
1603 + { (exit 1); exit 1; }; }
1605 +if test -z "${XMLSEC_NO_SHA1_TRUE}" && test -z "${XMLSEC_NO_SHA1_FALSE}"; then
1606 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_SHA1\" was never defined.
1607 +Usually this means the macro was only invoked conditionally." >&5
1608 +echo "$as_me: error: conditional \"XMLSEC_NO_SHA1\" was never defined.
1609 +Usually this means the macro was only invoked conditionally." >&2;}
1610 + { (exit 1); exit 1; }; }
1612 +if test -z "${XMLSEC_NO_RIPEMD160_TRUE}" && test -z "${XMLSEC_NO_RIPEMD160_FALSE}"; then
1613 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined.
1614 +Usually this means the macro was only invoked conditionally." >&5
1615 +echo "$as_me: error: conditional \"XMLSEC_NO_RIPEMD160\" was never defined.
1616 +Usually this means the macro was only invoked conditionally." >&2;}
1617 + { (exit 1); exit 1; }; }
1619 +if test -z "${XMLSEC_NO_HMAC_TRUE}" && test -z "${XMLSEC_NO_HMAC_FALSE}"; then
1620 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_HMAC\" was never defined.
1621 +Usually this means the macro was only invoked conditionally." >&5
1622 +echo "$as_me: error: conditional \"XMLSEC_NO_HMAC\" was never defined.
1623 +Usually this means the macro was only invoked conditionally." >&2;}
1624 + { (exit 1); exit 1; }; }
1626 +if test -z "${XMLSEC_NO_DSA_TRUE}" && test -z "${XMLSEC_NO_DSA_FALSE}"; then
1627 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DSA\" was never defined.
1628 +Usually this means the macro was only invoked conditionally." >&5
1629 +echo "$as_me: error: conditional \"XMLSEC_NO_DSA\" was never defined.
1630 +Usually this means the macro was only invoked conditionally." >&2;}
1631 + { (exit 1); exit 1; }; }
1633 +if test -z "${XMLSEC_NO_RSA_TRUE}" && test -z "${XMLSEC_NO_RSA_FALSE}"; then
1634 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_RSA\" was never defined.
1635 +Usually this means the macro was only invoked conditionally." >&5
1636 +echo "$as_me: error: conditional \"XMLSEC_NO_RSA\" was never defined.
1637 +Usually this means the macro was only invoked conditionally." >&2;}
1638 + { (exit 1); exit 1; }; }
1640 +if test -z "${XMLSEC_NO_X509_TRUE}" && test -z "${XMLSEC_NO_X509_FALSE}"; then
1641 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_X509\" was never defined.
1642 +Usually this means the macro was only invoked conditionally." >&5
1643 +echo "$as_me: error: conditional \"XMLSEC_NO_X509\" was never defined.
1644 +Usually this means the macro was only invoked conditionally." >&2;}
1645 + { (exit 1); exit 1; }; }
1647 +if test -z "${XMLSEC_NO_DES_TRUE}" && test -z "${XMLSEC_NO_DES_FALSE}"; then
1648 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_DES\" was never defined.
1649 +Usually this means the macro was only invoked conditionally." >&5
1650 +echo "$as_me: error: conditional \"XMLSEC_NO_DES\" was never defined.
1651 +Usually this means the macro was only invoked conditionally." >&2;}
1652 + { (exit 1); exit 1; }; }
1654 +if test -z "${XMLSEC_NO_AES_TRUE}" && test -z "${XMLSEC_NO_AES_FALSE}"; then
1655 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_AES\" was never defined.
1656 +Usually this means the macro was only invoked conditionally." >&5
1657 +echo "$as_me: error: conditional \"XMLSEC_NO_AES\" was never defined.
1658 +Usually this means the macro was only invoked conditionally." >&2;}
1659 + { (exit 1); exit 1; }; }
1661 +if test -z "${XMLSEC_NO_XMLDSIG_TRUE}" && test -z "${XMLSEC_NO_XMLDSIG_FALSE}"; then
1662 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined.
1663 +Usually this means the macro was only invoked conditionally." >&5
1664 +echo "$as_me: error: conditional \"XMLSEC_NO_XMLDSIG\" was never defined.
1665 +Usually this means the macro was only invoked conditionally." >&2;}
1666 + { (exit 1); exit 1; }; }
1668 +if test -z "${XMLSEC_NO_XMLENC_TRUE}" && test -z "${XMLSEC_NO_XMLENC_FALSE}"; then
1669 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XMLENC\" was never defined.
1670 +Usually this means the macro was only invoked conditionally." >&5
1671 +echo "$as_me: error: conditional \"XMLSEC_NO_XMLENC\" was never defined.
1672 +Usually this means the macro was only invoked conditionally." >&2;}
1673 + { (exit 1); exit 1; }; }
1675 +if test -z "${XMLSEC_NO_XKMS_TRUE}" && test -z "${XMLSEC_NO_XKMS_FALSE}"; then
1676 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_XKMS\" was never defined.
1677 +Usually this means the macro was only invoked conditionally." >&5
1678 +echo "$as_me: error: conditional \"XMLSEC_NO_XKMS\" was never defined.
1679 +Usually this means the macro was only invoked conditionally." >&2;}
1680 + { (exit 1); exit 1; }; }
1682 +if test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE}"; then
1683 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined.
1684 +Usually this means the macro was only invoked conditionally." >&5
1685 +echo "$as_me: error: conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined.
1686 +Usually this means the macro was only invoked conditionally." >&2;}
1687 + { (exit 1); exit 1; }; }
1689 +if test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE}"; then
1690 + { { echo "$as_me:$LINENO: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined.
1691 +Usually this means the macro was only invoked conditionally." >&5
1692 +echo "$as_me: error: conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined.
1693 +Usually this means the macro was only invoked conditionally." >&2;}
1694 + { (exit 1); exit 1; }; }
1697 +: ${CONFIG_STATUS=./config.status}
1698 +ac_clean_files_save=$ac_clean_files
1699 +ac_clean_files="$ac_clean_files $CONFIG_STATUS"
1700 +{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
1701 +echo "$as_me: creating $CONFIG_STATUS" >&6;}
1702 +cat >$CONFIG_STATUS <<_ACEOF
1703 +#! $SHELL
1704 +# Generated by $as_me.
1705 +# Run this file to recreate the current configuration.
1706 +# Compiler output produced by configure, useful for debugging
1707 +# configure, is in config.log if it exists.
1709 +debug=false
1710 +ac_cs_recheck=false
1711 +ac_cs_silent=false
1712 +SHELL=\${CONFIG_SHELL-$SHELL}
1713 +_ACEOF
1715 +cat >>$CONFIG_STATUS <<\_ACEOF
1716 +## --------------------- ##
1717 +## M4sh Initialization. ##
1718 +## --------------------- ##
1720 +# Be Bourne compatible
1721 +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
1722 + emulate sh
1723 + NULLCMD=:
1724 + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
1725 + # is contrary to our usage. Disable this feature.
1726 + alias -g '${1+"$@"}'='"$@"'
1727 +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
1728 + set -o posix
1730 +DUALCASE=1; export DUALCASE # for MKS sh
1732 +# Support unset when possible.
1733 +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
1734 + as_unset=unset
1735 +else
1736 + as_unset=false
1740 +# Work around bugs in pre-3.0 UWIN ksh.
1741 +$as_unset ENV MAIL MAILPATH
1742 +PS1='$ '
1743 +PS2='> '
1744 +PS4='+ '
1746 +# NLS nuisances.
1747 +for as_var in \
1748 + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
1749 + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
1750 + LC_TELEPHONE LC_TIME
1752 + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
1753 + eval $as_var=C; export $as_var
1754 + else
1755 + $as_unset $as_var
1756 + fi
1757 +done
1759 +# Required to use basename.
1760 +if expr a : '\(a\)' >/dev/null 2>&1; then
1761 + as_expr=expr
1762 +else
1763 + as_expr=false
1766 +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
1767 + as_basename=basename
1768 +else
1769 + as_basename=false
1773 +# Name of the executable.
1774 +as_me=`$as_basename "$0" ||
1775 +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
1776 + X"$0" : 'X\(//\)$' \| \
1777 + X"$0" : 'X\(/\)$' \| \
1778 + . : '\(.\)' 2>/dev/null ||
1779 +echo X/"$0" |
1780 + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
1781 + /^X\/\(\/\/\)$/{ s//\1/; q; }
1782 + /^X\/\(\/\).*/{ s//\1/; q; }
1783 + s/.*/./; q'`
1786 +# PATH needs CR, and LINENO needs CR and PATH.
1787 +# Avoid depending upon Character Ranges.
1788 +as_cr_letters='abcdefghijklmnopqrstuvwxyz'
1789 +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
1790 +as_cr_Letters=$as_cr_letters$as_cr_LETTERS
1791 +as_cr_digits='0123456789'
1792 +as_cr_alnum=$as_cr_Letters$as_cr_digits
1794 +# The user is always right.
1795 +if test "${PATH_SEPARATOR+set}" != set; then
1796 + echo "#! /bin/sh" >conf$$.sh
1797 + echo "exit 0" >>conf$$.sh
1798 + chmod +x conf$$.sh
1799 + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
1800 + PATH_SEPARATOR=';'
1801 + else
1802 + PATH_SEPARATOR=:
1803 + fi
1804 + rm -f conf$$.sh
1808 + as_lineno_1=$LINENO
1809 + as_lineno_2=$LINENO
1810 + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
1811 + test "x$as_lineno_1" != "x$as_lineno_2" &&
1812 + test "x$as_lineno_3" = "x$as_lineno_2" || {
1813 + # Find who we are. Look in the path if we contain no path at all
1814 + # relative or not.
1815 + case $0 in
1816 + *[\\/]* ) as_myself=$0 ;;
1817 + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
1818 +for as_dir in $PATH
1820 + IFS=$as_save_IFS
1821 + test -z "$as_dir" && as_dir=.
1822 + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
1823 +done
1825 + ;;
1826 + esac
1827 + # We did not find ourselves, most probably we were run as `sh COMMAND'
1828 + # in which case we are not to be found in the path.
1829 + if test "x$as_myself" = x; then
1830 + as_myself=$0
1831 + fi
1832 + if test ! -f "$as_myself"; then
1833 + { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
1834 +echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
1835 + { (exit 1); exit 1; }; }
1836 + fi
1837 + case $CONFIG_SHELL in
1838 + '')
1839 + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
1840 +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
1842 + IFS=$as_save_IFS
1843 + test -z "$as_dir" && as_dir=.
1844 + for as_base in sh bash ksh sh5; do
1845 + case $as_dir in
1846 + /*)
1847 + if ("$as_dir/$as_base" -c '
1848 + as_lineno_1=$LINENO
1849 + as_lineno_2=$LINENO
1850 + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
1851 + test "x$as_lineno_1" != "x$as_lineno_2" &&
1852 + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
1853 + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
1854 + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
1855 + CONFIG_SHELL=$as_dir/$as_base
1856 + export CONFIG_SHELL
1857 + exec "$CONFIG_SHELL" "$0" ${1+"$@"}
1858 + fi;;
1859 + esac
1860 + done
1861 +done
1863 + esac
1865 + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
1866 + # uniformly replaced by the line number. The first 'sed' inserts a
1867 + # line-number line before each line; the second 'sed' does the real
1868 + # work. The second script uses 'N' to pair each line-number line
1869 + # with the numbered line, and appends trailing '-' during
1870 + # substitution so that $LINENO is not a special case at line end.
1871 + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
1872 + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
1873 + sed '=' <$as_myself |
1874 + sed '
1876 + s,$,-,
1877 + : loop
1878 + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
1879 + t loop
1880 + s,-$,,
1881 + s,^['$as_cr_digits']*\n,,
1882 + ' >$as_me.lineno &&
1883 + chmod +x $as_me.lineno ||
1884 + { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
1885 +echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
1886 + { (exit 1); exit 1; }; }
1888 + # Don't try to exec as it changes $[0], causing all sort of problems
1889 + # (the dirname of $[0] is not the place where we might find the
1890 + # original and so on. Autoconf is especially sensible to this).
1891 + . ./$as_me.lineno
1892 + # Exit status is that of the last command.
1893 + exit
1897 +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
1898 + *c*,-n*) ECHO_N= ECHO_C='
1899 +' ECHO_T=' ' ;;
1900 + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
1901 + *) ECHO_N= ECHO_C='\c' ECHO_T= ;;
1902 +esac
1904 +if expr a : '\(a\)' >/dev/null 2>&1; then
1905 + as_expr=expr
1906 +else
1907 + as_expr=false
1910 +rm -f conf$$ conf$$.exe conf$$.file
1911 +echo >conf$$.file
1912 +if ln -s conf$$.file conf$$ 2>/dev/null; then
1913 + # We could just check for DJGPP; but this test a) works b) is more generic
1914 + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
1915 + if test -f conf$$.exe; then
1916 + # Don't use ln at all; we don't have any links
1917 + as_ln_s='cp -p'
1918 + else
1919 + as_ln_s='ln -s'
1920 + fi
1921 +elif ln conf$$.file conf$$ 2>/dev/null; then
1922 + as_ln_s=ln
1923 +else
1924 + as_ln_s='cp -p'
1926 +rm -f conf$$ conf$$.exe conf$$.file
1928 +if mkdir -p . 2>/dev/null; then
1929 + as_mkdir_p=:
1930 +else
1931 + test -d ./-p && rmdir ./-p
1932 + as_mkdir_p=false
1935 +as_executable_p="test -f"
1937 +# Sed expression to map a string onto a valid CPP name.
1938 +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
1940 +# Sed expression to map a string onto a valid variable name.
1941 +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
1944 +# IFS
1945 +# We need space, tab and new line, in precisely that order.
1946 +as_nl='
1948 +IFS=" $as_nl"
1950 +# CDPATH.
1951 +$as_unset CDPATH
1953 +exec 6>&1
1955 +# Open the log real soon, to keep \$[0] and so on meaningful, and to
1956 +# report actual input values of CONFIG_FILES etc. instead of their
1957 +# values after options handling. Logging --version etc. is OK.
1958 +exec 5>>config.log
1960 + echo
1961 + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
1962 +## Running $as_me. ##
1963 +_ASBOX
1964 +} >&5
1965 +cat >&5 <<_CSEOF
1967 +This file was extended by $as_me, which was
1968 +generated by GNU Autoconf 2.59. Invocation command line was
1970 + CONFIG_FILES = $CONFIG_FILES
1971 + CONFIG_HEADERS = $CONFIG_HEADERS
1972 + CONFIG_LINKS = $CONFIG_LINKS
1973 + CONFIG_COMMANDS = $CONFIG_COMMANDS
1974 + $ $0 $@
1976 +_CSEOF
1977 +echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
1978 +echo >&5
1979 +_ACEOF
1981 +# Files that config.status was made for.
1982 +if test -n "$ac_config_files"; then
1983 + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
1986 +if test -n "$ac_config_headers"; then
1987 + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
1990 +if test -n "$ac_config_links"; then
1991 + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
1994 +if test -n "$ac_config_commands"; then
1995 + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
1998 +cat >>$CONFIG_STATUS <<\_ACEOF
2000 +ac_cs_usage="\
2001 +\`$as_me' instantiates files from templates according to the
2002 +current configuration.
2004 +Usage: $0 [OPTIONS] [FILE]...
2006 + -h, --help print this help, then exit
2007 + -V, --version print version number, then exit
2008 + -q, --quiet do not print progress messages
2009 + -d, --debug don't remove temporary files
2010 + --recheck update $as_me by reconfiguring in the same conditions
2011 + --file=FILE[:TEMPLATE]
2012 + instantiate the configuration file FILE
2013 + --header=FILE[:TEMPLATE]
2014 + instantiate the configuration header FILE
2016 +Configuration files:
2017 +$config_files
2019 +Configuration headers:
2020 +$config_headers
2022 +Configuration commands:
2023 +$config_commands
2025 +Report bugs to <bug-autoconf@gnu.org>."
2026 +_ACEOF
2028 +cat >>$CONFIG_STATUS <<_ACEOF
2029 +ac_cs_version="\\
2030 +config.status
2031 +configured by $0, generated by GNU Autoconf 2.59,
2032 + with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
2034 +Copyright (C) 2003 Free Software Foundation, Inc.
2035 +This config.status script is free software; the Free Software Foundation
2036 +gives unlimited permission to copy, distribute and modify it."
2037 +srcdir=$srcdir
2038 +INSTALL="$INSTALL"
2039 +_ACEOF
2041 +cat >>$CONFIG_STATUS <<\_ACEOF
2042 +# If no file are specified by the user, then we need to provide default
2043 +# value. By we need to know if files were specified by the user.
2044 +ac_need_defaults=:
2045 +while test $# != 0
2047 + case $1 in
2048 + --*=*)
2049 + ac_option=`expr "x$1" : 'x\([^=]*\)='`
2050 + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
2051 + ac_shift=:
2052 + ;;
2053 + -*)
2054 + ac_option=$1
2055 + ac_optarg=$2
2056 + ac_shift=shift
2057 + ;;
2058 + *) # This is not an option, so the user has probably given explicit
2059 + # arguments.
2060 + ac_option=$1
2061 + ac_need_defaults=false;;
2062 + esac
2064 + case $ac_option in
2065 + # Handling of the options.
2066 +_ACEOF
2067 +cat >>$CONFIG_STATUS <<\_ACEOF
2068 + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
2069 + ac_cs_recheck=: ;;
2070 + --version | --vers* | -V )
2071 + echo "$ac_cs_version"; exit 0 ;;
2072 + --he | --h)
2073 + # Conflict between --help and --header
2074 + { { echo "$as_me:$LINENO: error: ambiguous option: $1
2075 +Try \`$0 --help' for more information." >&5
2076 +echo "$as_me: error: ambiguous option: $1
2077 +Try \`$0 --help' for more information." >&2;}
2078 + { (exit 1); exit 1; }; };;
2079 + --help | --hel | -h )
2080 + echo "$ac_cs_usage"; exit 0 ;;
2081 + --debug | --d* | -d )
2082 + debug=: ;;
2083 + --file | --fil | --fi | --f )
2084 + $ac_shift
2085 + CONFIG_FILES="$CONFIG_FILES $ac_optarg"
2086 + ac_need_defaults=false;;
2087 + --header | --heade | --head | --hea )
2088 + $ac_shift
2089 + CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
2090 + ac_need_defaults=false;;
2091 + -q | -quiet | --quiet | --quie | --qui | --qu | --q \
2092 + | -silent | --silent | --silen | --sile | --sil | --si | --s)
2093 + ac_cs_silent=: ;;
2095 + # This is an error.
2096 + -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
2097 +Try \`$0 --help' for more information." >&5
2098 +echo "$as_me: error: unrecognized option: $1
2099 +Try \`$0 --help' for more information." >&2;}
2100 + { (exit 1); exit 1; }; } ;;
2102 + *) ac_config_targets="$ac_config_targets $1" ;;
2104 + esac
2105 + shift
2106 +done
2108 +ac_configure_extra_args=
2110 +if $ac_cs_silent; then
2111 + exec 6>/dev/null
2112 + ac_configure_extra_args="$ac_configure_extra_args --silent"
2115 +_ACEOF
2116 +cat >>$CONFIG_STATUS <<_ACEOF
2117 +if \$ac_cs_recheck; then
2118 + echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
2119 + exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
2122 +_ACEOF
2124 +cat >>$CONFIG_STATUS <<_ACEOF
2126 +# INIT-COMMANDS section.
2129 +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
2131 +_ACEOF
2135 +cat >>$CONFIG_STATUS <<\_ACEOF
2136 +for ac_config_target in $ac_config_targets
2138 + case "$ac_config_target" in
2139 + # Handling of arguments.
2140 + "include/xmlsec/version.h" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/version.h" ;;
2141 + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
2142 + "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
2143 + "include/xmlsec/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/Makefile" ;;
2144 + "include/xmlsec/private/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/private/Makefile" ;;
2145 + "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
2146 + "apps/Makefile" ) CONFIG_FILES="$CONFIG_FILES apps/Makefile" ;;
2147 + "docs/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;;
2148 + "docs/api/Makefile" ) CONFIG_FILES="$CONFIG_FILES docs/api/Makefile" ;;
2149 + "man/Makefile" ) CONFIG_FILES="$CONFIG_FILES man/Makefile" ;;
2150 + "xmlsec1Conf.sh" ) CONFIG_FILES="$CONFIG_FILES xmlsec1Conf.sh:xmlsecConf.sh.in" ;;
2151 + "xmlsec1-config" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-config:xmlsec-config.in" ;;
2152 + "xmlsec1-openssl.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-openssl.pc:xmlsec-openssl.pc.in" ;;
2153 + "xmlsec1-gnutls.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in" ;;
2154 + "xmlsec1-nss.pc" ) CONFIG_FILES="$CONFIG_FILES xmlsec1-nss.pc:xmlsec-nss.pc.in" ;;
2155 + "xmlsec1.spec" ) CONFIG_FILES="$CONFIG_FILES xmlsec1.spec:xmlsec.spec.in" ;;
2156 + "include/xmlsec/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/openssl/Makefile" ;;
2157 + "src/openssl/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/openssl/Makefile" ;;
2158 + "include/xmlsec/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/gnutls/Makefile" ;;
2159 + "src/gnutls/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/gnutls/Makefile" ;;
2160 + "include/xmlsec/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/nss/Makefile" ;;
2161 + "src/nss/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/nss/Makefile" ;;
2162 + "include/xmlsec/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/xmlsec/mscrypto/Makefile" ;;
2163 + "src/mscrypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/mscrypto/Makefile" ;;
2164 + "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
2165 + "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
2166 + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
2167 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
2168 + { (exit 1); exit 1; }; };;
2169 + esac
2170 +done
2172 +# If the user did not use the arguments to specify the items to instantiate,
2173 +# then the envvar interface is used. Set only those that are not.
2174 +# We use the long form for the default assignment because of an extremely
2175 +# bizarre bug on SunOS 4.1.3.
2176 +if $ac_need_defaults; then
2177 + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
2178 + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
2179 + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
2182 +# Have a temporary directory for convenience. Make it in the build tree
2183 +# simply because there is no reason to put it here, and in addition,
2184 +# creating and moving files from /tmp can sometimes cause problems.
2185 +# Create a temporary directory, and hook for its removal unless debugging.
2186 +$debug ||
2188 + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
2189 + trap '{ (exit 1); exit 1; }' 1 2 13 15
2192 +# Create a (secure) tmp directory for tmp files.
2195 + tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` &&
2196 + test -n "$tmp" && test -d "$tmp"
2197 +} ||
2199 + tmp=./confstat$$-$RANDOM
2200 + (umask 077 && mkdir $tmp)
2201 +} ||
2203 + echo "$me: cannot create a temporary directory in ." >&2
2204 + { (exit 1); exit 1; }
2207 +_ACEOF
2209 +cat >>$CONFIG_STATUS <<_ACEOF
2212 +# CONFIG_FILES section.
2215 +# No need to generate the scripts if there are no CONFIG_FILES.
2216 +# This happens for instance when ./config.status config.h
2217 +if test -n "\$CONFIG_FILES"; then
2218 + # Protect against being on the right side of a sed subst in config.status.
2219 + sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
2220 + s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
2221 +s,@SHELL@,$SHELL,;t t
2222 +s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
2223 +s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t
2224 +s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
2225 +s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
2226 +s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t
2227 +s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
2228 +s,@exec_prefix@,$exec_prefix,;t t
2229 +s,@prefix@,$prefix,;t t
2230 +s,@program_transform_name@,$program_transform_name,;t t
2231 +s,@bindir@,$bindir,;t t
2232 +s,@sbindir@,$sbindir,;t t
2233 +s,@libexecdir@,$libexecdir,;t t
2234 +s,@datadir@,$datadir,;t t
2235 +s,@sysconfdir@,$sysconfdir,;t t
2236 +s,@sharedstatedir@,$sharedstatedir,;t t
2237 +s,@localstatedir@,$localstatedir,;t t
2238 +s,@libdir@,$libdir,;t t
2239 +s,@includedir@,$includedir,;t t
2240 +s,@oldincludedir@,$oldincludedir,;t t
2241 +s,@infodir@,$infodir,;t t
2242 +s,@mandir@,$mandir,;t t
2243 +s,@build_alias@,$build_alias,;t t
2244 +s,@host_alias@,$host_alias,;t t
2245 +s,@target_alias@,$target_alias,;t t
2246 +s,@DEFS@,$DEFS,;t t
2247 +s,@ECHO_C@,$ECHO_C,;t t
2248 +s,@ECHO_N@,$ECHO_N,;t t
2249 +s,@ECHO_T@,$ECHO_T,;t t
2250 +s,@LIBS@,$LIBS,;t t
2251 +s,@build@,$build,;t t
2252 +s,@build_cpu@,$build_cpu,;t t
2253 +s,@build_vendor@,$build_vendor,;t t
2254 +s,@build_os@,$build_os,;t t
2255 +s,@host@,$host,;t t
2256 +s,@host_cpu@,$host_cpu,;t t
2257 +s,@host_vendor@,$host_vendor,;t t
2258 +s,@host_os@,$host_os,;t t
2259 +s,@XMLSEC_VERSION@,$XMLSEC_VERSION,;t t
2260 +s,@XMLSEC_PACKAGE@,$XMLSEC_PACKAGE,;t t
2261 +s,@XMLSEC_VERSION_SAFE@,$XMLSEC_VERSION_SAFE,;t t
2262 +s,@XMLSEC_VERSION_MAJOR@,$XMLSEC_VERSION_MAJOR,;t t
2263 +s,@XMLSEC_VERSION_MINOR@,$XMLSEC_VERSION_MINOR,;t t
2264 +s,@XMLSEC_VERSION_SUBMINOR@,$XMLSEC_VERSION_SUBMINOR,;t t
2265 +s,@XMLSEC_VERSION_INFO@,$XMLSEC_VERSION_INFO,;t t
2266 +s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
2267 +s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
2268 +s,@INSTALL_DATA@,$INSTALL_DATA,;t t
2269 +s,@CYGPATH_W@,$CYGPATH_W,;t t
2270 +s,@PACKAGE@,$PACKAGE,;t t
2271 +s,@VERSION@,$VERSION,;t t
2272 +s,@ACLOCAL@,$ACLOCAL,;t t
2273 +s,@AUTOCONF@,$AUTOCONF,;t t
2274 +s,@AUTOMAKE@,$AUTOMAKE,;t t
2275 +s,@AUTOHEADER@,$AUTOHEADER,;t t
2276 +s,@MAKEINFO@,$MAKEINFO,;t t
2277 +s,@AMTAR@,$AMTAR,;t t
2278 +s,@install_sh@,$install_sh,;t t
2279 +s,@STRIP@,$STRIP,;t t
2280 +s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t
2281 +s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t
2282 +s,@mkdir_p@,$mkdir_p,;t t
2283 +s,@AWK@,$AWK,;t t
2284 +s,@SET_MAKE@,$SET_MAKE,;t t
2285 +s,@am__leading_dot@,$am__leading_dot,;t t
2286 +s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t
2287 +s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t
2288 +s,@MAINT@,$MAINT,;t t
2289 +s,@CC@,$CC,;t t
2290 +s,@CFLAGS@,$CFLAGS,;t t
2291 +s,@LDFLAGS@,$LDFLAGS,;t t
2292 +s,@CPPFLAGS@,$CPPFLAGS,;t t
2293 +s,@ac_ct_CC@,$ac_ct_CC,;t t
2294 +s,@EXEEXT@,$EXEEXT,;t t
2295 +s,@OBJEXT@,$OBJEXT,;t t
2296 +s,@DEPDIR@,$DEPDIR,;t t
2297 +s,@am__include@,$am__include,;t t
2298 +s,@am__quote@,$am__quote,;t t
2299 +s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t
2300 +s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t
2301 +s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t
2302 +s,@CCDEPMODE@,$CCDEPMODE,;t t
2303 +s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t
2304 +s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t
2305 +s,@EGREP@,$EGREP,;t t
2306 +s,@LN_S@,$LN_S,;t t
2307 +s,@ECHO@,$ECHO,;t t
2308 +s,@AR@,$AR,;t t
2309 +s,@ac_ct_AR@,$ac_ct_AR,;t t
2310 +s,@RANLIB@,$RANLIB,;t t
2311 +s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
2312 +s,@CPP@,$CPP,;t t
2313 +s,@CXX@,$CXX,;t t
2314 +s,@CXXFLAGS@,$CXXFLAGS,;t t
2315 +s,@ac_ct_CXX@,$ac_ct_CXX,;t t
2316 +s,@CXXDEPMODE@,$CXXDEPMODE,;t t
2317 +s,@am__fastdepCXX_TRUE@,$am__fastdepCXX_TRUE,;t t
2318 +s,@am__fastdepCXX_FALSE@,$am__fastdepCXX_FALSE,;t t
2319 +s,@CXXCPP@,$CXXCPP,;t t
2320 +s,@F77@,$F77,;t t
2321 +s,@FFLAGS@,$FFLAGS,;t t
2322 +s,@ac_ct_F77@,$ac_ct_F77,;t t
2323 +s,@LIBTOOL@,$LIBTOOL,;t t
2324 +s,@RM@,$RM,;t t
2325 +s,@CP@,$CP,;t t
2326 +s,@MV@,$MV,;t t
2327 +s,@TAR@,$TAR,;t t
2328 +s,@HELP2MAN@,$HELP2MAN,;t t
2329 +s,@MAN2HTML@,$MAN2HTML,;t t
2330 +s,@U@,$U,;t t
2331 +s,@ANSI2KNR@,$ANSI2KNR,;t t
2332 +s,@INSTALL_LTDL_TRUE@,$INSTALL_LTDL_TRUE,;t t
2333 +s,@INSTALL_LTDL_FALSE@,$INSTALL_LTDL_FALSE,;t t
2334 +s,@CONVENIENCE_LTDL_TRUE@,$CONVENIENCE_LTDL_TRUE,;t t
2335 +s,@CONVENIENCE_LTDL_FALSE@,$CONVENIENCE_LTDL_FALSE,;t t
2336 +s,@LIBADD_DL@,$LIBADD_DL,;t t
2337 +s,@PKG_CONFIG_ENABLED@,$PKG_CONFIG_ENABLED,;t t
2338 +s,@PKG_CONFIG@,$PKG_CONFIG,;t t
2339 +s,@LIBXML_CFLAGS@,$LIBXML_CFLAGS,;t t
2340 +s,@LIBXML_LIBS@,$LIBXML_LIBS,;t t
2341 +s,@LIBXML262_CFLAGS@,$LIBXML262_CFLAGS,;t t
2342 +s,@LIBXML262_LIBS@,$LIBXML262_LIBS,;t t
2343 +s,@LIBXML_CONFIG@,$LIBXML_CONFIG,;t t
2344 +s,@LIBXML_MIN_VERSION@,$LIBXML_MIN_VERSION,;t t
2345 +s,@LIBXSLT_CFLAGS@,$LIBXSLT_CFLAGS,;t t
2346 +s,@LIBXSLT_LIBS@,$LIBXSLT_LIBS,;t t
2347 +s,@XMLSEC_NO_LIBXSLT@,$XMLSEC_NO_LIBXSLT,;t t
2348 +s,@LIBXSLT_CONFIG@,$LIBXSLT_CONFIG,;t t
2349 +s,@LIBXSLT_MIN_VERSION@,$LIBXSLT_MIN_VERSION,;t t
2350 +s,@OPENSSL_CFLAGS@,$OPENSSL_CFLAGS,;t t
2351 +s,@OPENSSL_LIBS@,$OPENSSL_LIBS,;t t
2352 +s,@OPENSSL097_CFLAGS@,$OPENSSL097_CFLAGS,;t t
2353 +s,@OPENSSL097_LIBS@,$OPENSSL097_LIBS,;t t
2354 +s,@XMLSEC_NO_OPENSSL_TRUE@,$XMLSEC_NO_OPENSSL_TRUE,;t t
2355 +s,@XMLSEC_NO_OPENSSL_FALSE@,$XMLSEC_NO_OPENSSL_FALSE,;t t
2356 +s,@XMLSEC_NO_OPENSSL@,$XMLSEC_NO_OPENSSL,;t t
2357 +s,@OPENSSL_CRYPTO_LIB@,$OPENSSL_CRYPTO_LIB,;t t
2358 +s,@OPENSSL_MIN_VERSION@,$OPENSSL_MIN_VERSION,;t t
2359 +s,@GNUTLS_CFLAGS@,$GNUTLS_CFLAGS,;t t
2360 +s,@GNUTLS_LIBS@,$GNUTLS_LIBS,;t t
2361 +s,@XMLSEC_NO_GNUTLS_TRUE@,$XMLSEC_NO_GNUTLS_TRUE,;t t
2362 +s,@XMLSEC_NO_GNUTLS_FALSE@,$XMLSEC_NO_GNUTLS_FALSE,;t t
2363 +s,@XMLSEC_NO_GNUTLS@,$XMLSEC_NO_GNUTLS,;t t
2364 +s,@GNUTLS_CRYPTO_LIB@,$GNUTLS_CRYPTO_LIB,;t t
2365 +s,@GNUTLS_MIN_VERSION@,$GNUTLS_MIN_VERSION,;t t
2366 +s,@NSS_CFLAGS@,$NSS_CFLAGS,;t t
2367 +s,@NSS_LIBS@,$NSS_LIBS,;t t
2368 +s,@XMLSEC_NO_NSS_TRUE@,$XMLSEC_NO_NSS_TRUE,;t t
2369 +s,@XMLSEC_NO_NSS_FALSE@,$XMLSEC_NO_NSS_FALSE,;t t
2370 +s,@XMLSEC_NO_NSS@,$XMLSEC_NO_NSS,;t t
2371 +s,@NSS_CRYPTO_LIB@,$NSS_CRYPTO_LIB,;t t
2372 +s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
2373 +s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
2374 +s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
2375 +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
2376 +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
2377 s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
2378 s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
2379 s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
2380 @@ -34368,6 +36362,8 @@
2381 s,@NSS_MIN_VERSION@,$NSS_MIN_VERSION,;t t
2382 s,@NSPR_MIN_VERSION@,$NSPR_MIN_VERSION,;t t
2383 s,@MOZILLA_MIN_VERSION@,$MOZILLA_MIN_VERSION,;t t
2384 +s,@MSCRYPTO_CFLAGS@,$MSCRYPTO_CFLAGS,;t t
2385 +s,@MSCRYPTO_LIBS@,$MSCRYPTO_LIBS,;t t
2386 s,@XMLSEC_NO_SHA1_TRUE@,$XMLSEC_NO_SHA1_TRUE,;t t
2387 s,@XMLSEC_NO_SHA1_FALSE@,$XMLSEC_NO_SHA1_FALSE,;t t
2388 s,@XMLSEC_NO_SHA1@,$XMLSEC_NO_SHA1,;t t
2389 --- misc/xmlsec1-1.2.6/configure.in 2004-08-26 04:49:24.000000000 +0200
2390 +++ misc/build/xmlsec1-1.2.6/configure.in 2008-06-29 23:44:19.000000000 +0200
2391 @@ -143,7 +143,7 @@
2392 dnl find libxml
2393 dnl ==========================================================================
2394 LIBXML_MIN_VERSION="2.4.2"
2395 -LIBXML_CONFIG="xml2-config"
2396 +LIBXML_CONFIG="./libxml2-config"
2397 LIBXML_CFLAGS=""
2398 LIBXML_LIBS=""
2399 LIBXML_FOUND="no"
2400 @@ -503,12 +503,26 @@
2402 XMLSEC_NO_NSS="1"
2403 MOZILLA_MIN_VERSION="1.4"
2404 +if test "z$MOZ_FLAVOUR" = "zfirefox" ; then
2405 + MOZILLA_MIN_VERSION="1.0"
2407 NSS_MIN_VERSION="3.2"
2408 NSPR_MIN_VERSION="4.0"
2409 NSS_CFLAGS=""
2410 NSS_LIBS=""
2411 -NSS_LIBS_LIST="-lnss3 -lsmime3"
2412 -NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
2414 +case $host_os in
2415 +cygwin* | mingw* | pw32*)
2416 + NSS_LIBS_LIST="-lnss3 -lsmime3"
2417 + NSPR_LIBS_LIST="-lnspr4"
2418 + ;;
2421 + NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3"
2422 + NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
2423 + ;;
2424 +esac
2426 NSS_CRYPTO_LIB="$PACKAGE-nss"
2427 NSS_FOUND="no"
2429 @@ -521,9 +535,16 @@
2430 AC_MSG_RESULT(no)
2431 NSS_FOUND="without"
2432 elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then
2433 - PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION,
2434 + PKG_CHECK_MODULES(NSS, $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION,
2435 [NSS_FOUND=yes],
2436 [NSS_FOUND=no])
2437 + AC_MSG_RESULT($NSS_FOUND)
2438 + if test "z$NSS_FOUND" = "zno" ; then
2439 + PKG_CHECK_MODULES(NSS, nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION,
2440 + [NSS_FOUND=yes],
2441 + [NSS_FOUND=no])
2442 + AC_MSG_RESULT($NSS_FOUND)
2443 + fi
2446 if test "z$NSS_FOUND" = "zno" ; then
2447 @@ -534,8 +555,8 @@
2448 ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
2451 - ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
2452 - ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
2453 + ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
2454 + ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
2456 AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
2457 NSPR_INCLUDES_FOUND="no"
2458 @@ -570,7 +591,9 @@
2459 done
2461 for dir in $ac_nss_lib_dir ; do
2462 - if test -f $dir/libnspr4.so ; then
2463 + case $host_os in
2464 + cygwin* | mingw* | pw32*)
2465 + if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib -o -f $dir/libnspr4.a ; then
2466 dnl do not add -L/usr/lib because compiler does it anyway
2467 if test "z$dir" = "z/usr/lib" ; then
2468 NSPR_LIBS="$NSPR_LIBS_LIST"
2469 @@ -583,7 +606,26 @@
2471 NSPR_LIBS_FOUND="yes"
2472 break
2473 - fi
2474 + fi
2475 + ;;
2477 + *)
2478 + if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
2479 + dnl do not add -L/usr/lib because compiler does it anyway
2480 + if test "z$dir" = "z/usr/lib" ; then
2481 + NSPR_LIBS="$NSPR_LIBS_LIST"
2482 + else
2483 + if test "z$with_gnu_ld" = "zyes" ; then
2484 + NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST"
2485 + else
2486 + NSPR_LIBS="-L$dir $NSPR_LIBS_LIST"
2487 + fi
2488 + fi
2489 + NSPR_LIBS_FOUND="yes"
2490 + break
2491 + fi
2492 + ;;
2493 + esac
2494 done
2497 @@ -641,7 +683,9 @@
2498 done
2500 for dir in $ac_nss_lib_dir ; do
2501 - if test -f $dir/libnss3.so ; then
2502 + case $host_os in
2503 + cygwin* | mingw* | pw32*)
2504 + if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib -o -f $dir/libnss3.a ; then
2505 dnl do not add -L/usr/lib because compiler does it anyway
2506 if test "z$dir" = "z/usr/lib" ; then
2507 NSS_LIBS="$NSS_LIBS_LIST"
2508 @@ -654,7 +698,26 @@
2510 NSS_LIBS_FOUND="yes"
2511 break
2512 - fi
2513 + fi
2514 + ;;
2516 + *)
2517 + if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
2518 + dnl do not add -L/usr/lib because compiler does it anyway
2519 + if test "z$dir" = "z/usr/lib" ; then
2520 + NSS_LIBS="$NSS_LIBS_LIST"
2521 + else
2522 + if test "z$with_gnu_ld" = "zyes" ; then
2523 + NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST"
2524 + else
2525 + NSS_LIBS="-L$dir $NSS_LIBS_LIST"
2526 + fi
2527 + fi
2528 + NSS_LIBS_FOUND="yes"
2529 + break
2530 + fi
2531 + ;;
2532 + esac
2533 done
2536 --- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in 2008-06-29 23:44:40.000000000 +0200
2537 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/Makefile.in 2008-06-29 23:44:19.000000000 +0200
2538 @@ -1 +1,58 @@
2539 -dummy
2540 +# Makefile.in generated by automake 1.8.3 from Makefile.am.
2541 +# @configure_input@
2543 +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
2544 +# 2003, 2004 Free Software Foundation, Inc.
2545 +# This Makefile.in is free software; the Free Software Foundation
2546 +# gives unlimited permission to copy and/or distribute it,
2547 +# with or without modifications, as long as this notice is preserved.
2549 +# This program is distributed in the hope that it will be useful,
2550 +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
2551 +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
2552 +# PARTICULAR PURPOSE.
2554 +@SET_MAKE@
2556 +HEADERS = $(xmlsecmscryptoinc_HEADERS)
2557 +NULL =
2558 +xmlsecmscryptoinc_HEADERS = \
2559 +akmngr.h \
2560 +app.h \
2561 +crypto.h \
2562 +symbols.h \
2563 +certkeys.h \
2564 +keysstore.h \
2565 +x509.h \
2566 +$(NULL)
2568 +all: all-am
2570 +mostlyclean-libtool:
2571 + -rm -f *.lo
2573 +clean-libtool:
2574 + -rm -rf .libs _libs
2576 +all-am: Makefile $(HEADERS)
2578 +mostlyclean-generic:
2580 +clean-generic:
2582 +clean: clean-am
2584 +clean-am: clean-generic clean-libtool mostlyclean-am
2586 +mostlyclean: mostlyclean-am
2588 +mostlyclean-am: mostlyclean-generic mostlyclean-libtool
2590 +.PHONY: all all-am clean clean-generic \
2591 + clean-libtool \
2592 + mostlyclean mostlyclean-generic mostlyclean-libtool
2595 +# Tell versions [3.59,3.63) of GNU make to not export all variables.
2596 +# Otherwise a system limit (for SysV at least) may be exceeded.
2597 +.NOEXPORT:
2598 --- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2008-06-29 23:44:39.000000000 +0200
2599 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2008-06-29 23:44:19.000000000 +0200
2600 @@ -1 +1,71 @@
2601 -dummy
2602 +/**
2603 + * XMLSec library
2605 + * This is free software; see Copyright file in the source
2606 + * distribution for preciese wording.
2607 + *
2608 + * Copyright ..........................
2609 + */
2610 +#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
2611 +#define __XMLSEC_MSCRYPTO_AKMNGR_H__
2613 +#include <windows.h>
2614 +#include <wincrypt.h>
2616 +#include <xmlsec/xmlsec.h>
2617 +#include <xmlsec/keys.h>
2618 +#include <xmlsec/transforms.h>
2620 +#ifdef __cplusplus
2621 +extern "C" {
2622 +#endif /* __cplusplus */
2624 +XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
2625 +xmlSecMSCryptoAppliedKeysMngrCreate(
2626 + HCERTSTORE keyStore ,
2627 + HCERTSTORE certStore
2628 +) ;
2630 +XMLSEC_CRYPTO_EXPORT int
2631 +xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
2632 + xmlSecKeysMngrPtr mngr ,
2633 + HCRYPTKEY symKey
2634 +) ;
2636 +XMLSEC_CRYPTO_EXPORT int
2637 +xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
2638 + xmlSecKeysMngrPtr mngr ,
2639 + HCRYPTKEY pubKey
2640 +) ;
2642 +XMLSEC_CRYPTO_EXPORT int
2643 +xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
2644 + xmlSecKeysMngrPtr mngr ,
2645 + HCRYPTKEY priKey
2646 +) ;
2648 +XMLSEC_CRYPTO_EXPORT int
2649 +xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
2650 + xmlSecKeysMngrPtr mngr ,
2651 + HCERTSTORE keyStore
2652 +) ;
2654 +XMLSEC_CRYPTO_EXPORT int
2655 +xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
2656 + xmlSecKeysMngrPtr mngr ,
2657 + HCERTSTORE trustedStore
2658 +) ;
2660 +XMLSEC_CRYPTO_EXPORT int
2661 +xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
2662 + xmlSecKeysMngrPtr mngr ,
2663 + HCERTSTORE untrustedStore
2664 +) ;
2666 +#ifdef __cplusplus
2668 +#endif /* __cplusplus */
2670 +#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
2673 --- misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2003-09-26 08:12:46.000000000 +0200
2674 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2008-06-29 23:44:19.000000000 +0200
2675 @@ -77,6 +77,21 @@
2676 PCCERT_CONTEXT cert,
2677 xmlSecKeyDataType type);
2679 +XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore (
2680 + xmlSecKeyDataStorePtr store,
2681 + HCERTSTORE keyStore
2682 + ) ;
2684 +XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore (
2685 + xmlSecKeyDataStorePtr store,
2686 + HCERTSTORE trustedStore
2687 + ) ;
2689 +XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore (
2690 + xmlSecKeyDataStorePtr store,
2691 + HCERTSTORE untrustedStore
2692 + ) ;
2695 #endif /* XMLSEC_NO_X509 */
2697 --- misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2003-07-30 04:46:35.000000000 +0200
2698 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2008-06-29 23:44:19.000000000 +0200
2699 @@ -3,6 +3,7 @@
2700 xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
2702 xmlsecnssinc_HEADERS = \
2703 +akmngr.h \
2704 app.h \
2705 crypto.h \
2706 symbols.h \
2707 @@ -10,6 +11,8 @@
2708 keysstore.h \
2709 pkikeys.h \
2710 x509.h \
2711 +tokens.h \
2712 +ciphers.h \
2713 $(NULL)
2715 install-exec-hook:
2716 --- misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2004-08-26 08:00:31.000000000 +0200
2717 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2008-06-29 23:44:19.000000000 +0200
2718 @@ -273,6 +273,7 @@
2719 NULL =
2720 xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
2721 xmlsecnssinc_HEADERS = \
2722 +akmngr.h \
2723 app.h \
2724 crypto.h \
2725 symbols.h \
2726 @@ -280,6 +281,8 @@
2727 keysstore.h \
2728 pkikeys.h \
2729 x509.h \
2730 +tokens.h \
2731 +ciphers.h \
2732 $(NULL)
2734 all: all-am
2735 --- misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2008-06-29 23:44:39.000000000 +0200
2736 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2008-06-29 23:44:19.000000000 +0200
2737 @@ -1 +1,56 @@
2738 -dummy
2739 +/**
2740 + * XMLSec library
2742 + * This is free software; see Copyright file in the source
2743 + * distribution for preciese wording.
2744 + *
2745 + * Copyright ..........................
2746 + */
2747 +#ifndef __XMLSEC_NSS_AKMNGR_H__
2748 +#define __XMLSEC_NSS_AKMNGR_H__
2750 +#include <nss.h>
2751 +#include <nspr.h>
2752 +#include <pk11func.h>
2753 +#include <cert.h>
2755 +#include <xmlsec/xmlsec.h>
2756 +#include <xmlsec/keys.h>
2757 +#include <xmlsec/transforms.h>
2759 +#ifdef __cplusplus
2760 +extern "C" {
2761 +#endif /* __cplusplus */
2763 +XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
2764 +xmlSecNssAppliedKeysMngrCreate(
2765 + PK11SlotInfo** slots,
2766 + int cSlots,
2767 + CERTCertDBHandle* handler
2768 +) ;
2770 +XMLSEC_CRYPTO_EXPORT int
2771 +xmlSecNssAppliedKeysMngrSymKeyLoad(
2772 + xmlSecKeysMngrPtr mngr ,
2773 + PK11SymKey* symKey
2774 +) ;
2776 +XMLSEC_CRYPTO_EXPORT int
2777 +xmlSecNssAppliedKeysMngrPubKeyLoad(
2778 + xmlSecKeysMngrPtr mngr ,
2779 + SECKEYPublicKey* pubKey
2780 +) ;
2782 +XMLSEC_CRYPTO_EXPORT int
2783 +xmlSecNssAppliedKeysMngrPriKeyLoad(
2784 + xmlSecKeysMngrPtr mngr ,
2785 + SECKEYPrivateKey* priKey
2786 +) ;
2788 +#ifdef __cplusplus
2790 +#endif /* __cplusplus */
2792 +#endif /* __XMLSEC_NSS_AKMNGR_H__ */
2795 --- misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2004-01-12 22:06:14.000000000 +0100
2796 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2008-06-29 23:44:19.000000000 +0200
2797 @@ -22,6 +22,9 @@
2798 #include <xmlsec/keysmngr.h>
2799 #include <xmlsec/transforms.h>
2801 +#include <xmlsec/nss/tokens.h>
2802 +#include <xmlsec/nss/akmngr.h>
2805 * Init/shutdown
2807 @@ -34,6 +37,8 @@
2808 XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
2809 XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr,
2810 xmlSecKeyPtr key);
2811 +XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
2812 + xmlSecNssKeySlotPtr keySlot);
2813 XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
2814 const char* uri);
2815 XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
2816 --- misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2008-06-29 23:44:39.000000000 +0200
2817 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2008-06-29 23:44:19.000000000 +0200
2818 @@ -1 +1,35 @@
2819 -dummy
2820 +/**
2821 + * XMLSec library
2823 + * This is free software; see Copyright file in the source
2824 + * distribution for preciese wording.
2825 + *
2826 + * Copyright ..........................
2827 + */
2828 +#ifndef __XMLSEC_NSS_CIPHERS_H__
2829 +#define __XMLSEC_NSS_CIPHERS_H__
2831 +#ifdef __cplusplus
2832 +extern "C" {
2833 +#endif /* __cplusplus */
2835 +#include <xmlsec/xmlsec.h>
2836 +#include <xmlsec/keys.h>
2837 +#include <xmlsec/transforms.h>
2840 +XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
2841 + PK11SymKey* symkey ) ;
2843 +XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
2845 +XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
2848 +#ifdef __cplusplus
2850 +#endif /* __cplusplus */
2852 +#endif /* __XMLSEC_NSS_CIPHERS_H__ */
2855 --- misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2004-01-12 22:06:14.000000000 +0100
2856 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2008-06-29 23:44:19.000000000 +0200
2857 @@ -264,6 +264,15 @@
2858 xmlSecNssTransformRsaPkcs1GetKlass()
2859 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void);
2861 +/**
2862 + * xmlSecNssTransformRsaOaepId:
2863 + *
2864 + * The RSA OAEP key transport transform klass.
2865 + */
2866 +#define xmlSecNssTransformRsaOaepId \
2867 + xmlSecNssTransformRsaOaepGetKlass()
2868 +XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void);
2870 #endif /* XMLSEC_NO_RSA */
2873 --- misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2003-07-30 04:46:35.000000000 +0200
2874 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2008-06-29 23:44:19.000000000 +0200
2875 @@ -16,6 +16,8 @@
2876 #endif /* __cplusplus */
2878 #include <xmlsec/xmlsec.h>
2879 +#include <xmlsec/keysmngr.h>
2880 +#include <xmlsec/nss/tokens.h>
2882 /****************************************************************************
2884 @@ -31,6 +33,8 @@
2885 XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
2886 XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
2887 xmlSecKeyPtr key);
2888 +XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
2889 + xmlSecNssKeySlotPtr keySlot);
2890 XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
2891 const char *uri,
2892 xmlSecKeysMngrPtr keysMngr);
2893 --- misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2008-06-29 23:44:39.000000000 +0200
2894 +++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2008-06-29 23:44:19.000000000 +0200
2895 @@ -1 +1,182 @@
2896 -dummy
2897 +/**
2898 + * XMLSec library
2900 + * This is free software; see Copyright file in the source
2901 + * distribution for preciese wording.
2902 + *
2903 + * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
2904 + *
2905 + * Contributor(s): _____________________________
2906 + *
2907 + */
2908 +#ifndef __XMLSEC_NSS_TOKENS_H__
2909 +#define __XMLSEC_NSS_TOKENS_H__
2911 +#include <string.h>
2913 +#include <nss.h>
2914 +#include <pk11func.h>
2916 +#include <xmlsec/xmlsec.h>
2917 +#include <xmlsec/list.h>
2919 +#ifdef __cplusplus
2920 +extern "C" {
2921 +#endif /* __cplusplus */
2923 +/**
2924 + * xmlSecNssKeySlotListId
2926 + * The crypto mechanism list klass
2927 + */
2928 +#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
2929 +XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
2931 +/*******************************************
2932 + * KeySlot interfaces
2933 + *******************************************/
2934 +/**
2935 + * Internal NSS key slot data
2936 + * @mechanismList: the mechanisms that the slot bound with.
2937 + * @slot: the pkcs slot
2939 + * This context is located after xmlSecPtrList
2940 + */
2941 +typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
2942 +typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
2944 +struct _xmlSecNssKeySlot {
2945 + CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
2946 + PK11SlotInfo* slot ;
2947 +} ;
2949 +XMLSEC_CRYPTO_EXPORT int
2950 +xmlSecNssKeySlotSetMechList(
2951 + xmlSecNssKeySlotPtr keySlot ,
2952 + CK_MECHANISM_TYPE_PTR mechanismList
2953 +) ;
2955 +XMLSEC_CRYPTO_EXPORT int
2956 +xmlSecNssKeySlotEnableMech(
2957 + xmlSecNssKeySlotPtr keySlot ,
2958 + CK_MECHANISM_TYPE mechanism
2959 +) ;
2961 +XMLSEC_CRYPTO_EXPORT int
2962 +xmlSecNssKeySlotDisableMech(
2963 + xmlSecNssKeySlotPtr keySlot ,
2964 + CK_MECHANISM_TYPE mechanism
2965 +) ;
2967 +XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
2968 +xmlSecNssKeySlotGetMechList(
2969 + xmlSecNssKeySlotPtr keySlot
2970 +) ;
2972 +XMLSEC_CRYPTO_EXPORT int
2973 +xmlSecNssKeySlotSetSlot(
2974 + xmlSecNssKeySlotPtr keySlot ,
2975 + PK11SlotInfo* slot
2976 +) ;
2978 +XMLSEC_CRYPTO_EXPORT int
2979 +xmlSecNssKeySlotInitialize(
2980 + xmlSecNssKeySlotPtr keySlot ,
2981 + PK11SlotInfo* slot
2982 +) ;
2984 +XMLSEC_CRYPTO_EXPORT void
2985 +xmlSecNssKeySlotFinalize(
2986 + xmlSecNssKeySlotPtr keySlot
2987 +) ;
2989 +XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
2990 +xmlSecNssKeySlotGetSlot(
2991 + xmlSecNssKeySlotPtr keySlot
2992 +) ;
2994 +XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
2995 +xmlSecNssKeySlotCreate() ;
2997 +XMLSEC_CRYPTO_EXPORT int
2998 +xmlSecNssKeySlotCopy(
2999 + xmlSecNssKeySlotPtr newKeySlot ,
3000 + xmlSecNssKeySlotPtr keySlot
3001 +) ;
3003 +XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
3004 +xmlSecNssKeySlotDuplicate(
3005 + xmlSecNssKeySlotPtr keySlot
3006 +) ;
3008 +XMLSEC_CRYPTO_EXPORT void
3009 +xmlSecNssKeySlotDestroy(
3010 + xmlSecNssKeySlotPtr keySlot
3011 +) ;
3013 +XMLSEC_CRYPTO_EXPORT int
3014 +xmlSecNssKeySlotBindMech(
3015 + xmlSecNssKeySlotPtr keySlot ,
3016 + CK_MECHANISM_TYPE type
3017 +) ;
3019 +XMLSEC_CRYPTO_EXPORT int
3020 +xmlSecNssKeySlotSupportMech(
3021 + xmlSecNssKeySlotPtr keySlot ,
3022 + CK_MECHANISM_TYPE type
3023 +) ;
3026 +/************************************************************************
3027 + * PKCS#11 crypto token interfaces
3029 + * A PKCS#11 slot repository will be defined internally. From the
3030 + * repository, a user can specify a particular slot for a certain crypto
3031 + * mechanism.
3033 + * In some situation, some cryptographic operation should act in a user
3034 + * designated devices. The interfaces defined here provide the way. If
3035 + * the user do not initialize the repository distinctly, the interfaces
3036 + * use the default functions provided by NSS itself.
3038 + ************************************************************************/
3039 +/**
3040 + * Initialize NSS pkcs#11 slot repository
3042 + * Returns 0 if success or -1 if an error occurs.
3043 + */
3044 +XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
3046 +/**
3047 + * Shutdown and destroy NSS pkcs#11 slot repository
3048 + */
3049 +XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
3051 +/**
3052 + * Get PKCS#11 slot handler
3053 + * @type the mechanism that the slot must support.
3055 + * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
3057 + * Notes: The returned handler must be destroied distinctly.
3058 + */
3059 +XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
3061 +/**
3062 + * Adopt a pkcs#11 slot with a mechanism into the repository
3063 + * @slot: the pkcs#11 slot.
3064 + * @mech: the mechanism.
3066 + * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
3067 + * this mechanism only can perform on the @slot.
3068 + *
3069 + * Returns 0 if success or -1 if an error occurs.
3070 + */
3071 +XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
3073 +#ifdef __cplusplus
3075 +#endif /* __cplusplus */
3077 +#endif /* __XMLSEC_NSS_TOKENS_H__ */
3079 --- misc/xmlsec1-1.2.6/libxml2-config 2008-06-29 23:44:40.000000000 +0200
3080 +++ misc/build/xmlsec1-1.2.6/libxml2-config 2008-06-29 23:44:19.000000000 +0200
3081 @@ -1 +1,48 @@
3082 -dummy
3083 +#! /bin/sh
3085 +if test "$SYSTEM_LIBXML" = "YES"
3086 +then xml2-config "$@"; exit 0
3089 +prefix=${SOLARVERSION}/${INPATH}
3090 +includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external
3091 +libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}
3093 +while test $# -gt 0; do
3094 + case "$1" in
3095 + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
3096 + *) optarg= ;;
3097 + esac
3099 + case "$1" in
3100 + --prefix=*)
3101 + prefix=$optarg
3102 + includedir=$prefix/include
3103 + libdir=$prefix/lib
3104 + ;;
3106 + --prefix)
3107 + echo $prefix
3108 + ;;
3110 + --version)
3111 + echo 2.5.4
3112 + exit 0
3113 + ;;
3115 + --cflags)
3116 + echo -I${includedir}
3117 + ;;
3119 + --libs)
3120 + echo -L${libdir} ${LIBXML2LIB} ${ZLIB3RDLIB} -lm
3121 + ;;
3123 + *)
3124 + exit 1
3125 + ;;
3126 + esac
3127 + shift
3128 +done
3130 +exit 0
3131 --- misc/xmlsec1-1.2.6/ltmain.sh 2004-08-26 08:00:15.000000000 +0200
3132 +++ misc/build/xmlsec1-1.2.6/ltmain.sh 2008-06-29 23:44:19.000000000 +0200
3133 @@ -1661,6 +1661,11 @@
3137 + *.lib)
3138 + deplibs="$deplibs $arg"
3139 + continue
3140 + ;;
3142 *.$libext)
3143 # An archive.
3144 deplibs="$deplibs $arg"
3145 @@ -1974,6 +1979,10 @@
3146 continue
3148 *.la) lib="$deplib" ;;
3149 + *.lib)
3150 + deplibs="$deplib $deplibs"
3151 + continue
3152 + ;;
3153 *.$libext)
3154 if test "$pass" = conv; then
3155 deplibs="$deplib $deplibs"
3156 @@ -2994,13 +3003,13 @@
3159 freebsd-aout)
3160 - major=".$current"
3161 - versuffix=".$current.$revision";
3162 + major=.`expr $current - $age`
3163 + versuffix="$major.$age.$revision"
3166 freebsd-elf)
3167 - major=".$current"
3168 - versuffix=".$current";
3169 + major=.`expr $current - $age`
3170 + versuffix="$major.$age.$revision"
3173 irix | nonstopux)
3174 @@ -3564,7 +3573,8 @@
3176 else
3177 eval flag=\"$hardcode_libdir_flag_spec\"
3178 - dep_rpath="$dep_rpath $flag"
3179 +# what the ...
3180 +# dep_rpath="$dep_rpath $flag"
3182 elif test -n "$runpath_var"; then
3183 case "$perm_rpath " in
3184 --- misc/xmlsec1-1.2.6/src/bn.c 2004-06-21 20:33:27.000000000 +0200
3185 +++ misc/build/xmlsec1-1.2.6/src/bn.c 2008-06-29 23:44:19.000000000 +0200
3186 @@ -170,8 +170,10 @@
3188 int
3189 xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
3190 - xmlSecSize i, len;
3191 + xmlSecSize i, len, size;
3192 xmlSecByte ch;
3193 + xmlSecByte* data;
3194 + int positive;
3195 int nn;
3196 int ret;
3198 @@ -183,7 +185,7 @@
3199 /* trivial case */
3200 len = xmlStrlen(str);
3201 if(len == 0) {
3202 - return(0);
3203 + return(0);
3206 /* The result size could not exceed the input string length
3207 @@ -191,54 +193,131 @@
3208 * In truth, it would be likely less than 1/2 input string length
3209 * because each byte is represented by 2 chars. If needed,
3210 * buffer size would be increased by Mul/Add functions.
3211 + * Finally, we can add one byte for 00 or 10 prefix.
3213 - ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1);
3214 + ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1);
3215 if(ret < 0) {
3216 - xmlSecError(XMLSEC_ERRORS_HERE,
3217 - NULL,
3218 - "xmlSecBnRevLookupTable",
3219 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
3220 - "size=%d", len / 2 + 1);
3221 - return (-1);
3222 + xmlSecError(XMLSEC_ERRORS_HERE,
3223 + NULL,
3224 + "xmlSecBnRevLookupTable",
3225 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3226 + "size=%d", len / 2 + 1);
3227 + return (-1);
3230 + /* figure out if it is positive or negative number */
3231 + positive = 1;
3232 + i = 0;
3233 + while(i < len) {
3234 + ch = str[i++];
3236 + /* skip spaces */
3237 + if(isspace(ch)) {
3238 + continue;
3239 + }
3241 + /* check if it is + or - */
3242 + if(ch == '+') {
3243 + positive = 1;
3244 + break;
3245 + } else if(ch == '-') {
3246 + positive = 0;
3247 + break;
3250 + /* otherwise, it must be start of the number */
3251 + nn = xmlSecBnLookupTable[ch];
3252 + if((nn >= 0) && ((xmlSecSize)nn < base)) {
3253 + xmlSecAssert2(i > 0, -1);
3255 + /* no sign, positive by default */
3256 + positive = 1;
3257 + --i; /* make sure that we will look at this character in next loop */
3258 + break;
3259 + } else {
3260 + xmlSecError(XMLSEC_ERRORS_HERE,
3261 + NULL,
3262 + NULL,
3263 + XMLSEC_ERRORS_R_INVALID_DATA,
3264 + "char=%c;base=%d",
3265 + ch, base);
3266 + return (-1);
3270 + /* now parse the number itself */
3271 + while(i < len) {
3272 + ch = str[i++];
3273 + if(isspace(ch)) {
3274 + continue;
3277 + xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
3278 + nn = xmlSecBnLookupTable[ch];
3279 + if((nn < 0) || ((xmlSecSize)nn > base)) {
3280 + xmlSecError(XMLSEC_ERRORS_HERE,
3281 + NULL,
3282 + NULL,
3283 + XMLSEC_ERRORS_R_INVALID_DATA,
3284 + "char=%c;base=%d",
3285 + ch, base);
3286 + return (-1);
3289 + ret = xmlSecBnMul(bn, base);
3290 + if(ret < 0) {
3291 + xmlSecError(XMLSEC_ERRORS_HERE,
3292 + NULL,
3293 + "xmlSecBnMul",
3294 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3295 + "base=%d", base);
3296 + return (-1);
3299 + ret = xmlSecBnAdd(bn, nn);
3300 + if(ret < 0) {
3301 + xmlSecError(XMLSEC_ERRORS_HERE,
3302 + NULL,
3303 + "xmlSecBnAdd",
3304 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3305 + "base=%d", base);
3306 + return (-1);
3310 - for(i = 0; i < len; i++) {
3311 - ch = str[i];
3312 - if(isspace(ch)) {
3313 - continue;
3316 - xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
3317 - nn = xmlSecBnLookupTable[ch];
3318 - if((nn < 0) || ((xmlSecSize)nn > base)) {
3319 - xmlSecError(XMLSEC_ERRORS_HERE,
3320 - NULL,
3321 - NULL,
3322 - XMLSEC_ERRORS_R_INVALID_DATA,
3323 - "char=%c;base=%d",
3324 - ch, base);
3325 - return (-1);
3328 - ret = xmlSecBnMul(bn, base);
3329 - if(ret < 0) {
3330 - xmlSecError(XMLSEC_ERRORS_HERE,
3331 - NULL,
3332 - "xmlSecBnMul",
3333 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
3334 - "base=%d", base);
3335 - return (-1);
3338 - ret = xmlSecBnAdd(bn, nn);
3339 - if(ret < 0) {
3340 - xmlSecError(XMLSEC_ERRORS_HERE,
3341 - NULL,
3342 - "xmlSecBnAdd",
3343 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
3344 - "base=%d", base);
3345 - return (-1);
3346 - }
3347 + /* check if we need to add 00 prefix */
3348 + data = xmlSecBufferGetData(bn);
3349 + size = xmlSecBufferGetSize(bn);
3350 + if((size > 0 && data[0] > 127)||(size==0)) {
3351 + ch = 0;
3352 + ret = xmlSecBufferPrepend(bn, &ch, 1);
3353 + if(ret < 0) {
3354 + xmlSecError(XMLSEC_ERRORS_HERE,
3355 + NULL,
3356 + "xmlSecBufferPrepend",
3357 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3358 + "base=%d", base);
3359 + return (-1);
3363 + /* do 2's compliment and add 1 to represent negative value */
3364 + if(positive == 0) {
3365 + data = xmlSecBufferGetData(bn);
3366 + size = xmlSecBufferGetSize(bn);
3367 + for(i = 0; i < size; ++i) {
3368 + data[i] ^= 0xFF;
3371 + ret = xmlSecBnAdd(bn, 1);
3372 + if(ret < 0) {
3373 + xmlSecError(XMLSEC_ERRORS_HERE,
3374 + NULL,
3375 + "xmlSecBnAdd",
3376 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3377 + "base=%d", base);
3378 + return (-1);
3382 return(0);
3383 @@ -256,8 +335,12 @@
3385 xmlChar*
3386 xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
3387 + xmlSecBn bn2;
3388 + int positive = 1;
3389 xmlChar* res;
3390 - xmlSecSize i, len;
3391 + xmlSecSize i, len, size;
3392 + xmlSecByte* data;
3393 + int ret;
3394 int nn;
3395 xmlChar ch;
3397 @@ -265,35 +348,86 @@
3398 xmlSecAssert2(base > 1, NULL);
3399 xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL);
3402 + /* copy bn */
3403 + data = xmlSecBufferGetData(bn);
3404 + size = xmlSecBufferGetSize(bn);
3405 + ret = xmlSecBnInitialize(&bn2, size);
3406 + if(ret < 0) {
3407 + xmlSecError(XMLSEC_ERRORS_HERE,
3408 + NULL,
3409 + "xmlSecBnCreate",
3410 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3411 + "size=%d", size);
3412 + return (NULL);
3415 + ret = xmlSecBnSetData(&bn2, data, size);
3416 + if(ret < 0) {
3417 + xmlSecError(XMLSEC_ERRORS_HERE,
3418 + NULL,
3419 + "xmlSecBnSetData",
3420 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3421 + "size=%d", size);
3422 + xmlSecBnFinalize(&bn2);
3423 + return (NULL);
3426 + /* check if it is a negative number or not */
3427 + data = xmlSecBufferGetData(&bn2);
3428 + size = xmlSecBufferGetSize(&bn2);
3429 + if((size > 0) && (data[0] > 127)) {
3430 + /* subtract 1 and do 2's compliment */
3431 + ret = xmlSecBnAdd(&bn2, -1);
3432 + if(ret < 0) {
3433 + xmlSecError(XMLSEC_ERRORS_HERE,
3434 + NULL,
3435 + "xmlSecBnAdd",
3436 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3437 + "size=%d", size);
3438 + xmlSecBnFinalize(&bn2);
3439 + return (NULL);
3441 + for(i = 0; i < size; ++i) {
3442 + data[i] ^= 0xFF;
3445 + positive = 0;
3446 + } else {
3447 + positive = 1;
3450 /* Result string len is
3451 * len = log base (256) * <bn size>
3452 * Since the smallest base == 2 then we can get away with
3453 * len = 8 * <bn size>
3455 - len = 8 * xmlSecBufferGetSize(bn) + 1;
3456 + len = 8 * size + 1 + 1;
3457 res = (xmlChar*)xmlMalloc(len + 1);
3458 if(res == NULL) {
3459 - xmlSecError(XMLSEC_ERRORS_HERE,
3460 - NULL,
3461 - NULL,
3462 - XMLSEC_ERRORS_R_MALLOC_FAILED,
3463 - "len=%d", len);
3464 - return (NULL);
3465 + xmlSecError(XMLSEC_ERRORS_HERE,
3466 + NULL,
3467 + NULL,
3468 + XMLSEC_ERRORS_R_MALLOC_FAILED,
3469 + "len=%d", len);
3470 + xmlSecBnFinalize(&bn2);
3471 + return (NULL);
3473 memset(res, 0, len + 1);
3475 - for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) {
3476 - if(xmlSecBnDiv(bn, base, &nn) < 0) {
3477 - xmlSecError(XMLSEC_ERRORS_HERE,
3478 - NULL,
3479 - "xmlSecBnDiv",
3480 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
3481 - "base=%d", base);
3482 - xmlFree(res);
3483 - return (NULL);
3485 - xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
3486 - res[i] = xmlSecBnRevLookupTable[nn];
3487 + for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) {
3488 + if(xmlSecBnDiv(&bn2, base, &nn) < 0) {
3489 + xmlSecError(XMLSEC_ERRORS_HERE,
3490 + NULL,
3491 + "xmlSecBnDiv",
3492 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3493 + "base=%d", base);
3494 + xmlFree(res);
3495 + xmlSecBnFinalize(&bn2);
3496 + return (NULL);
3498 + xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
3499 + res[i] = xmlSecBnRevLookupTable[nn];
3501 xmlSecAssert2(i < len, NULL);
3503 @@ -301,13 +435,20 @@
3504 for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
3505 res[len] = '\0';
3507 + /* add "-" for negative numbers */
3508 + if(positive == 0) {
3509 + res[len] = '-';
3510 + res[++len] = '\0';
3513 /* swap the string because we wrote it in reverse order */
3514 for(i = 0; i < len / 2; i++) {
3515 - ch = res[i];
3516 - res[i] = res[len - i - 1];
3517 - res[len - i - 1] = ch;
3518 + ch = res[i];
3519 + res[i] = res[len - i - 1];
3520 + res[len - i - 1] = ch;
3523 + xmlSecBnFinalize(&bn2);
3524 return(res);
3527 @@ -392,7 +533,9 @@
3530 data = xmlSecBufferGetData(bn);
3531 - for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) {
3532 + i = xmlSecBufferGetSize(bn);
3533 + over = 0;
3534 + while(i > 0) {
3535 xmlSecAssert2(data != NULL, -1);
3537 over = over + multiplier * data[--i];
3538 @@ -487,43 +630,57 @@
3540 int
3541 xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
3542 - int over;
3543 + int over, tmp;
3544 xmlSecByte* data;
3545 xmlSecSize i;
3546 xmlSecByte ch;
3547 int ret;
3549 xmlSecAssert2(bn != NULL, -1);
3550 - xmlSecAssert2(delta >= 0, -1);
3552 if(delta == 0) {
3553 - return(0);
3554 + return(0);
3557 data = xmlSecBufferGetData(bn);
3558 - for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) {
3559 - xmlSecAssert2(data != NULL, -1);
3560 + if(delta > 0) {
3561 + for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) {
3562 + xmlSecAssert2(data != NULL, -1);
3564 - over += data[--i];
3565 - data[i] = over % 256;
3566 - over = over / 256;
3568 + tmp = data[--i];
3569 + over += tmp;
3570 + data[i] = over % 256;
3571 + over = over / 256;
3574 - while(over > 0) {
3575 - ch = over % 256;
3576 - over = over / 256;
3577 + while(over > 0) {
3578 + ch = over % 256;
3579 + over = over / 256;
3581 - ret = xmlSecBufferPrepend(bn, &ch, 1);
3582 - if(ret < 0) {
3583 - xmlSecError(XMLSEC_ERRORS_HERE,
3584 - NULL,
3585 - "xmlSecBufferPrepend",
3586 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
3587 - "size=1");
3588 - return (-1);
3590 + ret = xmlSecBufferPrepend(bn, &ch, 1);
3591 + if(ret < 0) {
3592 + xmlSecError(XMLSEC_ERRORS_HERE,
3593 + NULL,
3594 + "xmlSecBufferPrepend",
3595 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3596 + "size=1");
3597 + return (-1);
3600 + } else {
3601 + for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) {
3602 + xmlSecAssert2(data != NULL, -1);
3604 + tmp = data[--i];
3605 + if(tmp < over) {
3606 + data[i] = 0;
3607 + over = (over - tmp) / 256;
3608 + } else {
3609 + data[i] = tmp - over;
3610 + over = 0;
3615 return(0);
3618 @@ -787,7 +944,7 @@
3621 if(addLineBreaks) {
3622 - xmlNodeAddContent(cur, BAD_CAST "\n");
3623 + xmlNodeAddContent(cur, xmlSecStringCR);
3626 switch(format) {
3627 @@ -833,7 +990,7 @@
3630 if(addLineBreaks) {
3631 - xmlNodeAddContent(cur, BAD_CAST "\n");
3632 + xmlNodeAddContent(cur, xmlSecStringCR);
3635 return(0);
3636 --- misc/xmlsec1-1.2.6/src/dl.c 2003-10-29 16:57:20.000000000 +0100
3637 +++ misc/build/xmlsec1-1.2.6/src/dl.c 2008-06-29 23:44:19.000000000 +0200
3638 @@ -329,6 +329,10 @@
3639 xmlSecCryptoDLInit(void) {
3640 int ret;
3642 + /* use xmlMalloc/xmlFree */
3643 + xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc;
3644 + xmlsec_lt_dlfree = xmlSecCryptoDLFree;
3646 ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass());
3647 if(ret < 0) {
3648 xmlSecError(XMLSEC_ERRORS_HERE,
3649 @@ -350,9 +354,6 @@
3651 /* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */
3653 - /* use xmlMalloc/xmlFree */
3654 - xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc;
3655 - xmlsec_lt_dlfree = xmlSecCryptoDLFree;
3656 return(0);
3659 --- misc/xmlsec1-1.2.6/src/mscrypto/Makefile.in 2008-06-29 23:44:40.000000000 +0200
3660 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/Makefile.in 2008-06-29 23:44:19.000000000 +0200
3661 @@ -1 +1,178 @@
3662 -dummy
3663 +# Makefile.in generated by automake 1.8.3 from Makefile.am.
3664 +# @configure_input@
3666 +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
3667 +# 2003, 2004 Free Software Foundation, Inc.
3668 +# This Makefile.in is free software; the Free Software Foundation
3669 +# gives unlimited permission to copy and/or distribute it,
3670 +# with or without modifications, as long as this notice is preserved.
3672 +# This program is distributed in the hope that it will be useful,
3673 +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
3674 +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
3675 +# PARTICULAR PURPOSE.
3677 +@SET_MAKE@
3679 +srcdir = @srcdir@
3680 +top_srcdir = @top_srcdir@
3681 +top_builddir = ../..
3682 +LTLIBRARIES = $(lib_LTLIBRARIES)
3683 +am__DEPENDENCIES_1 =
3684 +libxmlsec1_mscrypto_la_DEPENDENCIES = ../libxmlsec1.la \
3685 + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
3686 + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
3687 +am__objects_1 =
3688 +am_libxmlsec1_mscrypto_la_OBJECTS = akmngr.lo app.lo certkeys.lo ciphers.lo crypto.lo \
3689 + digests.lo keysstore.lo kt_rsa.lo signatures.lo symkeys.lo \
3690 + x509.lo x509vfy.lo $(am__objects_1)
3691 +libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS)
3692 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
3693 +depcomp = $(SHELL) $(top_srcdir)/depcomp
3694 +@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/certkeys.Plo \
3695 +@AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \
3696 +@AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/keysstore.Plo \
3697 +@AMDEP_TRUE@ ./$(DEPDIR)/kt_rsa.Plo ./$(DEPDIR)/signatures.Plo \
3698 +@AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \
3699 +@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo
3700 +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
3701 + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
3702 +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
3703 + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
3704 + $(AM_CFLAGS) $(CFLAGS)
3705 +CCLD = $(CC)
3706 +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
3707 + $(AM_LDFLAGS) $(LDFLAGS) -o $@
3708 +CC = @CC@
3709 +CCDEPMODE = @CCDEPMODE@
3710 +CFLAGS = @CFLAGS@
3711 +CPPFLAGS = @CPPFLAGS@
3712 +CYGPATH_W = @CYGPATH_W@
3713 +DEFS = @DEFS@
3714 +DEPDIR = @DEPDIR@
3715 +LDFLAGS = @LDFLAGS@
3716 +LIBS = @LIBS@
3717 +LIBTOOL = @LIBTOOL@
3718 +LIBXML_CFLAGS = @LIBXML_CFLAGS@
3719 +LIBXML_LIBS = @LIBXML_LIBS@
3720 +MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
3721 +MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
3722 +OBJEXT = @OBJEXT@
3723 +SHELL = @SHELL@
3724 +XMLSEC_DEFINES = @XMLSEC_DEFINES@
3725 +exec_prefix = @exec_prefix@
3726 +libdir = @libdir@
3727 +prefix = @prefix@
3728 +NULL =
3730 +INCLUDES = \
3731 + -DPACKAGE=\"@PACKAGE@\" \
3732 + -I$(top_srcdir) \
3733 + -I$(top_srcdir)/include \
3734 + $(XMLSEC_DEFINES) \
3735 + $(MSCRYPTO_CFLAGS) \
3736 + $(LIBXSLT_CFLAGS) \
3737 + $(LIBXML_CFLAGS) \
3738 + $(NULL)
3740 +lib_LTLIBRARIES = \
3741 + libxmlsec1-mscrypto.la \
3742 + $(NULL)
3744 +libxmlsec1_mscrypto_la_LIBADD = \
3745 + ../libxmlsec1.la \
3746 + $(MSCRYPTO_LIBS) \
3747 + $(LIBXSLT_LIBS) \
3748 + $(LIBXML_LIBS) \
3749 + $(NULL)
3751 +libxmlsec1_mscrypto_la_LDFLAGS = \
3752 + -version-info @XMLSEC_VERSION_INFO@ \
3753 + $(NULL)
3755 +all: all-am
3757 +.SUFFIXES:
3758 +.SUFFIXES: .c .lo .o .obj
3760 +clean-libLTLIBRARIES:
3761 + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
3762 + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
3763 + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
3764 + test "$$dir" = "$$p" && dir=.; \
3765 + echo "rm -f \"$${dir}/so_locations\""; \
3766 + rm -f "$${dir}/so_locations"; \
3767 + done
3768 +libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES)
3769 + $(LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_LDFLAGS) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS)
3771 +mostlyclean-compile:
3772 + -rm -f *.$(OBJEXT)
3774 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@
3775 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@
3776 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certkeys.Plo@am__quote@
3777 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@
3778 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Plo@am__quote@
3779 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@
3780 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@
3781 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@
3782 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
3783 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
3784 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@
3785 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509vfy.Plo@am__quote@
3787 +.c.o:
3788 +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
3789 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
3790 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
3791 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@
3792 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
3793 +@am__fastdepCC_FALSE@ $(COMPILE) -c $<
3795 +.c.obj:
3796 +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
3797 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
3798 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
3799 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@
3800 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
3801 +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
3803 +.c.lo:
3804 +@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
3805 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
3806 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
3807 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' @AMDEPBACKSLASH@
3808 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
3809 +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
3811 +mostlyclean-libtool:
3812 + -rm -f *.lo
3814 +clean-libtool:
3815 + -rm -rf .libs _libs
3817 +all-am: Makefile $(LTLIBRARIES)
3819 +mostlyclean-generic:
3821 +clean-generic:
3823 +clean: clean-am
3825 +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
3826 + mostlyclean-am
3828 +mostlyclean: mostlyclean-am
3830 +mostlyclean-am: mostlyclean-compile mostlyclean-generic \
3831 + mostlyclean-libtool
3833 +.PHONY: all all-am clean clean-generic \
3834 + clean-libLTLIBRARIES clean-libtool \
3835 + maintainer-clean-generic mostlyclean mostlyclean-compile \
3836 + mostlyclean-generic mostlyclean-libtool
3838 +# Tell versions [3.59,3.63) of GNU make to not export all variables.
3839 +# Otherwise a system limit (for SysV at least) may be exceeded.
3840 +.NOEXPORT:
3841 --- misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2008-06-29 23:44:39.000000000 +0200
3842 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2008-06-29 23:44:19.000000000 +0200
3843 @@ -1 +1,235 @@
3844 -dummy
3845 +/**
3846 + * XMLSec library
3848 + * This is free software; see Copyright file in the source
3849 + * distribution for preciese wording.
3850 + *
3851 + * Copyright.........................
3852 + */
3853 +#include "globals.h"
3855 +#include <xmlsec/xmlsec.h>
3856 +#include <xmlsec/keys.h>
3857 +#include <xmlsec/transforms.h>
3858 +#include <xmlsec/errors.h>
3860 +#include <xmlsec/mscrypto/crypto.h>
3861 +#include <xmlsec/mscrypto/keysstore.h>
3862 +#include <xmlsec/mscrypto/akmngr.h>
3863 +#include <xmlsec/mscrypto/x509.h>
3865 +/**
3866 + * xmlSecMSCryptoAppliedKeysMngrCreate:
3867 + * @hKeyStore: the pointer to key store.
3868 + * @hCertStore: the pointer to certificate database.
3870 + * Create and load key store and certificate database into keys manager
3872 + * Returns keys manager pointer on success or NULL otherwise.
3873 + */
3874 +xmlSecKeysMngrPtr
3875 +xmlSecMSCryptoAppliedKeysMngrCreate(
3876 + HCERTSTORE hKeyStore ,
3877 + HCERTSTORE hCertStore
3878 +) {
3879 + xmlSecKeyDataStorePtr certStore = NULL ;
3880 + xmlSecKeysMngrPtr keyMngr = NULL ;
3881 + xmlSecKeyStorePtr keyStore = NULL ;
3883 + keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
3884 + if( keyStore == NULL ) {
3885 + xmlSecError( XMLSEC_ERRORS_HERE ,
3886 + NULL ,
3887 + "xmlSecKeyStoreCreate" ,
3888 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3889 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3890 + return NULL ;
3893 + /*-
3894 + * At present, MS Crypto engine do not provide a way to setup a key store.
3895 + */
3896 + if( keyStore != NULL ) {
3897 + /*TODO: binding key store.*/
3900 + keyMngr = xmlSecKeysMngrCreate() ;
3901 + if( keyMngr == NULL ) {
3902 + xmlSecError( XMLSEC_ERRORS_HERE ,
3903 + NULL ,
3904 + "xmlSecKeysMngrCreate" ,
3905 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3906 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3908 + xmlSecKeyStoreDestroy( keyStore ) ;
3909 + return NULL ;
3912 + /*-
3913 + * Add key store to manager, from now on keys manager destroys the store if
3914 + * needed
3915 + */
3916 + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
3917 + xmlSecError( XMLSEC_ERRORS_HERE ,
3918 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
3919 + "xmlSecKeysMngrAdoptKeyStore" ,
3920 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3921 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3923 + xmlSecKeyStoreDestroy( keyStore ) ;
3924 + xmlSecKeysMngrDestroy( keyMngr ) ;
3925 + return NULL ;
3928 + /*-
3929 + * Initialize crypto library specific data in keys manager
3930 + */
3931 + if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
3932 + xmlSecError( XMLSEC_ERRORS_HERE ,
3933 + NULL ,
3934 + "xmlSecMSCryptoKeysMngrInit" ,
3935 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3936 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3938 + xmlSecKeysMngrDestroy( keyMngr ) ;
3939 + return NULL ;
3942 + /*-
3943 + * Set certificate databse to X509 key data store
3944 + */
3945 + /*-
3946 + * At present, MS Crypto engine do not provide a way to setup a cert store.
3947 + */
3949 + /*-
3950 + * Set the getKey callback
3951 + */
3952 + keyMngr->getKey = xmlSecKeysMngrGetKey ;
3954 + return keyMngr ;
3957 +int
3958 +xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
3959 + xmlSecKeysMngrPtr mngr ,
3960 + HCRYPTKEY symKey
3961 +) {
3962 + /*TODO: import the key into keys manager.*/
3963 + return(0) ;
3966 +int
3967 +xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
3968 + xmlSecKeysMngrPtr mngr ,
3969 + HCRYPTKEY pubKey
3970 +) {
3971 + /*TODO: import the key into keys manager.*/
3972 + return(0) ;
3975 +int
3976 +xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
3977 + xmlSecKeysMngrPtr mngr ,
3978 + HCRYPTKEY priKey
3979 +) {
3980 + /*TODO: import the key into keys manager.*/
3981 + return(0) ;
3984 +int
3985 +xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
3986 + xmlSecKeysMngrPtr mngr ,
3987 + HCERTSTORE keyStore
3988 +) {
3989 + xmlSecKeyDataStorePtr x509Store ;
3991 + xmlSecAssert2( mngr != NULL, -1 ) ;
3992 + xmlSecAssert2( keyStore != NULL, -1 ) ;
3994 + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
3995 + if( x509Store == NULL ) {
3996 + xmlSecError( XMLSEC_ERRORS_HERE ,
3997 + NULL ,
3998 + "xmlSecKeysMngrGetDataStore" ,
3999 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4000 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4001 + return( -1 ) ;
4004 + if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
4005 + xmlSecError( XMLSEC_ERRORS_HERE ,
4006 + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
4007 + "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
4008 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4009 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4010 + return( -1 ) ;
4013 + return( 0 ) ;
4016 +int
4017 +xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
4018 + xmlSecKeysMngrPtr mngr ,
4019 + HCERTSTORE trustedStore
4020 +) {
4021 + xmlSecKeyDataStorePtr x509Store ;
4023 + xmlSecAssert2( mngr != NULL, -1 ) ;
4024 + xmlSecAssert2( trustedStore != NULL, -1 ) ;
4026 + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
4027 + if( x509Store == NULL ) {
4028 + xmlSecError( XMLSEC_ERRORS_HERE ,
4029 + NULL ,
4030 + "xmlSecKeysMngrGetDataStore" ,
4031 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4032 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4033 + return( -1 ) ;
4036 + if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
4037 + xmlSecError( XMLSEC_ERRORS_HERE ,
4038 + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
4039 + "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
4040 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4041 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4042 + return( -1 ) ;
4045 + return( 0 ) ;
4048 +int
4049 +xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
4050 + xmlSecKeysMngrPtr mngr ,
4051 + HCERTSTORE untrustedStore
4052 +) {
4053 + xmlSecKeyDataStorePtr x509Store ;
4055 + xmlSecAssert2( mngr != NULL, -1 ) ;
4056 + xmlSecAssert2( untrustedStore != NULL, -1 ) ;
4058 + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
4059 + if( x509Store == NULL ) {
4060 + xmlSecError( XMLSEC_ERRORS_HERE ,
4061 + NULL ,
4062 + "xmlSecKeysMngrGetDataStore" ,
4063 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4064 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4065 + return( -1 ) ;
4068 + if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
4069 + xmlSecError( XMLSEC_ERRORS_HERE ,
4070 + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
4071 + "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
4072 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4073 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4074 + return( -1 ) ;
4077 + return( 0 ) ;
4080 --- misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2004-03-17 06:06:43.000000000 +0100
4081 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2008-06-29 23:44:19.000000000 +0200
4082 @@ -41,6 +41,7 @@
4083 * a public key from xml document is provided, we need HCRYPTKEY.... The focus
4084 * now is however directed to certificates. Wouter
4086 +/** replaced by a wrapper style for WINNT 4.0
4087 struct _xmlSecMSCryptoKeyDataCtx {
4088 HCRYPTPROV hProv;
4089 BOOL fCallerFreeProv;
4090 @@ -51,6 +52,124 @@
4091 HCRYPTKEY hKey;
4092 xmlSecKeyDataType type;
4095 +/*-
4096 + * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is
4097 + * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support
4098 + * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
4099 + */
4100 +struct _mscrypt_key {
4101 + HCRYPTKEY hKey ;
4102 + int refcnt ;
4103 +} ;
4105 +/*-
4106 + * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is
4107 + * the same as CryptContextAddRef. Because the CryptContextAddRef is not support
4108 + * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
4109 + */
4110 +struct _mscrypt_prov {
4111 + HCRYPTPROV hProv ;
4112 + BOOL freeprov ;
4113 + int refcnt ;
4114 +} ;
4116 +struct _xmlSecMSCryptoKeyDataCtx {
4117 + struct _mscrypt_prov* p_prov ;
4118 + LPCTSTR providerName;
4119 + DWORD providerType;
4120 + PCCERT_CONTEXT pCert;
4121 + DWORD dwKeySpec;
4122 + struct _mscrypt_key* p_key ;
4123 + xmlSecKeyDataType type;
4124 +};
4126 +struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) {
4127 + struct _mscrypt_key* pkey ;
4129 + pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ;
4130 + if( pkey == NULL ) {
4131 + xmlSecError( XMLSEC_ERRORS_HERE,
4132 + "mscrypt_create_key" ,
4133 + NULL ,
4134 + XMLSEC_ERRORS_R_MALLOC_FAILED ,
4135 + XMLSEC_ERRORS_NO_MESSAGE
4136 + ) ;
4139 + pkey->hKey = key ;
4140 + pkey->refcnt = 1 ;
4142 + return pkey ;
4145 +struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) {
4146 + if( key )
4147 + key->refcnt ++ ;
4149 + return key ;
4152 +int mscrypt_release_key( struct _mscrypt_key* key ) {
4153 + if( key ) {
4154 + key->refcnt -- ;
4155 + if( !key->refcnt ) {
4156 + if( key->hKey ) {
4157 + CryptDestroyKey( key->hKey ) ;
4158 + key->hKey = 0 ;
4160 + xmlFree( key ) ;
4161 + } else {
4162 + return key->refcnt ;
4166 + return 0 ;
4169 +struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) {
4170 + struct _mscrypt_prov* pprov ;
4172 + pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ;
4173 + if( pprov == NULL ) {
4174 + xmlSecError( XMLSEC_ERRORS_HERE,
4175 + "mscrypt_create_prov" ,
4176 + NULL ,
4177 + XMLSEC_ERRORS_R_MALLOC_FAILED ,
4178 + XMLSEC_ERRORS_NO_MESSAGE
4179 + ) ;
4182 + pprov->hProv = prov ;
4183 + pprov->freeprov = callerFree ;
4184 + pprov->refcnt = 1 ;
4186 + return pprov ;
4189 +struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) {
4190 + if( prov )
4191 + prov->refcnt ++ ;
4193 + return prov ;
4196 +int mscrypt_release_prov( struct _mscrypt_prov* prov ) {
4197 + if( prov ) {
4198 + prov->refcnt -- ;
4199 + if( !prov->refcnt ) {
4200 + if( prov->hProv && prov->freeprov ) {
4201 + CryptReleaseContext( prov->hProv, 0 ) ;
4202 + prov->hProv = 0 ;
4204 + xmlFree( prov ) ;
4205 + } else {
4206 + return prov->refcnt ;
4210 + return 0 ;
4213 /******************************************************************************
4215 @@ -88,24 +207,20 @@
4216 ctx = xmlSecMSCryptoKeyDataGetCtx(data);
4217 xmlSecAssert2(ctx != NULL, -1);
4219 - if (ctx->hKey != 0) {
4220 - CryptDestroyKey(ctx->hKey);
4221 - ctx->hKey = 0;
4223 + if( ctx->p_key != 0 ) {
4224 + mscrypt_release_key( ctx->p_key ) ;
4226 + ctx->p_key = mscrypt_create_key( 0 ) ;
4228 if(ctx->pCert != NULL) {
4229 CertFreeCertificateContext(ctx->pCert);
4230 ctx->pCert = NULL;
4233 - if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) {
4234 - CryptReleaseContext(ctx->hProv, 0);
4235 - ctx->hProv = 0;
4236 - ctx->fCallerFreeProv = FALSE;
4237 - } else {
4238 - ctx->hProv = 0;
4239 - ctx->fCallerFreeProv = FALSE;
4241 + if( ( ctx->p_prov ) ) {
4242 + mscrypt_release_prov( ctx->p_prov ) ;
4244 + ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ;
4246 ctx->type = type;
4248 @@ -116,9 +231,9 @@
4249 if (!CryptAcquireCertificatePrivateKey(pCert,
4250 CRYPT_ACQUIRE_USE_PROV_INFO_FLAG,
4251 NULL,
4252 - &(ctx->hProv),
4253 + &(ctx->p_prov->hProv),
4254 &(ctx->dwKeySpec),
4255 - &(ctx->fCallerFreeProv))) {
4256 + &(ctx->p_prov->freeprov))) {
4257 xmlSecError(XMLSEC_ERRORS_HERE,
4258 NULL,
4259 "CryptAcquireCertificatePrivateKey",
4260 @@ -127,46 +242,39 @@
4261 return(-1);
4263 } else if((type & xmlSecKeyDataTypePublic) != 0){
4264 - if (!CryptAcquireContext(&(ctx->hProv),
4265 + if (!CryptAcquireContext(&(ctx->p_prov->hProv),
4266 NULL,
4267 - ctx->providerName,
4268 + NULL, /*AF: replaces "ctx->providerName" with "NULL" */
4269 ctx->providerType,
4270 CRYPT_VERIFYCONTEXT)) {
4271 - xmlSecError(XMLSEC_ERRORS_HERE,
4272 - NULL,
4273 - "CryptAcquireContext",
4274 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
4275 - XMLSEC_ERRORS_NO_MESSAGE);
4276 - return(-1);
4278 - ctx->dwKeySpec = 0;
4279 - ctx->fCallerFreeProv = TRUE;
4280 + xmlSecError(XMLSEC_ERRORS_HERE,
4281 + NULL,
4282 + "CryptAcquireContext",
4283 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
4284 + XMLSEC_ERRORS_NO_MESSAGE);
4285 + return(-1);
4287 + ctx->dwKeySpec = 0;
4288 + ctx->p_prov->freeprov = TRUE;
4290 + if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv,
4291 + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
4292 + &(pCert->pCertInfo->SubjectPublicKeyInfo),
4293 + &(ctx->p_key->hKey) ) ) {
4294 + xmlSecError(XMLSEC_ERRORS_HERE,
4295 + NULL,
4296 + "CryptImportPublicKeyInfo",
4297 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
4298 + XMLSEC_ERRORS_NO_MESSAGE);
4299 + return(-1);
4301 } else {
4302 - xmlSecError(XMLSEC_ERRORS_HERE,
4303 + xmlSecError(XMLSEC_ERRORS_HERE,
4304 NULL,
4305 NULL,
4306 XMLSEC_ERRORS_R_XMLSEC_FAILED,
4307 "Unsupported keytype");
4308 - return(-1);
4311 - /* CryptImportPublicKeyInfo is only needed when a real key handle
4312 - * is needed. The key handle is needed for de/encrypting and for
4313 - * verifying of a signature, *not* for signing. We could call
4314 - * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead
4315 - * so no unnessecary calls to CryptImportPublicKeyInfo are being
4316 - * made. WK
4317 - */
4318 - if(!CryptImportPublicKeyInfo(ctx->hProv,
4319 - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
4320 - &(pCert->pCertInfo->SubjectPublicKeyInfo),
4321 - &(ctx->hKey))) {
4322 - xmlSecError(XMLSEC_ERRORS_HERE,
4323 - NULL,
4324 - "CryptImportPublicKeyInfo",
4325 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
4326 - XMLSEC_ERRORS_NO_MESSAGE);
4327 - return(-1);
4328 + return(-1);
4330 ctx->pCert = pCert;
4332 @@ -190,29 +298,26 @@
4333 ctx = xmlSecMSCryptoKeyDataGetCtx(data);
4334 xmlSecAssert2(ctx != NULL, -1);
4336 - if(ctx->hKey != 0) {
4337 - CryptDestroyKey(ctx->hKey);
4338 - ctx->hKey = 0;
4340 + if( ctx->p_key != 0 ) {
4341 + mscrypt_release_key( ctx->p_key ) ;
4342 + ctx->p_key = NULL ;
4345 if(ctx->pCert != NULL) {
4346 CertFreeCertificateContext(ctx->pCert);
4347 ctx->pCert = NULL;
4350 - if((ctx->hProv != 0) && ctx->fCallerFreeProv) {
4351 - CryptReleaseContext(ctx->hProv, 0);
4352 - ctx->hProv = 0;
4353 - ctx->fCallerFreeProv = FALSE;
4354 - } else {
4355 - ctx->hProv = 0;
4356 - ctx->fCallerFreeProv = FALSE;
4358 + if( ( ctx->p_prov ) ) {
4359 + mscrypt_release_prov( ctx->p_prov ) ;
4360 + ctx->p_prov = NULL ;
4361 + } else {
4362 + ctx->p_prov = NULL ;
4365 - ctx->hProv = hProv;
4366 - ctx->fCallerFreeProv = fCallerFreeProv;
4367 + ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ;
4368 ctx->dwKeySpec = dwKeySpec;
4369 - ctx->hKey = hKey;
4370 + ctx->p_key = mscrypt_create_key( hKey ) ;
4371 ctx->type = type;
4373 return(0);
4374 @@ -238,7 +343,7 @@
4375 ctx = xmlSecMSCryptoKeyDataGetCtx(data);
4376 xmlSecAssert2(ctx != NULL, 0);
4378 - return(ctx->hKey);
4379 + return( ctx->p_key ? ctx->p_key->hKey : 0 );
4383 @@ -273,7 +378,7 @@
4384 ctx = xmlSecMSCryptoKeyDataGetCtx(data);
4385 xmlSecAssert2(ctx != NULL, 0);
4387 - return(ctx->hProv);
4388 + return( ctx->p_prov ? ctx->p_prov->hProv : 0 );
4391 DWORD
4392 @@ -316,25 +421,36 @@
4393 XMLSEC_ERRORS_NO_MESSAGE);
4394 return(-1);
4396 - }
4398 - if (ctxSrc->hKey != 0) {
4399 - if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) {
4400 - xmlSecError(XMLSEC_ERRORS_HERE,
4401 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
4402 - "CryptDuplicateKey",
4403 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
4404 - XMLSEC_ERRORS_NO_MESSAGE);
4405 - return(-1);
4408 - if(ctxSrc->hProv != 0) {
4409 - CryptContextAddRef(ctxSrc->hProv, NULL, 0);
4410 - ctxDst->hProv = ctxSrc->hProv;
4411 - ctxDst->fCallerFreeProv = TRUE;
4412 - } else {
4413 - ctxDst->hProv = 0;
4414 - ctxDst->fCallerFreeProv = FALSE;
4416 + if( ctxSrc->p_key ) {
4417 + if( ctxDst->p_key )
4418 + mscrypt_release_key( ctxDst->p_key ) ;
4420 + ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ;
4421 + if( !ctxDst->p_key ) {
4422 + xmlSecError(XMLSEC_ERRORS_HERE,
4423 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
4424 + "mscrypt_acquire_key",
4425 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
4426 + XMLSEC_ERRORS_NO_MESSAGE);
4427 + return(-1);
4431 + if( ctxSrc->p_prov ) {
4432 + if( ctxDst->p_prov )
4433 + mscrypt_release_prov( ctxDst->p_prov ) ;
4435 + ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ;
4436 + if( !ctxDst->p_prov ) {
4437 + xmlSecError(XMLSEC_ERRORS_HERE,
4438 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
4439 + "mscrypt_acquire_prov",
4440 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
4441 + XMLSEC_ERRORS_NO_MESSAGE);
4442 + return(-1);
4446 ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
4447 @@ -355,16 +471,16 @@
4448 ctx = xmlSecMSCryptoKeyDataGetCtx(data);
4449 xmlSecAssert(ctx != NULL);
4451 - if (ctx->hKey != 0) {
4452 - CryptDestroyKey(ctx->hKey);
4453 + if( ctx->p_key ) {
4454 + mscrypt_release_key( ctx->p_key ) ;
4457 if(ctx->pCert != NULL) {
4458 CertFreeCertificateContext(ctx->pCert);
4461 - if ((ctx->hProv != 0) && ctx->fCallerFreeProv) {
4462 - CryptReleaseContext(ctx->hProv, 0);
4463 + if( ctx->p_prov ) {
4464 + mscrypt_release_prov( ctx->p_prov ) ;
4467 memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
4468 @@ -384,14 +500,14 @@
4469 xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0);
4470 return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
4471 &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo)));
4472 - } else if (ctx->hKey != 0) {
4473 + } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) {
4474 DWORD length = 0;
4475 DWORD lenlen = sizeof(DWORD);
4477 - if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
4479 + if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
4480 xmlSecError(XMLSEC_ERRORS_HERE,
4481 NULL,
4482 - "CertDuplicateCertificateContext",
4483 + "CryptGetKeyParam",
4484 XMLSEC_ERRORS_R_CRYPTO_FAILED,
4485 XMLSEC_ERRORS_NO_MESSAGE);
4486 return(0);
4487 @@ -581,7 +697,11 @@
4488 static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output);
4489 static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output);
4491 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4492 +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = {
4493 +#else
4494 static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = {
4495 +#endif
4496 sizeof(xmlSecKeyDataKlass),
4497 xmlSecMSCryptoKeyDataSize,
4499 @@ -938,9 +1058,10 @@
4501 ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
4502 xmlSecAssert2(ctx != NULL, -1);
4503 - xmlSecAssert2(ctx->hKey != 0, -1);
4504 + xmlSecAssert2(ctx->p_key != 0, -1);
4505 + xmlSecAssert2(ctx->p_key->hKey != 0, -1);
4507 - if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
4508 + if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
4509 xmlSecError(XMLSEC_ERRORS_HERE,
4510 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4511 "CryptExportKey",
4512 @@ -960,7 +1081,7 @@
4515 blob = xmlSecBufferGetData(&buf);
4516 - if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
4517 + if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
4518 xmlSecError(XMLSEC_ERRORS_HERE,
4519 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4520 "CryptExportKey",
4521 @@ -1295,7 +1416,11 @@
4522 static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data,
4523 FILE* output);
4525 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4526 +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = {
4527 +#else
4528 static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = {
4529 +#endif
4530 sizeof(xmlSecKeyDataKlass),
4531 xmlSecMSCryptoKeyDataSize,
4533 @@ -1797,9 +1922,10 @@
4535 ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
4536 xmlSecAssert2(ctx != NULL, -1);
4537 - xmlSecAssert2(ctx->hKey != 0, -1);
4538 + xmlSecAssert2(ctx->p_key != 0, -1);
4539 + xmlSecAssert2(ctx->p_key->hKey != 0, -1);
4541 - if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
4542 + if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
4543 xmlSecError(XMLSEC_ERRORS_HERE,
4544 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4545 "CryptExportKey",
4546 @@ -1819,7 +1945,7 @@
4549 blob = xmlSecBufferGetData(&buf);
4550 - if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
4551 + if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
4552 xmlSecError(XMLSEC_ERRORS_HERE,
4553 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4554 "CryptExportKey",
4555 @@ -2010,7 +2136,6 @@
4556 HCRYPTKEY hKey = 0;
4557 DWORD dwKeySpec;
4558 DWORD dwSize;
4559 - int res = -1;
4560 int ret;
4562 xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
4563 @@ -2043,12 +2168,14 @@
4564 dwKeySpec = AT_SIGNATURE;
4565 dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
4566 if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
4567 - xmlSecError(XMLSEC_ERRORS_HERE,
4568 + xmlSecError(XMLSEC_ERRORS_HERE,
4569 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4570 "CryptGenKey",
4571 XMLSEC_ERRORS_R_CRYPTO_FAILED,
4572 XMLSEC_ERRORS_NO_MESSAGE);
4573 - goto done;
4574 + if (hProv != 0)
4575 + CryptReleaseContext(hProv, 0);
4576 + return -1 ;
4579 ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
4580 @@ -2059,24 +2186,17 @@
4581 "xmlSecMSCryptoKeyDataAdoptKey",
4582 XMLSEC_ERRORS_R_XMLSEC_FAILED,
4583 XMLSEC_ERRORS_NO_MESSAGE);
4584 - goto done;
4586 - hProv = 0;
4587 - hKey = 0;
4588 + if( hKey != 0 )
4589 + CryptDestroyKey( hKey ) ;
4590 + if( hProv != 0 )
4591 + CryptReleaseContext( hProv, 0 ) ;
4593 - /* success */
4594 - res = 0;
4596 -done:
4597 - if (hProv != 0) {
4598 - CryptReleaseContext(ctx->hProv, 0);
4599 + return -1 ;
4601 + hProv = 0 ;
4602 + hKey = 0 ;
4604 - if (hKey != 0) {
4605 - CryptDestroyKey(hKey);
4608 - return(res);
4609 + return 0 ;
4612 static xmlSecKeyDataType
4613 --- misc/xmlsec1-1.2.6/src/mscrypto/ciphers.c 2003-09-26 08:12:51.000000000 +0200
4614 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/ciphers.c 2008-06-29 23:44:19.000000000 +0200
4615 @@ -785,7 +785,11 @@
4616 * AES CBC cipher transforms
4618 ********************************************************************/
4619 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4620 +static struct _xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = {
4621 +#else
4622 static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = {
4623 +#endif
4624 /* klass/object sizes */
4625 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
4626 xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
4627 @@ -824,7 +828,11 @@
4628 return(&xmlSecMSCryptoAes128CbcKlass);
4631 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4632 +static struct _xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = {
4633 +#else
4634 static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = {
4635 +#endif
4636 /* klass/object sizes */
4637 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
4638 xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
4639 @@ -863,7 +871,11 @@
4640 return(&xmlSecMSCryptoAes192CbcKlass);
4643 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4644 +static struct _xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = {
4645 +#else
4646 static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = {
4647 +#endif
4648 /* klass/object sizes */
4649 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
4650 xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
4651 @@ -906,7 +918,11 @@
4654 #ifndef XMLSEC_NO_DES
4655 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4656 +static struct _xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = {
4657 +#else
4658 static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = {
4659 +#endif
4660 /* klass/object sizes */
4661 sizeof(xmlSecTransformKlass), /* size_t klassSize */
4662 xmlSecMSCryptoBlockCipherSize, /* size_t objSize */
4663 --- misc/xmlsec1-1.2.6/src/mscrypto/crypto.c 2003-11-12 03:38:51.000000000 +0100
4664 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c 2008-06-29 23:44:19.000000000 +0200
4665 @@ -330,13 +330,15 @@
4666 BYTE*
4667 xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) {
4668 BYTE* str = NULL;
4670 + LPCTSTR ppszError = NULL;
4672 xmlSecAssert2(pszX500 != NULL, NULL);
4673 xmlSecAssert2(len != NULL, NULL);
4675 if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
4676 - NULL, NULL, len, NULL)) {
4677 + NULL, NULL, len, &ppszError)) {
4678 /* this might not be an error, string might just not exist */
4679 + DWORD dw = GetLastError();
4680 return(NULL);
4683 --- misc/xmlsec1-1.2.6/src/mscrypto/digests.c 2003-09-30 04:09:51.000000000 +0200
4684 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/digests.c 2008-06-29 23:44:19.000000000 +0200
4685 @@ -96,12 +96,15 @@
4687 /* TODO: Check what provider is best suited here.... */
4688 if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
4689 - xmlSecError(XMLSEC_ERRORS_HERE,
4690 - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
4691 - NULL,
4692 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
4693 - XMLSEC_ERRORS_NO_MESSAGE);
4694 - return(-1);
4695 + //#i57942# This is also committed in rev 1.4 of this file in the xmlsec project
4696 + if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
4697 + xmlSecError(XMLSEC_ERRORS_HERE,
4698 + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
4699 + NULL,
4700 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
4701 + XMLSEC_ERRORS_NO_MESSAGE);
4703 + return(0);
4706 return(0);
4707 @@ -298,7 +301,11 @@
4708 * SHA1
4710 *****************************************************************************/
4711 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4712 +static struct _xmlSecTransformKlass xmlSecMSCryptoSha1Klass = {
4713 +#else
4714 static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = {
4715 +#endif
4716 /* klass/object sizes */
4717 sizeof(xmlSecTransformKlass), /* size_t klassSize */
4718 xmlSecMSCryptoDigestSize, /* size_t objSize */
4719 --- misc/xmlsec1-1.2.6/src/mscrypto/keysstore.c 2003-09-27 05:12:22.000000000 +0200
4720 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/keysstore.c 2008-06-29 23:44:19.000000000 +0200
4721 @@ -62,7 +62,11 @@
4722 const xmlChar* name,
4723 xmlSecKeyInfoCtxPtr keyInfoCtx);
4725 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4726 +static struct _xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = {
4727 +#else
4728 static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = {
4729 +#endif
4730 sizeof(xmlSecKeyStoreKlass),
4731 xmlSecMSCryptoKeysStoreSize,
4733 --- misc/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c 2003-09-26 22:29:25.000000000 +0200
4734 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/kt_rsa.c 2008-06-29 23:44:19.000000000 +0200
4735 @@ -66,7 +66,11 @@
4736 static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform,
4737 xmlSecTransformCtxPtr transformCtx);
4739 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4740 +static struct _xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
4741 +#else
4742 static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
4743 +#endif
4744 /* klass/object sizes */
4745 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
4746 xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */
4747 --- misc/xmlsec1-1.2.6/src/mscrypto/signatures.c 2003-09-26 22:29:25.000000000 +0200
4748 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/signatures.c 2008-06-29 23:44:19.000000000 +0200
4749 @@ -483,7 +483,11 @@
4750 * RSA-SHA1 signature transform
4752 ***************************************************************************/
4753 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4754 +static struct _xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = {
4755 +#else
4756 static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = {
4757 +#endif
4758 /* klass/object sizes */
4759 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
4760 xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
4761 @@ -531,7 +535,11 @@
4763 ***************************************************************************/
4765 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4766 +static struct _xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = {
4767 +#else
4768 static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = {
4769 +#endif
4770 /* klass/object sizes */
4771 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
4772 xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
4773 --- misc/xmlsec1-1.2.6/src/mscrypto/symkeys.c 2003-09-26 02:58:13.000000000 +0200
4774 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/symkeys.c 2008-06-29 23:44:19.000000000 +0200
4775 @@ -72,7 +72,11 @@
4776 * <xmlsec:AESKeyValue> processing
4778 *************************************************************************/
4779 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4780 +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = {
4781 +#else
4782 static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = {
4783 +#endif
4784 sizeof(xmlSecKeyDataKlass),
4785 xmlSecKeyDataBinarySize,
4787 @@ -153,7 +157,11 @@
4788 * <xmlsec:DESKeyValue> processing
4790 *************************************************************************/
4791 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4792 +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = {
4793 +#else
4794 static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = {
4795 +#endif
4796 sizeof(xmlSecKeyDataKlass),
4797 xmlSecKeyDataBinarySize,
4799 --- misc/xmlsec1-1.2.6/src/mscrypto/x509.c 2003-09-26 02:58:13.000000000 +0200
4800 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c 2008-06-29 23:44:19.000000000 +0200
4801 @@ -240,7 +240,11 @@
4805 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4806 +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = {
4807 +#else
4808 static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = {
4809 +#endif
4810 sizeof(xmlSecKeyDataKlass),
4811 xmlSecMSCryptoX509DataSize,
4813 @@ -1572,6 +1576,7 @@
4814 xmlSecKeyInfoCtxPtr keyInfoCtx) {
4815 xmlSecMSCryptoX509DataCtxPtr ctx;
4816 xmlSecKeyDataStorePtr x509Store;
4817 + PCCERT_CONTEXT pCert ;
4818 int ret;
4820 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
4821 @@ -1610,6 +1615,53 @@
4822 return(-1);
4825 + /*
4826 + * I'll search key according to KeyReq.
4827 + */
4828 + pCert = CertDuplicateCertificateContext( ctx->keyCert ) ;
4829 + if( pCert == NULL ) {
4830 + xmlSecError( XMLSEC_ERRORS_HERE,
4831 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4832 + "CertDuplicateCertificateContext",
4833 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
4834 + XMLSEC_ERRORS_NO_MESSAGE);
4836 + return(-1);
4839 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
4840 + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ;
4841 + if(keyValue == NULL) {
4842 + xmlSecError(XMLSEC_ERRORS_HERE,
4843 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4844 + "xmlSecMSCryptoCertAdopt",
4845 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4846 + XMLSEC_ERRORS_NO_MESSAGE);
4848 + CertFreeCertificateContext( pCert ) ;
4849 + return(-1);
4851 + pCert = NULL ;
4852 + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
4853 + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ;
4854 + if(keyValue == NULL) {
4855 + xmlSecError(XMLSEC_ERRORS_HERE,
4856 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4857 + "xmlSecMSCryptoCertAdopt",
4858 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4859 + XMLSEC_ERRORS_NO_MESSAGE);
4861 + CertFreeCertificateContext( pCert ) ;
4862 + return(-1);
4864 + pCert = NULL ;
4869 + /*-
4870 + * Get Public key from cert, which does not always work for sign action.
4872 keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert);
4873 if(keyValue == NULL) {
4874 xmlSecError(XMLSEC_ERRORS_HERE,
4875 @@ -1619,6 +1671,51 @@
4876 XMLSEC_ERRORS_NO_MESSAGE);
4877 return(-1);
4879 + */
4881 + /*-
4882 + * I'll search key according to KeyReq.
4883 + */
4884 + pCert = CertDuplicateCertificateContext( ctx->keyCert ) ;
4885 + if( pCert == NULL ) {
4886 + xmlSecError( XMLSEC_ERRORS_HERE,
4887 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4888 + "CertDuplicateCertificateContext",
4889 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
4890 + XMLSEC_ERRORS_NO_MESSAGE);
4892 + return(-1);
4895 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
4896 + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ;
4897 + if(keyValue == NULL) {
4898 + xmlSecError(XMLSEC_ERRORS_HERE,
4899 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4900 + "xmlSecMSCryptoCertAdopt",
4901 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4902 + XMLSEC_ERRORS_NO_MESSAGE);
4904 + CertFreeCertificateContext( pCert ) ;
4905 + return(-1);
4907 + pCert = NULL ;
4908 + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
4909 + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ;
4910 + if(keyValue == NULL) {
4911 + xmlSecError(XMLSEC_ERRORS_HERE,
4912 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4913 + "xmlSecMSCryptoCertAdopt",
4914 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4915 + XMLSEC_ERRORS_NO_MESSAGE);
4917 + CertFreeCertificateContext( pCert ) ;
4918 + return(-1);
4920 + pCert = NULL ;
4925 /* verify that the key matches our expectations */
4926 if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
4927 @@ -1882,7 +1979,7 @@
4928 xmlSecAssert2(nm->pbData != NULL, NULL);
4929 xmlSecAssert2(nm->cbData > 0, NULL);
4931 - csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0);
4932 + csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0);
4933 str = (char *)xmlMalloc(csz);
4934 if (NULL == str) {
4935 xmlSecError(XMLSEC_ERRORS_HERE,
4936 @@ -1893,7 +1990,7 @@
4937 return (NULL);
4940 - csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz);
4941 + csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz);
4942 if (csz < 1) {
4943 xmlSecError(XMLSEC_ERRORS_HERE,
4944 NULL,
4945 @@ -1904,17 +2001,37 @@
4946 return(NULL);
4949 - res = xmlStrdup(BAD_CAST str);
4950 - if(res == NULL) {
4951 - xmlSecError(XMLSEC_ERRORS_HERE,
4952 - NULL,
4953 - "xmlStrdup",
4954 - XMLSEC_ERRORS_R_MALLOC_FAILED,
4955 - XMLSEC_ERRORS_NO_MESSAGE);
4956 - xmlFree(str);
4957 - return(NULL);
4958 + /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead.
4959 + * don't ask me how is it possible not to read something you wrote yourself but also
4960 + * see comment in the xmlSecMSCryptoX509FindCert function.
4961 + */
4962 + if(strncmp(str, "E=", 2) == 0) {
4963 + res = xmlMalloc(strlen(str) + 13 + 1);
4964 + if(res == NULL) {
4965 + xmlSecError(XMLSEC_ERRORS_HERE,
4966 + NULL,
4967 + "xmlMalloc",
4968 + XMLSEC_ERRORS_R_MALLOC_FAILED,
4969 + "size=%d",
4970 + strlen(str) + 13 + 1);
4971 + xmlFree(str);
4972 + return(NULL);
4975 + memcpy(res, "emailAddress=", 13);
4976 + strcpy(res + 13, BAD_CAST (str + 2));
4977 + } else {
4978 + res = xmlStrdup(BAD_CAST str);
4979 + if(res == NULL) {
4980 + xmlSecError(XMLSEC_ERRORS_HERE,
4981 + NULL,
4982 + "xmlStrdup",
4983 + XMLSEC_ERRORS_R_MALLOC_FAILED,
4984 + XMLSEC_ERRORS_NO_MESSAGE);
4985 + xmlFree(str);
4986 + return(NULL);
4990 xmlFree(str);
4991 return(res);
4993 @@ -2153,7 +2270,11 @@
4994 xmlSecSize bufSize,
4995 xmlSecKeyInfoCtxPtr keyInfoCtx);
4997 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4998 +static struct _xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = {
4999 +#else
5000 static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = {
5001 +#endif
5002 sizeof(xmlSecKeyDataKlass),
5003 sizeof(xmlSecKeyData),
5005 --- misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2003-09-27 05:12:22.000000000 +0200
5006 +++ misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2008-06-29 23:44:19.000000000 +0200
5007 @@ -70,7 +70,11 @@
5008 static xmlSecByte * xmlSecMSCryptoX509NameRead (xmlSecByte *str,
5009 int len);
5011 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
5012 +static struct _xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = {
5013 +#else
5014 static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = {
5015 +#endif
5016 sizeof(xmlSecKeyDataStoreKlass),
5017 xmlSecMSCryptoX509StoreSize,
5019 @@ -125,6 +129,7 @@
5020 xmlChar *issuerName, xmlChar *issuerSerial,
5021 xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
5022 xmlSecMSCryptoX509StoreCtxPtr ctx;
5023 + PCCERT_CONTEXT pCert ;
5025 xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL);
5026 xmlSecAssert2(keyInfoCtx != NULL, NULL);
5027 @@ -132,10 +137,17 @@
5028 ctx = xmlSecMSCryptoX509StoreGetCtx(store);
5029 xmlSecAssert2(ctx != NULL, NULL);
5030 xmlSecAssert2(ctx->untrusted != NULL, NULL);
5031 + xmlSecAssert2(ctx->trusted != NULL, NULL);
5033 - return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski));
5035 + pCert = NULL ;
5036 + if( ctx->untrusted != NULL )
5037 + pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ;
5039 + if( ctx->trusted != NULL && pCert == NULL )
5040 + pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ;
5042 + return( pCert ) ;
5045 static void
5046 xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) {
5047 @@ -252,17 +264,22 @@
5050 static BOOL
5051 -xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs,
5052 - xmlSecKeyInfoCtx* keyInfoCtx) {
5053 +xmlSecMSCryptoX509StoreConstructCertsChain(
5054 + xmlSecKeyDataStorePtr store ,
5055 + PCCERT_CONTEXT cert ,
5056 + HCERTSTORE certStore ,
5057 + xmlSecKeyInfoCtx* keyInfoCtx
5058 +) {
5059 xmlSecMSCryptoX509StoreCtxPtr ctx;
5060 PCCERT_CONTEXT issuerCert = NULL;
5061 FILETIME fTime;
5062 DWORD flags;
5063 + BOOL selfSigned ;
5065 xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
5066 xmlSecAssert2(cert != NULL, FALSE);
5067 xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
5068 - xmlSecAssert2(certs != NULL, FALSE);
5069 + xmlSecAssert2(certStore != NULL, FALSE);
5070 xmlSecAssert2(keyInfoCtx != NULL, FALSE);
5072 ctx = xmlSecMSCryptoX509StoreGetCtx(store);
5073 @@ -283,60 +300,85 @@
5074 return(FALSE);
5077 - if (!xmlSecMSCryptoCheckRevocation(certs, cert)) {
5078 + if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) {
5079 return(FALSE);
5082 - /* try the untrusted certs in the chain */
5083 - issuerCert = CertFindCertificateInStore(certs,
5084 + /*-
5085 + * Firstly try to find the cert in the trusted cert store. We will trust
5086 + * the certificate in the trusted store.
5087 + */
5088 + issuerCert = CertFindCertificateInStore(ctx->trusted,
5089 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
5091 CERT_FIND_SUBJECT_NAME,
5092 - &(cert->pCertInfo->Issuer),
5093 + &(cert->pCertInfo->Subject),
5094 NULL);
5095 - if(issuerCert == cert) {
5096 - /* self signed cert, forget it */
5097 - CertFreeCertificateContext(issuerCert);
5098 - } else if(issuerCert != NULL) {
5099 - flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
5100 - if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
5101 - xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
5102 - CertFreeCertificateContext(issuerCert);
5103 - return(FALSE);
5105 - if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
5106 - xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
5107 - CertFreeCertificateContext(issuerCert);
5108 - return(FALSE);
5110 - CertFreeCertificateContext(issuerCert);
5111 - return(TRUE);
5112 + if( issuerCert != NULL ) {
5113 + /* We have found the trusted cert, so return true */
5114 + CertFreeCertificateContext( issuerCert ) ;
5115 + return( TRUE ) ;
5118 - /* try the untrusted certs in the store */
5119 - issuerCert = CertFindCertificateInStore(ctx->untrusted,
5120 + /* Check whether the certificate is self signed certificate */
5121 + selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ;
5123 + /* try the untrusted certs in the chain */
5124 + if( !selfSigned ) {
5125 + issuerCert = CertFindCertificateInStore(certStore,
5126 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
5128 CERT_FIND_SUBJECT_NAME,
5129 &(cert->pCertInfo->Issuer),
5130 NULL);
5131 - if(issuerCert == cert) {
5132 - /* self signed cert, forget it */
5133 - CertFreeCertificateContext(issuerCert);
5134 - } else if(issuerCert != NULL) {
5135 - flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
5136 - if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
5137 - xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
5138 - CertFreeCertificateContext(issuerCert);
5139 - return(FALSE);
5141 - if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
5142 - CertFreeCertificateContext(issuerCert);
5143 - return(FALSE);
5144 + if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) {
5145 + /* self signed cert, forget it */
5146 + CertFreeCertificateContext(issuerCert);
5147 + } else if(issuerCert != NULL) {
5148 + flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
5149 + if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
5150 + xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
5151 + CertFreeCertificateContext(issuerCert);
5152 + return(FALSE);
5154 + if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) {
5155 + xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
5156 + CertFreeCertificateContext(issuerCert);
5157 + return(FALSE);
5160 + CertFreeCertificateContext(issuerCert);
5161 + return(TRUE);
5165 + /* try the untrusted certs in the store */
5166 + if( !selfSigned ) {
5167 + issuerCert = CertFindCertificateInStore(ctx->untrusted,
5168 + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
5169 + 0,
5170 + CERT_FIND_SUBJECT_NAME,
5171 + &(cert->pCertInfo->Issuer),
5172 + NULL);
5173 + if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) {
5174 + /* self signed cert, forget it */
5175 + CertFreeCertificateContext(issuerCert);
5176 + } else if(issuerCert != NULL) {
5177 + flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
5178 + if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
5179 + xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
5180 + CertFreeCertificateContext(issuerCert);
5181 + return(FALSE);
5183 + if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) {
5184 + CertFreeCertificateContext(issuerCert);
5185 + return(FALSE);
5188 + CertFreeCertificateContext(issuerCert);
5189 + return(TRUE);
5192 - CertFreeCertificateContext(issuerCert);
5193 - return(TRUE);
5196 /* try to find issuer cert in the trusted cert in the store */
5197 issuerCert = CertFindCertificateInStore(ctx->trusted,
5198 @@ -379,26 +421,61 @@
5199 xmlSecAssert2(certs != NULL, NULL);
5200 xmlSecAssert2(keyInfoCtx != NULL, NULL);
5202 - while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){
5203 - PCCERT_CONTEXT nextCert = NULL;
5204 + while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) {
5205 + PCCERT_CONTEXT nextCert ;
5206 + unsigned char selected ;
5208 - xmlSecAssert2(cert->pCertInfo != NULL, NULL);
5209 + xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ;
5211 - /* if cert is the issuer of any other cert in the list, then it is
5212 - * to be skipped */
5213 - nextCert = CertFindCertificateInStore(certs,
5214 + /* if cert is the issuer of any other cert in the list, then it is
5215 + * to be skipped except that the cert list only have one self-signed
5216 + * certificate.
5217 + */
5218 + for( selected = 0, nextCert = NULL ; ; ) {
5219 + nextCert = CertFindCertificateInStore( certs,
5220 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
5222 CERT_FIND_ISSUER_NAME,
5223 &(cert->pCertInfo->Subject),
5224 - NULL);
5225 - if(nextCert != NULL) {
5226 - CertFreeCertificateContext(nextCert);
5227 - continue;
5229 - if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
5230 - return(cert);
5232 + nextCert ) ;
5233 + if( nextCert != NULL ) {
5234 + if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) {
5235 + selected = 1 ;
5236 + continue ;
5237 + } else {
5238 + selected = 0 ;
5239 + break ;
5241 + } else {
5242 + selected = 1 ;
5243 + break ;
5247 + if( nextCert != NULL )
5248 + CertFreeCertificateContext( nextCert ) ;
5250 + if( !selected ) {
5251 + continue ;
5254 + /* JL: OpenOffice.org implements its own certificate verification routine.
5255 + The goal is to seperate validation of the signature
5256 + and the certificate. For example, OOo could show that the document signature is valid,
5257 + but the certificate could not be verified. If we do not prevent the verification of
5258 + the certificate by libxmlsec and the verification fails, then the XML signature will not be
5259 + verified. This would happen, for example, if the root certificate is not installed.
5261 + In the store schould only be the certificate from the X509Certificate element
5262 + and the X509IssuerSerial element. The latter is only there
5263 + if the certificate is installed. Both certificates must be the same!
5264 + In case of writing the signature, the store contains only the certificate that
5265 + was created based on the information from the X509IssuerSerial element. */
5266 + return cert;
5268 +/* if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) {
5269 + return( cert ) ;
5270 + } */
5273 return (NULL);
5274 @@ -458,9 +535,126 @@
5275 return(0);
5278 +int
5279 +xmlSecMSCryptoX509StoreAdoptKeyStore (
5280 + xmlSecKeyDataStorePtr store,
5281 + HCERTSTORE keyStore
5282 +) {
5283 + xmlSecMSCryptoX509StoreCtxPtr ctx;
5284 + int ret;
5286 + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
5287 + xmlSecAssert2( keyStore != NULL, -1);
5289 + ctx = xmlSecMSCryptoX509StoreGetCtx(store);
5290 + xmlSecAssert2(ctx != NULL, -1);
5291 + xmlSecAssert2(ctx->trusted != NULL, -1);
5293 + if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
5294 + xmlSecError(XMLSEC_ERRORS_HERE,
5295 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
5296 + "CertAddStoreToCollection",
5297 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
5298 + XMLSEC_ERRORS_NO_MESSAGE);
5299 + return(-1);
5303 + PCCERT_CONTEXT ptCert ;
5305 + ptCert = NULL ;
5306 + while( 1 ) {
5307 + ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ;
5308 + if( ptCert == NULL )
5309 + break ;
5313 + return(0);
5316 +int
5317 +xmlSecMSCryptoX509StoreAdoptTrustedStore (
5318 + xmlSecKeyDataStorePtr store,
5319 + HCERTSTORE trustedStore
5320 +) {
5321 + xmlSecMSCryptoX509StoreCtxPtr ctx;
5322 + int ret;
5324 + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
5325 + xmlSecAssert2( trustedStore != NULL, -1);
5327 + ctx = xmlSecMSCryptoX509StoreGetCtx(store);
5328 + xmlSecAssert2(ctx != NULL, -1);
5329 + xmlSecAssert2(ctx->trusted != NULL, -1);
5331 + if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) {
5332 + xmlSecError(XMLSEC_ERRORS_HERE,
5333 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
5334 + "CertAddStoreToCollection",
5335 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
5336 + XMLSEC_ERRORS_NO_MESSAGE);
5337 + return(-1);
5341 + PCCERT_CONTEXT ptCert ;
5343 + ptCert = NULL ;
5344 + while( 1 ) {
5345 + ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ;
5346 + if( ptCert == NULL )
5347 + break ;
5351 + return(0);
5354 +int
5355 +xmlSecMSCryptoX509StoreAdoptUntrustedStore (
5356 + xmlSecKeyDataStorePtr store,
5357 + HCERTSTORE untrustedStore
5358 +) {
5359 + xmlSecMSCryptoX509StoreCtxPtr ctx;
5360 + int ret;
5362 + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
5363 + xmlSecAssert2( untrustedStore != NULL, -1);
5365 + ctx = xmlSecMSCryptoX509StoreGetCtx(store);
5366 + xmlSecAssert2(ctx != NULL, -1);
5367 + xmlSecAssert2(ctx->untrusted != NULL, -1);
5369 + if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
5370 + xmlSecError(XMLSEC_ERRORS_HERE,
5371 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
5372 + "CertAddStoreToCollection",
5373 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
5374 + XMLSEC_ERRORS_NO_MESSAGE);
5375 + return(-1);
5379 + PCCERT_CONTEXT ptCert ;
5381 + ptCert = NULL ;
5382 + while( 1 ) {
5383 + ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ;
5384 + if( ptCert == NULL )
5385 + break ;
5389 + return(0);
5392 static int
5393 xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) {
5394 xmlSecMSCryptoX509StoreCtxPtr ctx;
5395 + HCERTSTORE hTrustedMemStore ;
5396 + HCERTSTORE hUntrustedMemStore ;
5398 xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
5400 ctx = xmlSecMSCryptoX509StoreGetCtx(store);
5401 @@ -468,36 +662,104 @@
5403 memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
5405 + /* create trusted certs store collection */
5406 + ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
5407 + 0,
5408 + NULL,
5409 + 0,
5410 + NULL);
5411 + if(ctx->trusted == NULL) {
5412 + xmlSecError(XMLSEC_ERRORS_HERE,
5413 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
5414 + "CertOpenStore",
5415 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
5416 + XMLSEC_ERRORS_NO_MESSAGE);
5417 + return(-1);
5420 /* create trusted certs store */
5421 - ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY,
5422 + hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
5423 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
5425 CERT_STORE_CREATE_NEW_FLAG,
5426 NULL);
5427 - if(ctx->trusted == NULL) {
5428 + if(hTrustedMemStore == NULL) {
5429 xmlSecError(XMLSEC_ERRORS_HERE,
5430 xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
5431 "CertOpenStore",
5432 XMLSEC_ERRORS_R_CRYPTO_FAILED,
5433 XMLSEC_ERRORS_NO_MESSAGE);
5434 + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
5435 + ctx->trusted = NULL ;
5436 return(-1);
5439 - /* create trusted certs store */
5440 - ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY,
5441 + /* add the memory trusted certs store to trusted certs store collection */
5442 + if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
5443 + xmlSecError(XMLSEC_ERRORS_HERE,
5444 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
5445 + "CertAddStoreToCollection",
5446 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
5447 + XMLSEC_ERRORS_NO_MESSAGE);
5448 + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
5449 + CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
5450 + ctx->trusted = NULL ;
5451 + return(-1);
5453 + CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
5455 + /* create untrusted certs store collection */
5456 + ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
5457 + 0,
5458 + NULL,
5459 + 0,
5460 + NULL);
5461 + if(ctx->untrusted == NULL) {
5462 + xmlSecError(XMLSEC_ERRORS_HERE,
5463 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
5464 + "CertOpenStore",
5465 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
5466 + XMLSEC_ERRORS_NO_MESSAGE);
5467 + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
5468 + ctx->trusted = NULL ;
5469 + return(-1);
5472 + /* create untrusted certs store */
5473 + hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
5474 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
5476 CERT_STORE_CREATE_NEW_FLAG,
5477 NULL);
5478 - if(ctx->untrusted == NULL) {
5479 + if(hUntrustedMemStore == NULL) {
5480 xmlSecError(XMLSEC_ERRORS_HERE,
5481 xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
5482 "CertOpenStore",
5483 XMLSEC_ERRORS_R_CRYPTO_FAILED,
5484 XMLSEC_ERRORS_NO_MESSAGE);
5485 + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
5486 + CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
5487 + ctx->trusted = NULL ;
5488 + ctx->untrusted = NULL ;
5489 return(-1);
5492 + /* add the memory trusted certs store to untrusted certs store collection */
5493 + if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
5494 + xmlSecError(XMLSEC_ERRORS_HERE,
5495 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
5496 + "CertAddStoreToCollection",
5497 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
5498 + XMLSEC_ERRORS_NO_MESSAGE);
5499 + CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
5500 + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
5501 + CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
5502 + ctx->trusted = NULL ;
5503 + ctx->untrusted = NULL ;
5504 + return(-1);
5506 + CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
5508 return(0);
5511 @@ -567,10 +829,41 @@
5513 if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) {
5514 xmlSecBn issuerSerialBn;
5515 + xmlChar * p;
5516 CERT_NAME_BLOB cnb;
5517 + CRYPT_INTEGER_BLOB cib;
5518 BYTE *cName = NULL;
5519 DWORD cNameLen = 0;
5521 + /* aleksey: for some unknown to me reasons, mscrypto wants Email
5522 + * instead of emailAddress. This code is not bullet proof and may
5523 + * produce incorrect results if someone has "emailAddress=" string
5524 + * in one of the fields, but it is best I can suggest to fix this problem.
5525 + * Also see xmlSecMSCryptoX509NameWrite function.
5526 + */
5527 + while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) {
5528 + memcpy(p, " Email=", 13);
5533 + /* get issuer name */
5534 + cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
5535 + issuerName,
5536 + CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
5537 + &cNameLen);
5538 + if(cName == NULL) {
5539 + xmlSecError(XMLSEC_ERRORS_HERE,
5540 + NULL,
5541 + "xmlSecMSCryptoCertStrToName",
5542 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
5543 + XMLSEC_ERRORS_NO_MESSAGE);
5544 + return (NULL);
5546 + cnb.pbData = cName;
5547 + cnb.cbData = cNameLen;
5549 + /* get serial number */
5550 ret = xmlSecBnInitialize(&issuerSerialBn, 0);
5551 if(ret < 0) {
5552 xmlSecError(XMLSEC_ERRORS_HERE,
5553 @@ -578,6 +871,7 @@
5554 "xmlSecBnInitialize",
5555 XMLSEC_ERRORS_R_XMLSEC_FAILED,
5556 XMLSEC_ERRORS_NO_MESSAGE);
5557 + xmlFree(cName);
5558 return(NULL);
5561 @@ -589,26 +883,30 @@
5562 XMLSEC_ERRORS_R_XMLSEC_FAILED,
5563 XMLSEC_ERRORS_NO_MESSAGE);
5564 xmlSecBnFinalize(&issuerSerialBn);
5565 - return(NULL);
5566 + xmlFree(cName);
5567 + return(NULL);
5570 - cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
5571 - issuerName,
5572 - CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
5573 - &cNameLen);
5574 - if(cName == NULL) {
5575 + /* I have no clue why at a sudden a swap is needed to
5576 + * convert from lsb... This code is purely based upon
5577 + * trial and error :( WK
5578 + */
5579 + ret = xmlSecBnReverse(&issuerSerialBn);
5580 + if(ret < 0) {
5581 xmlSecError(XMLSEC_ERRORS_HERE,
5582 NULL,
5583 - "xmlSecMSCryptoCertStrToName",
5584 + "xmlSecBnReverse",
5585 XMLSEC_ERRORS_R_XMLSEC_FAILED,
5586 XMLSEC_ERRORS_NO_MESSAGE);
5587 xmlSecBnFinalize(&issuerSerialBn);
5588 - return (NULL);
5589 + xmlFree(cName);
5590 + return(NULL);
5593 - cnb.pbData = cName;
5594 - cnb.cbData = cNameLen;
5595 - while((pCert = CertFindCertificateInStore(store,
5596 + cib.pbData = xmlSecBufferGetData(&issuerSerialBn);
5597 + cib.cbData = xmlSecBufferGetSize(&issuerSerialBn);
5599 + while((pCert = CertFindCertificateInStore(store,
5600 PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
5602 CERT_FIND_ISSUER_NAME,
5603 @@ -622,10 +920,9 @@
5604 if((pCert->pCertInfo != NULL) &&
5605 (pCert->pCertInfo->SerialNumber.pbData != NULL) &&
5606 (pCert->pCertInfo->SerialNumber.cbData > 0) &&
5607 - (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData,
5608 - pCert->pCertInfo->SerialNumber.cbData))) {
5610 - break;
5611 + (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE)
5612 + ) {
5613 + break;
5616 xmlFree(cName);
5617 --- misc/xmlsec1-1.2.6/src/nss/Makefile.am 2003-09-16 11:43:03.000000000 +0200
5618 +++ misc/build/xmlsec1-1.2.6/src/nss/Makefile.am 2008-06-29 23:44:19.000000000 +0200
5619 @@ -20,21 +20,22 @@
5620 $(NULL)
5622 libxmlsec1_nss_la_SOURCES =\
5623 + akmngr.c \
5624 app.c \
5625 bignum.c \
5626 ciphers.c \
5627 crypto.c \
5628 digests.c \
5629 hmac.c \
5630 + keysstore.c \
5631 + keytrans.c \
5632 + keywrapers.c \
5633 pkikeys.c \
5634 signatures.c \
5635 symkeys.c \
5636 + tokens.c \
5637 x509.c \
5638 x509vfy.c \
5639 - keysstore.c \
5640 - kt_rsa.c \
5641 - kw_des.c \
5642 - kw_aes.c \
5643 $(NULL)
5645 libxmlsec1_nss_la_LIBADD = \
5646 --- misc/xmlsec1-1.2.6/src/nss/Makefile.in 2004-08-26 08:00:32.000000000 +0200
5647 +++ misc/build/xmlsec1-1.2.6/src/nss/Makefile.in 2008-06-29 23:44:19.000000000 +0200
5648 @@ -54,9 +54,9 @@
5649 $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
5650 $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
5651 am__objects_1 =
5652 -am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \
5653 +am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \
5654 digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \
5655 - x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \
5656 + x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \
5657 $(am__objects_1)
5658 libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
5659 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
5660 @@ -65,11 +65,11 @@
5661 @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \
5662 @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \
5663 @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \
5664 -@AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \
5665 -@AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \
5666 +@AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \
5667 +@AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \
5668 @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \
5669 @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \
5670 -@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo
5671 +@AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo
5672 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
5673 $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
5674 LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
5675 @@ -321,21 +321,22 @@
5676 $(NULL)
5678 libxmlsec1_nss_la_SOURCES = \
5679 + akmngr.c \
5680 app.c \
5681 bignum.c \
5682 ciphers.c \
5683 crypto.c \
5684 digests.c \
5685 hmac.c \
5686 + keysstore.c \
5687 + keytrans.c \
5688 + keywrappers.c \
5689 pkikeys.c \
5690 signatures.c \
5691 symkeys.c \
5692 + tokens.c \
5693 x509.c \
5694 x509vfy.c \
5695 - keysstore.c \
5696 - kt_rsa.c \
5697 - kw_des.c \
5698 - kw_aes.c \
5699 $(NULL)
5701 libxmlsec1_nss_la_LIBADD = \
5702 @@ -418,6 +419,7 @@
5703 distclean-compile:
5704 -rm -f *.tab.c
5706 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@
5707 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@
5708 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@
5709 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@
5710 @@ -425,9 +427,9 @@
5711 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@
5712 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@
5713 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@
5714 -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@
5715 -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@
5716 -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@
5717 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@
5718 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@
5719 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@
5720 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@
5721 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
5722 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
5723 --- misc/xmlsec1-1.2.6/src/nss/akmngr.c 2008-06-29 23:44:39.000000000 +0200
5724 +++ misc/build/xmlsec1-1.2.6/src/nss/akmngr.c 2008-06-29 23:44:19.000000000 +0200
5725 @@ -1 +1,384 @@
5726 -dummy
5727 +/**
5728 + * XMLSec library
5730 + * This is free software; see Copyright file in the source
5731 + * distribution for preciese wording.
5732 + *
5733 + * Copyright.........................
5734 + */
5735 +#include "globals.h"
5737 +#include <nspr.h>
5738 +#include <nss.h>
5739 +#include <pk11func.h>
5740 +#include <cert.h>
5741 +#include <keyhi.h>
5743 +#include <xmlsec/xmlsec.h>
5744 +#include <xmlsec/keys.h>
5745 +#include <xmlsec/transforms.h>
5746 +#include <xmlsec/errors.h>
5748 +#include <xmlsec/nss/crypto.h>
5749 +#include <xmlsec/nss/tokens.h>
5750 +#include <xmlsec/nss/akmngr.h>
5751 +#include <xmlsec/nss/pkikeys.h>
5752 +#include <xmlsec/nss/ciphers.h>
5753 +#include <xmlsec/nss/keysstore.h>
5755 +/**
5756 + * xmlSecNssAppliedKeysMngrCreate:
5757 + * @slot: array of pointers to NSS PKCS#11 slot infomation.
5758 + * @cSlots: number of slots in the array
5759 + * @handler: the pointer to NSS certificate database.
5761 + * Create and load NSS crypto slot and certificate database into keys manager
5763 + * Returns keys manager pointer on success or NULL otherwise.
5764 + */
5765 +xmlSecKeysMngrPtr
5766 +xmlSecNssAppliedKeysMngrCreate(
5767 + PK11SlotInfo** slots,
5768 + int cSlots,
5769 + CERTCertDBHandle* handler
5770 +) {
5771 + xmlSecKeyDataStorePtr certStore = NULL ;
5772 + xmlSecKeysMngrPtr keyMngr = NULL ;
5773 + xmlSecKeyStorePtr keyStore = NULL ;
5774 + int islot = 0;
5775 + keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
5776 + if( keyStore == NULL ) {
5777 + xmlSecError( XMLSEC_ERRORS_HERE ,
5778 + NULL ,
5779 + "xmlSecKeyStoreCreate" ,
5780 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5781 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5782 + return NULL ;
5785 + for (islot = 0; islot < cSlots; islot++)
5787 + xmlSecNssKeySlotPtr keySlot ;
5789 + /* Create a key slot */
5790 + keySlot = xmlSecNssKeySlotCreate() ;
5791 + if( keySlot == NULL ) {
5792 + xmlSecError( XMLSEC_ERRORS_HERE ,
5793 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
5794 + "xmlSecNssKeySlotCreate" ,
5795 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5796 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5798 + xmlSecKeyStoreDestroy( keyStore ) ;
5799 + return NULL ;
5802 + /* Set slot */
5803 + if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
5804 + xmlSecError( XMLSEC_ERRORS_HERE ,
5805 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
5806 + "xmlSecNssKeySlotSetSlot" ,
5807 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5808 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5810 + xmlSecKeyStoreDestroy( keyStore ) ;
5811 + xmlSecNssKeySlotDestroy( keySlot ) ;
5812 + return NULL ;
5815 + /* Adopt keySlot */
5816 + if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
5817 + xmlSecError( XMLSEC_ERRORS_HERE ,
5818 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
5819 + "xmlSecNssKeysStoreAdoptKeySlot" ,
5820 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5821 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5823 + xmlSecKeyStoreDestroy( keyStore ) ;
5824 + xmlSecNssKeySlotDestroy( keySlot ) ;
5825 + return NULL ;
5829 + keyMngr = xmlSecKeysMngrCreate() ;
5830 + if( keyMngr == NULL ) {
5831 + xmlSecError( XMLSEC_ERRORS_HERE ,
5832 + NULL ,
5833 + "xmlSecKeysMngrCreate" ,
5834 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5835 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5837 + xmlSecKeyStoreDestroy( keyStore ) ;
5838 + return NULL ;
5841 + /*-
5842 + * Add key store to manager, from now on keys manager destroys the store if
5843 + * needed
5844 + */
5845 + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
5846 + xmlSecError( XMLSEC_ERRORS_HERE ,
5847 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
5848 + "xmlSecKeysMngrAdoptKeyStore" ,
5849 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5850 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5852 + xmlSecKeyStoreDestroy( keyStore ) ;
5853 + xmlSecKeysMngrDestroy( keyMngr ) ;
5854 + return NULL ;
5857 + /*-
5858 + * Initialize crypto library specific data in keys manager
5859 + */
5860 + if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
5861 + xmlSecError( XMLSEC_ERRORS_HERE ,
5862 + NULL ,
5863 + "xmlSecKeysMngrCreate" ,
5864 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5865 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5867 + xmlSecKeysMngrDestroy( keyMngr ) ;
5868 + return NULL ;
5871 + /*-
5872 + * Set certificate databse to X509 key data store
5873 + */
5874 + /**
5875 + * Because Tej's implementation of certDB use the default DB, so I ignore
5876 + * the certDB handler at present. I'll modify the cert store sources to
5877 + * accept particular certDB instead of default ones.
5878 + certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
5879 + if( certStore == NULL ) {
5880 + xmlSecError( XMLSEC_ERRORS_HERE ,
5881 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
5882 + "xmlSecKeysMngrGetDataStore" ,
5883 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5884 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5886 + xmlSecKeysMngrDestroy( keyMngr ) ;
5887 + return NULL ;
5890 + if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
5891 + xmlSecError( XMLSEC_ERRORS_HERE ,
5892 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
5893 + "xmlSecNssKeyDataStoreX509SetCertDb" ,
5894 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5895 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5897 + xmlSecKeysMngrDestroy( keyMngr ) ;
5898 + return NULL ;
5900 + */
5902 + /*-
5903 + * Set the getKey callback
5904 + */
5905 + keyMngr->getKey = xmlSecKeysMngrGetKey ;
5907 + return keyMngr ;
5910 +int
5911 +xmlSecNssAppliedKeysMngrSymKeyLoad(
5912 + xmlSecKeysMngrPtr mngr ,
5913 + PK11SymKey* symKey
5914 +) {
5915 + xmlSecKeyPtr key ;
5916 + xmlSecKeyDataPtr data ;
5917 + xmlSecKeyStorePtr keyStore ;
5919 + xmlSecAssert2( mngr != NULL , -1 ) ;
5920 + xmlSecAssert2( symKey != NULL , -1 ) ;
5922 + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
5923 + if( keyStore == NULL ) {
5924 + xmlSecError( XMLSEC_ERRORS_HERE ,
5925 + NULL ,
5926 + "xmlSecKeysMngrGetKeysStore" ,
5927 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5928 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5929 + return(-1) ;
5931 + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
5933 + data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
5934 + if( data == NULL ) {
5935 + xmlSecError( XMLSEC_ERRORS_HERE ,
5936 + NULL ,
5937 + "xmlSecNssSymKeyDataKeyAdopt" ,
5938 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5939 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5940 + return(-1) ;
5943 + key = xmlSecKeyCreate() ;
5944 + if( key == NULL ) {
5945 + xmlSecError( XMLSEC_ERRORS_HERE ,
5946 + NULL ,
5947 + "xmlSecNssSymKeyDataKeyAdopt" ,
5948 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5949 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5950 + xmlSecKeyDataDestroy( data ) ;
5951 + return(-1) ;
5954 + if( xmlSecKeySetValue( key , data ) < 0 ) {
5955 + xmlSecError( XMLSEC_ERRORS_HERE ,
5956 + NULL ,
5957 + "xmlSecNssSymKeyDataKeyAdopt" ,
5958 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5959 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5960 + xmlSecKeyDataDestroy( data ) ;
5961 + return(-1) ;
5964 + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
5965 + xmlSecError( XMLSEC_ERRORS_HERE ,
5966 + NULL ,
5967 + "xmlSecNssSymKeyDataKeyAdopt" ,
5968 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5969 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5970 + xmlSecKeyDestroy( key ) ;
5971 + return(-1) ;
5974 + return(0) ;
5977 +int
5978 +xmlSecNssAppliedKeysMngrPubKeyLoad(
5979 + xmlSecKeysMngrPtr mngr ,
5980 + SECKEYPublicKey* pubKey
5981 +) {
5982 + xmlSecKeyPtr key ;
5983 + xmlSecKeyDataPtr data ;
5984 + xmlSecKeyStorePtr keyStore ;
5986 + xmlSecAssert2( mngr != NULL , -1 ) ;
5987 + xmlSecAssert2( pubKey != NULL , -1 ) ;
5989 + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
5990 + if( keyStore == NULL ) {
5991 + xmlSecError( XMLSEC_ERRORS_HERE ,
5992 + NULL ,
5993 + "xmlSecKeysMngrGetKeysStore" ,
5994 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
5995 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5996 + return(-1) ;
5998 + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
6000 + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
6001 + if( data == NULL ) {
6002 + xmlSecError( XMLSEC_ERRORS_HERE ,
6003 + NULL ,
6004 + "xmlSecNssPKIAdoptKey" ,
6005 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
6006 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6007 + return(-1) ;
6010 + key = xmlSecKeyCreate() ;
6011 + if( key == NULL ) {
6012 + xmlSecError( XMLSEC_ERRORS_HERE ,
6013 + NULL ,
6014 + "xmlSecNssSymKeyDataKeyAdopt" ,
6015 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
6016 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6017 + xmlSecKeyDataDestroy( data ) ;
6018 + return(-1) ;
6021 + if( xmlSecKeySetValue( key , data ) < 0 ) {
6022 + xmlSecError( XMLSEC_ERRORS_HERE ,
6023 + NULL ,
6024 + "xmlSecNssSymKeyDataKeyAdopt" ,
6025 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
6026 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6027 + xmlSecKeyDataDestroy( data ) ;
6028 + return(-1) ;
6031 + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
6032 + xmlSecError( XMLSEC_ERRORS_HERE ,
6033 + NULL ,
6034 + "xmlSecNssSymKeyDataKeyAdopt" ,
6035 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
6036 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6037 + xmlSecKeyDestroy( key ) ;
6038 + return(-1) ;
6041 + return(0) ;
6044 +int
6045 +xmlSecNssAppliedKeysMngrPriKeyLoad(
6046 + xmlSecKeysMngrPtr mngr ,
6047 + SECKEYPrivateKey* priKey
6048 +) {
6049 + xmlSecKeyPtr key ;
6050 + xmlSecKeyDataPtr data ;
6051 + xmlSecKeyStorePtr keyStore ;
6053 + xmlSecAssert2( mngr != NULL , -1 ) ;
6054 + xmlSecAssert2( priKey != NULL , -1 ) ;
6056 + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
6057 + if( keyStore == NULL ) {
6058 + xmlSecError( XMLSEC_ERRORS_HERE ,
6059 + NULL ,
6060 + "xmlSecKeysMngrGetKeysStore" ,
6061 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
6062 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6063 + return(-1) ;
6065 + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
6067 + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
6068 + if( data == NULL ) {
6069 + xmlSecError( XMLSEC_ERRORS_HERE ,
6070 + NULL ,
6071 + "xmlSecNssPKIAdoptKey" ,
6072 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
6073 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6074 + return(-1) ;
6077 + key = xmlSecKeyCreate() ;
6078 + if( key == NULL ) {
6079 + xmlSecError( XMLSEC_ERRORS_HERE ,
6080 + NULL ,
6081 + "xmlSecNssSymKeyDataKeyAdopt" ,
6082 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
6083 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6084 + xmlSecKeyDataDestroy( data ) ;
6085 + return(-1) ;
6088 + if( xmlSecKeySetValue( key , data ) < 0 ) {
6089 + xmlSecError( XMLSEC_ERRORS_HERE ,
6090 + NULL ,
6091 + "xmlSecNssSymKeyDataKeyAdopt" ,
6092 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
6093 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6094 + xmlSecKeyDataDestroy( data ) ;
6095 + return(-1) ;
6098 + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
6099 + xmlSecError( XMLSEC_ERRORS_HERE ,
6100 + NULL ,
6101 + "xmlSecNssSymKeyDataKeyAdopt" ,
6102 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
6103 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6104 + xmlSecKeyDestroy( key ) ;
6105 + return(-1) ;
6108 + return(0) ;
6111 --- misc/xmlsec1-1.2.6/src/nss/ciphers.c 2003-09-26 02:58:15.000000000 +0200
6112 +++ misc/build/xmlsec1-1.2.6/src/nss/ciphers.c 2008-06-29 23:44:19.000000000 +0200
6113 @@ -1,838 +1,967 @@
6114 -/**
6115 - * XMLSec library
6117 - * This is free software; see Copyright file in the source
6118 - * distribution for preciese wording.
6119 - *
6120 - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
6121 - * Copyright (c) 2003 America Online, Inc. All rights reserved.
6122 - */
6123 +/* -- C Source File -- **/
6124 #include "globals.h"
6126 +#include <stdlib.h>
6127 #include <string.h>
6129 -#include <nspr.h>
6130 #include <nss.h>
6131 -#include <secoid.h>
6132 #include <pk11func.h>
6134 #include <xmlsec/xmlsec.h>
6135 +#include <xmlsec/xmltree.h>
6136 +#include <xmlsec/base64.h>
6137 #include <xmlsec/keys.h>
6138 +#include <xmlsec/keyinfo.h>
6139 #include <xmlsec/transforms.h>
6140 #include <xmlsec/errors.h>
6142 #include <xmlsec/nss/crypto.h>
6143 +#include <xmlsec/nss/ciphers.h>
6145 -#define XMLSEC_NSS_MAX_KEY_SIZE 32
6146 -#define XMLSEC_NSS_MAX_IV_SIZE 32
6147 -#define XMLSEC_NSS_MAX_BLOCK_SIZE 32
6149 -/**************************************************************************
6151 - * Internal Nss Block cipher CTX
6152 +/**
6153 + * Internal Nss Block Cipher Context
6155 - *****************************************************************************/
6156 -typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
6157 - *xmlSecNssBlockCipherCtxPtr;
6158 + * This context is designed for repositing a block cipher for transform
6159 + */
6160 +typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ;
6161 +typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ;
6163 struct _xmlSecNssBlockCipherCtx {
6164 - CK_MECHANISM_TYPE cipher;
6165 - PK11Context* cipherCtx;
6166 - xmlSecKeyDataId keyId;
6167 - int keyInitialized;
6168 - int ctxInitialized;
6169 - xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
6170 - xmlSecSize keySize;
6171 - xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
6172 - xmlSecSize ivSize;
6174 -static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
6175 - xmlSecBufferPtr in,
6176 - xmlSecBufferPtr out,
6177 - int encrypt,
6178 - const xmlChar* cipherName,
6179 - xmlSecTransformCtxPtr transformCtx);
6180 -static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
6181 - xmlSecBufferPtr in,
6182 - xmlSecBufferPtr out,
6183 - int encrypt,
6184 - const xmlChar* cipherName,
6185 - xmlSecTransformCtxPtr transformCtx);
6186 -static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
6187 - xmlSecBufferPtr in,
6188 - xmlSecBufferPtr out,
6189 - int encrypt,
6190 - const xmlChar* cipherName,
6191 - xmlSecTransformCtxPtr transformCtx);
6192 -static int
6193 -xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
6194 - xmlSecBufferPtr in, xmlSecBufferPtr out,
6195 - int encrypt,
6196 - const xmlChar* cipherName,
6197 - xmlSecTransformCtxPtr transformCtx) {
6198 - SECItem keyItem;
6199 - SECItem ivItem;
6200 - PK11SlotInfo* slot;
6201 - PK11SymKey* symKey;
6202 - int ivLen;
6203 - SECStatus rv;
6204 - int ret;
6206 - xmlSecAssert2(ctx != NULL, -1);
6207 - xmlSecAssert2(ctx->cipher != 0, -1);
6208 - xmlSecAssert2(ctx->cipherCtx == NULL, -1);
6209 - xmlSecAssert2(ctx->keyInitialized != 0, -1);
6210 - xmlSecAssert2(ctx->ctxInitialized == 0, -1);
6211 - xmlSecAssert2(in != NULL, -1);
6212 - xmlSecAssert2(out != NULL, -1);
6213 - xmlSecAssert2(transformCtx != NULL, -1);
6215 - ivLen = PK11_GetIVLength(ctx->cipher);
6216 - xmlSecAssert2(ivLen > 0, -1);
6217 - xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
6219 - if(encrypt) {
6220 - /* generate random iv */
6221 - rv = PK11_GenerateRandom(ctx->iv, ivLen);
6222 - if(rv != SECSuccess) {
6223 - xmlSecError(XMLSEC_ERRORS_HERE,
6224 - xmlSecErrorsSafeString(cipherName),
6225 - "PK11_GenerateRandom",
6226 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
6227 - "size=%d", ivLen);
6228 - return(-1);
6231 - /* write iv to the output */
6232 - ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
6233 - if(ret < 0) {
6234 - xmlSecError(XMLSEC_ERRORS_HERE,
6235 - xmlSecErrorsSafeString(cipherName),
6236 - "xmlSecBufferAppend",
6237 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
6238 - "size=%d", ivLen);
6239 - return(-1);
6242 - } else {
6243 - /* if we don't have enough data, exit and hope that
6244 - * we'll have iv next time */
6245 - if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
6246 - return(0);
6249 - /* copy iv to our buffer*/
6250 - xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
6251 - memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
6253 - /* and remove from input */
6254 - ret = xmlSecBufferRemoveHead(in, ivLen);
6255 - if(ret < 0) {
6256 - xmlSecError(XMLSEC_ERRORS_HERE,
6257 - xmlSecErrorsSafeString(cipherName),
6258 - "xmlSecBufferRemoveHead",
6259 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
6260 - "size=%d", ivLen);
6261 - return(-1);
6262 + CK_MECHANISM_TYPE cipher ;
6263 + PK11SymKey* symkey ;
6264 + PK11Context* cipherCtx ;
6265 + xmlSecKeyDataId keyId ;
6266 +} ;
6268 +#define xmlSecNssBlockCipherSize \
6269 + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) )
6271 +#define xmlSecNssBlockCipherGetCtx( transform ) \
6272 + ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
6274 +static int
6275 +xmlSecNssBlockCipherCheckId(
6276 + xmlSecTransformPtr transform
6277 +) {
6278 + #ifndef XMLSEC_NO_DES
6279 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) {
6280 + return 1 ;
6283 + #endif /* XMLSEC_NO_DES */
6285 - memset(&keyItem, 0, sizeof(keyItem));
6286 - keyItem.data = ctx->key;
6287 - keyItem.len = ctx->keySize;
6288 - memset(&ivItem, 0, sizeof(ivItem));
6289 - ivItem.data = ctx->iv;
6290 - ivItem.len = ctx->ivSize;
6292 - slot = PK11_GetBestSlot(ctx->cipher, NULL);
6293 - if(slot == NULL) {
6294 - xmlSecError(XMLSEC_ERRORS_HERE,
6295 - xmlSecErrorsSafeString(cipherName),
6296 - "PK11_GetBestSlot",
6297 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
6298 - XMLSEC_ERRORS_NO_MESSAGE);
6299 - return(-1);
6302 - symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
6303 - CKA_SIGN, &keyItem, NULL);
6304 - if(symKey == NULL) {
6305 - xmlSecError(XMLSEC_ERRORS_HERE,
6306 - xmlSecErrorsSafeString(cipherName),
6307 - "PK11_ImportSymKey",
6308 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
6309 - XMLSEC_ERRORS_NO_MESSAGE);
6310 - PK11_FreeSlot(slot);
6311 - return(-1);
6313 + #ifndef XMLSEC_NO_AES
6314 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) ||
6315 + xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) ||
6316 + xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) {
6318 - ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
6319 - (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
6320 - symKey, &ivItem);
6321 - if(ctx->cipherCtx == NULL) {
6322 - xmlSecError(XMLSEC_ERRORS_HERE,
6323 - xmlSecErrorsSafeString(cipherName),
6324 - "PK11_CreateContextBySymKey",
6325 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
6326 - XMLSEC_ERRORS_NO_MESSAGE);
6327 - PK11_FreeSymKey(symKey);
6328 - PK11_FreeSlot(slot);
6329 - return(-1);
6330 + return 1 ;
6333 - ctx->ctxInitialized = 1;
6334 - PK11_FreeSymKey(symKey);
6335 - PK11_FreeSlot(slot);
6336 - return(0);
6337 + #endif /* XMLSEC_NO_AES */
6339 + return 0 ;
6342 -static int
6343 -xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
6344 - xmlSecBufferPtr in, xmlSecBufferPtr out,
6345 - int encrypt,
6346 - const xmlChar* cipherName,
6347 - xmlSecTransformCtxPtr transformCtx) {
6348 - xmlSecSize inSize, inBlocks, outSize;
6349 - int blockLen;
6350 - int outLen = 0;
6351 - xmlSecByte* outBuf;
6352 - SECStatus rv;
6353 - int ret;
6355 - xmlSecAssert2(ctx != NULL, -1);
6356 - xmlSecAssert2(ctx->cipher != 0, -1);
6357 - xmlSecAssert2(ctx->cipherCtx != NULL, -1);
6358 - xmlSecAssert2(ctx->ctxInitialized != 0, -1);
6359 - xmlSecAssert2(in != NULL, -1);
6360 - xmlSecAssert2(out != NULL, -1);
6361 - xmlSecAssert2(transformCtx != NULL, -1);
6362 +static int
6363 +xmlSecNssBlockCipherFetchCtx(
6364 + xmlSecNssBlockCipherCtxPtr context ,
6365 + xmlSecTransformId id
6366 +) {
6367 + xmlSecAssert2( context != NULL, -1 ) ;
6369 + #ifndef XMLSEC_NO_DES
6370 + if( id == xmlSecNssTransformDes3CbcId ) {
6371 + context->cipher = CKM_DES3_CBC ;
6372 + context->keyId = xmlSecNssKeyDataDesId ;
6373 + } else
6374 + #endif /* XMLSEC_NO_DES */
6376 + #ifndef XMLSEC_NO_AES
6377 + if( id == xmlSecNssTransformAes128CbcId ) {
6378 + context->cipher = CKM_AES_CBC ;
6379 + context->keyId = xmlSecNssKeyDataAesId ;
6380 + } else
6381 + if( id == xmlSecNssTransformAes192CbcId ) {
6382 + context->cipher = CKM_AES_CBC ;
6383 + context->keyId = xmlSecNssKeyDataAesId ;
6384 + } else
6385 + if( id == xmlSecNssTransformAes256CbcId ) {
6386 + context->cipher = CKM_AES_CBC ;
6387 + context->keyId = xmlSecNssKeyDataAesId ;
6388 + } else
6389 + #endif /* XMLSEC_NO_AES */
6391 + if( 1 ) {
6392 + xmlSecError( XMLSEC_ERRORS_HERE ,
6393 + NULL ,
6394 + NULL ,
6395 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6396 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6397 + return -1 ;
6400 - blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
6401 - xmlSecAssert2(blockLen > 0, -1);
6402 + return 0 ;
6405 - inSize = xmlSecBufferGetSize(in);
6406 - outSize = xmlSecBufferGetSize(out);
6408 - if(inSize < (xmlSecSize)blockLen) {
6409 - return(0);
6411 +/**
6412 + * xmlSecTransformInitializeMethod:
6413 + * @transform: the pointer to transform object.
6415 + * The transform specific initialization method.
6417 + * Returns 0 on success or a negative value otherwise.
6418 + */
6419 +static int
6420 +xmlSecNssBlockCipherInitialize(
6421 + xmlSecTransformPtr transform
6422 +) {
6423 + xmlSecNssBlockCipherCtxPtr context = NULL ;
6425 + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
6426 + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
6428 + context = xmlSecNssBlockCipherGetCtx( transform ) ;
6429 + if( context == NULL ) {
6430 + xmlSecError( XMLSEC_ERRORS_HERE ,
6431 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
6432 + "xmlSecNssBlockCipherGetCtx" ,
6433 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6434 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6435 + return -1 ;
6438 + if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) {
6439 + xmlSecError( XMLSEC_ERRORS_HERE ,
6440 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
6441 + "xmlSecNssBlockCipherFetchCtx" ,
6442 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6443 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6444 + return -1 ;
6447 - if(encrypt) {
6448 - inBlocks = inSize / ((xmlSecSize)blockLen);
6449 - } else {
6450 - /* we want to have the last block in the input buffer
6451 - * for padding check */
6452 - inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
6454 - inSize = inBlocks * ((xmlSecSize)blockLen);
6455 + context->symkey = NULL ;
6456 + context->cipherCtx = NULL ;
6458 - /* we write out the input size plus may be one block */
6459 - ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
6460 - if(ret < 0) {
6461 - xmlSecError(XMLSEC_ERRORS_HERE,
6462 - xmlSecErrorsSafeString(cipherName),
6463 - "xmlSecBufferSetMaxSize",
6464 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
6465 - "size=%d", outSize + inSize + blockLen);
6466 - return(-1);
6468 - outBuf = xmlSecBufferGetData(out) + outSize;
6470 - rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
6471 - xmlSecBufferGetData(in), inSize);
6472 - if(rv != SECSuccess) {
6473 - xmlSecError(XMLSEC_ERRORS_HERE,
6474 - xmlSecErrorsSafeString(cipherName),
6475 - "PK11_CipherOp",
6476 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
6477 - XMLSEC_ERRORS_NO_MESSAGE);
6478 - return(-1);
6480 - xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
6482 - /* set correct output buffer size */
6483 - ret = xmlSecBufferSetSize(out, outSize + outLen);
6484 - if(ret < 0) {
6485 - xmlSecError(XMLSEC_ERRORS_HERE,
6486 - xmlSecErrorsSafeString(cipherName),
6487 - "xmlSecBufferSetSize",
6488 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
6489 - "size=%d", outSize + outLen);
6490 - return(-1);
6493 - /* remove the processed block from input */
6494 - ret = xmlSecBufferRemoveHead(in, inSize);
6495 - if(ret < 0) {
6496 - xmlSecError(XMLSEC_ERRORS_HERE,
6497 - xmlSecErrorsSafeString(cipherName),
6498 - "xmlSecBufferRemoveHead",
6499 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
6500 - "size=%d", inSize);
6501 - return(-1);
6503 - return(0);
6504 + return 0 ;
6507 -static int
6508 -xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
6509 - xmlSecBufferPtr in,
6510 - xmlSecBufferPtr out,
6511 - int encrypt,
6512 - const xmlChar* cipherName,
6513 - xmlSecTransformCtxPtr transformCtx) {
6514 - xmlSecSize inSize, outSize;
6515 - int blockLen, outLen = 0;
6516 - xmlSecByte* inBuf;
6517 - xmlSecByte* outBuf;
6518 - SECStatus rv;
6519 - int ret;
6521 - xmlSecAssert2(ctx != NULL, -1);
6522 - xmlSecAssert2(ctx->cipher != 0, -1);
6523 - xmlSecAssert2(ctx->cipherCtx != NULL, -1);
6524 - xmlSecAssert2(ctx->ctxInitialized != 0, -1);
6525 - xmlSecAssert2(in != NULL, -1);
6526 - xmlSecAssert2(out != NULL, -1);
6527 - xmlSecAssert2(transformCtx != NULL, -1);
6529 - blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
6530 - xmlSecAssert2(blockLen > 0, -1);
6531 +/**
6532 + * xmlSecTransformFinalizeMethod:
6533 + * @transform: the pointer to transform object.
6535 + * The transform specific destroy method.
6536 + */
6537 +static void
6538 +xmlSecNssBlockCipherFinalize(
6539 + xmlSecTransformPtr transform
6540 +) {
6541 + xmlSecNssBlockCipherCtxPtr context = NULL ;
6543 - inSize = xmlSecBufferGetSize(in);
6544 - outSize = xmlSecBufferGetSize(out);
6545 + xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ;
6546 + xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ;
6548 - if(encrypt != 0) {
6549 - xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
6551 - /* create padding */
6552 - ret = xmlSecBufferSetMaxSize(in, blockLen);
6553 - if(ret < 0) {
6554 - xmlSecError(XMLSEC_ERRORS_HERE,
6555 - xmlSecErrorsSafeString(cipherName),
6556 - "xmlSecBufferSetMaxSize",
6557 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
6558 - "size=%d", blockLen);
6559 - return(-1);
6561 - inBuf = xmlSecBufferGetData(in);
6563 - /* generate random padding */
6564 - if((xmlSecSize)blockLen > (inSize + 1)) {
6565 - rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
6566 - if(rv != SECSuccess) {
6567 - xmlSecError(XMLSEC_ERRORS_HERE,
6568 - xmlSecErrorsSafeString(cipherName),
6569 - "PK11_GenerateRandom",
6570 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
6571 - "size=%d", blockLen - inSize - 1);
6572 - return(-1);
6575 - inBuf[blockLen - 1] = blockLen - inSize;
6576 - inSize = blockLen;
6577 - } else {
6578 - if(inSize != (xmlSecSize)blockLen) {
6579 - xmlSecError(XMLSEC_ERRORS_HERE,
6580 - xmlSecErrorsSafeString(cipherName),
6581 - NULL,
6582 - XMLSEC_ERRORS_R_INVALID_DATA,
6583 - "data=%d;block=%d", inSize, blockLen);
6584 - return(-1);
6585 + context = xmlSecNssBlockCipherGetCtx( transform ) ;
6586 + if( context == NULL ) {
6587 + xmlSecError( XMLSEC_ERRORS_HERE ,
6588 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
6589 + "xmlSecNssBlockCipherGetCtx" ,
6590 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6591 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6592 + return ;
6596 - /* process last block */
6597 - ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
6598 - if(ret < 0) {
6599 - xmlSecError(XMLSEC_ERRORS_HERE,
6600 - xmlSecErrorsSafeString(cipherName),
6601 - "xmlSecBufferSetMaxSize",
6602 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
6603 - "size=%d", outSize + 2 * blockLen);
6604 - return(-1);
6606 - outBuf = xmlSecBufferGetData(out) + outSize;
6608 - rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
6609 - xmlSecBufferGetData(in), inSize);
6610 - if(rv != SECSuccess) {
6611 - xmlSecError(XMLSEC_ERRORS_HERE,
6612 - xmlSecErrorsSafeString(cipherName),
6613 - "PK11_CipherOp",
6614 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
6615 - XMLSEC_ERRORS_NO_MESSAGE);
6616 - return(-1);
6618 - xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
6620 - if(encrypt == 0) {
6621 - /* check padding */
6622 - if(outLen < outBuf[blockLen - 1]) {
6623 - xmlSecError(XMLSEC_ERRORS_HERE,
6624 - xmlSecErrorsSafeString(cipherName),
6625 - NULL,
6626 - XMLSEC_ERRORS_R_INVALID_DATA,
6627 - "padding=%d;buffer=%d",
6628 - outBuf[blockLen - 1], outLen);
6629 - return(-1);
6631 - outLen -= outBuf[blockLen - 1];
6632 - }
6634 - /* set correct output buffer size */
6635 - ret = xmlSecBufferSetSize(out, outSize + outLen);
6636 - if(ret < 0) {
6637 - xmlSecError(XMLSEC_ERRORS_HERE,
6638 - xmlSecErrorsSafeString(cipherName),
6639 - "xmlSecBufferSetSize",
6640 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
6641 - "size=%d", outSize + outLen);
6642 - return(-1);
6644 + if( context->cipherCtx != NULL ) {
6645 + PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ;
6646 + context->cipherCtx = NULL ;
6649 - /* remove the processed block from input */
6650 - ret = xmlSecBufferRemoveHead(in, inSize);
6651 - if(ret < 0) {
6652 - xmlSecError(XMLSEC_ERRORS_HERE,
6653 - xmlSecErrorsSafeString(cipherName),
6654 - "xmlSecBufferRemoveHead",
6655 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
6656 - "size=%d", inSize);
6657 - return(-1);
6659 + if( context->symkey != NULL ) {
6660 + PK11_FreeSymKey( context->symkey ) ;
6661 + context->symkey = NULL ;
6664 - return(0);
6665 + context->cipher = CKM_INVALID_MECHANISM ;
6666 + context->keyId = NULL ;
6670 -/******************************************************************************
6672 - * EVP Block Cipher transforms
6673 +/**
6674 + * xmlSecTransformSetKeyRequirementsMethod:
6675 + * @transform: the pointer to transform object.
6676 + * @keyReq: the pointer to key requirements structure.
6678 - * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
6679 + * Transform specific method to set transform's key requirements.
6681 - *****************************************************************************/
6682 -#define xmlSecNssBlockCipherSize \
6683 - (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
6684 -#define xmlSecNssBlockCipherGetCtx(transform) \
6685 - ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
6687 -static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
6688 -static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
6689 -static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
6690 - xmlSecKeyReqPtr keyReq);
6691 -static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
6692 - xmlSecKeyPtr key);
6693 -static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
6694 - int last,
6695 - xmlSecTransformCtxPtr transformCtx);
6696 -static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
6699 + * Returns 0 on success or a negative value otherwise.
6700 + */
6701 +static int
6702 +xmlSecNssBlockCipherSetKeyReq(
6703 + xmlSecTransformPtr transform ,
6704 + xmlSecKeyReqPtr keyReq
6705 +) {
6706 + xmlSecNssBlockCipherCtxPtr context = NULL ;
6707 + xmlSecSize cipherSize = 0 ;
6709 + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
6710 + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
6711 + xmlSecAssert2( keyReq != NULL , -1 ) ;
6712 + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
6714 + context = xmlSecNssBlockCipherGetCtx( transform ) ;
6715 + if( context == NULL ) {
6716 + xmlSecError( XMLSEC_ERRORS_HERE ,
6717 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
6718 + "xmlSecNssBlockCipherGetCtx" ,
6719 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6720 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6721 + return -1 ;
6724 + keyReq->keyId = context->keyId ;
6725 + keyReq->keyType = xmlSecKeyDataTypeSymmetric ;
6727 + if( transform->operation == xmlSecTransformOperationEncrypt ) {
6728 + keyReq->keyUsage = xmlSecKeyUsageEncrypt ;
6729 + } else {
6730 + keyReq->keyUsage = xmlSecKeyUsageDecrypt ;
6733 + /*
6734 + if( context->symkey != NULL )
6735 + cipherSize = PK11_GetKeyLength( context->symkey ) ;
6737 -static int
6738 -xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
6739 -#ifndef XMLSEC_NO_DES
6740 - if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
6741 - return(1);
6743 -#endif /* XMLSEC_NO_DES */
6744 + keyReq->keyBitsSize = cipherSize * 8 ;
6745 + */
6747 -#ifndef XMLSEC_NO_AES
6748 - if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
6749 - xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
6750 - xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
6752 - return(1);
6754 -#endif /* XMLSEC_NO_AES */
6756 - return(0);
6757 + return 0 ;
6760 -static int
6761 -xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
6762 - xmlSecNssBlockCipherCtxPtr ctx;
6764 - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
6765 - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
6766 +/**
6767 + * xmlSecTransformSetKeyMethod:
6768 + * @transform: the pointer to transform object.
6769 + * @key: the pointer to key.
6771 + * The transform specific method to set the key for use.
6772 + *
6773 + * Returns 0 on success or a negative value otherwise.
6774 + */
6775 +static int
6776 +xmlSecNssBlockCipherSetKey(
6777 + xmlSecTransformPtr transform ,
6778 + xmlSecKeyPtr key
6779 +) {
6780 + xmlSecNssBlockCipherCtxPtr context = NULL ;
6781 + xmlSecKeyDataPtr keyData = NULL ;
6782 + PK11SymKey* symkey = NULL ;
6783 + CK_ATTRIBUTE_TYPE operation ;
6784 + int ivLen ;
6786 + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
6787 + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
6788 + xmlSecAssert2( key != NULL , -1 ) ;
6789 + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
6791 + context = xmlSecNssBlockCipherGetCtx( transform ) ;
6792 + if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
6793 + xmlSecError( XMLSEC_ERRORS_HERE ,
6794 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
6795 + "xmlSecNssBlockCipherGetCtx" ,
6796 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6797 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6798 + return -1 ;
6800 + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
6802 + keyData = xmlSecKeyGetValue( key ) ;
6803 + if( keyData == NULL ) {
6804 + xmlSecError( XMLSEC_ERRORS_HERE ,
6805 + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
6806 + "xmlSecKeyGetValue" ,
6807 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6808 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6809 + return -1 ;
6812 + if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
6813 + xmlSecError( XMLSEC_ERRORS_HERE ,
6814 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
6815 + "xmlSecNssSymKeyDataGetKey" ,
6816 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6817 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6818 + return -1 ;
6821 - ctx = xmlSecNssBlockCipherGetCtx(transform);
6822 - xmlSecAssert2(ctx != NULL, -1);
6824 - memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
6825 + context->symkey = symkey ;
6827 -#ifndef XMLSEC_NO_DES
6828 - if(transform->id == xmlSecNssTransformDes3CbcId) {
6829 - ctx->cipher = CKM_DES3_CBC;
6830 - ctx->keyId = xmlSecNssKeyDataDesId;
6831 - ctx->keySize = 24;
6832 - } else
6833 -#endif /* XMLSEC_NO_DES */
6835 -#ifndef XMLSEC_NO_AES
6836 - if(transform->id == xmlSecNssTransformAes128CbcId) {
6837 - ctx->cipher = CKM_AES_CBC;
6838 - ctx->keyId = xmlSecNssKeyDataAesId;
6839 - ctx->keySize = 16;
6840 - } else if(transform->id == xmlSecNssTransformAes192CbcId) {
6841 - ctx->cipher = CKM_AES_CBC;
6842 - ctx->keyId = xmlSecNssKeyDataAesId;
6843 - ctx->keySize = 24;
6844 - } else if(transform->id == xmlSecNssTransformAes256CbcId) {
6845 - ctx->cipher = CKM_AES_CBC;
6846 - ctx->keyId = xmlSecNssKeyDataAesId;
6847 - ctx->keySize = 32;
6848 - } else
6849 -#endif /* XMLSEC_NO_AES */
6851 - if(1) {
6852 - xmlSecError(XMLSEC_ERRORS_HERE,
6853 - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
6854 - NULL,
6855 - XMLSEC_ERRORS_R_INVALID_TRANSFORM,
6856 - XMLSEC_ERRORS_NO_MESSAGE);
6857 - return(-1);
6858 - }
6860 - return(0);
6861 + return 0 ;
6864 -static void
6865 -xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
6866 - xmlSecNssBlockCipherCtxPtr ctx;
6868 - xmlSecAssert(xmlSecNssBlockCipherCheckId(transform));
6869 - xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize));
6870 +/**
6871 + * Block cipher transform init
6872 + */
6873 +static int
6874 +xmlSecNssBlockCipherCtxInit(
6875 + xmlSecNssBlockCipherCtxPtr ctx ,
6876 + xmlSecBufferPtr in ,
6877 + xmlSecBufferPtr out ,
6878 + int encrypt ,
6879 + const xmlChar* cipherName ,
6880 + xmlSecTransformCtxPtr transformCtx
6881 +) {
6882 + SECItem ivItem ;
6883 + SECItem* secParam = NULL ;
6884 + xmlSecBufferPtr ivBuf = NULL ;
6885 + int ivLen ;
6887 + xmlSecAssert2( ctx != NULL , -1 ) ;
6888 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
6889 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
6890 + xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ;
6891 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
6892 + xmlSecAssert2( in != NULL , -1 ) ;
6893 + xmlSecAssert2( out != NULL , -1 ) ;
6894 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
6896 + ivLen = PK11_GetIVLength( ctx->cipher ) ;
6897 + if( ivLen < 0 ) {
6898 + xmlSecError( XMLSEC_ERRORS_HERE ,
6899 + NULL ,
6900 + "PK11_GetIVLength" ,
6901 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6902 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6903 + return -1 ;
6906 + if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) {
6907 + xmlSecError( XMLSEC_ERRORS_HERE ,
6908 + NULL ,
6909 + "xmlSecBufferCreate" ,
6910 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6911 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6912 + return -1 ;
6915 + if( encrypt ) {
6916 + if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) {
6917 + xmlSecError( XMLSEC_ERRORS_HERE ,
6918 + xmlSecErrorsSafeString( cipherName ) ,
6919 + "PK11_GenerateRandom" ,
6920 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6921 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6922 + xmlSecBufferDestroy( ivBuf ) ;
6923 + return -1 ;
6925 + if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) {
6926 + xmlSecError( XMLSEC_ERRORS_HERE ,
6927 + NULL ,
6928 + "xmlSecBufferSetSize" ,
6929 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6930 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6931 + xmlSecBufferDestroy( ivBuf ) ;
6932 + return -1 ;
6935 + if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) {
6936 + xmlSecError( XMLSEC_ERRORS_HERE ,
6937 + xmlSecErrorsSafeString( cipherName ) ,
6938 + "xmlSecBufferAppend" ,
6939 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6940 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6941 + xmlSecBufferDestroy( ivBuf ) ;
6942 + return -1 ;
6944 + } else {
6945 + if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) {
6946 + xmlSecError( XMLSEC_ERRORS_HERE ,
6947 + xmlSecErrorsSafeString( cipherName ) ,
6948 + "xmlSecBufferSetData" ,
6949 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6950 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6951 + xmlSecBufferDestroy( ivBuf ) ;
6952 + return -1 ;
6955 + if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) {
6956 + xmlSecError( XMLSEC_ERRORS_HERE ,
6957 + xmlSecErrorsSafeString( cipherName ) ,
6958 + "xmlSecBufferRemoveHead" ,
6959 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6960 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6961 + xmlSecBufferDestroy( ivBuf ) ;
6962 + return -1 ;
6966 + ivItem.data = xmlSecBufferGetData( ivBuf ) ;
6967 + ivItem.len = xmlSecBufferGetSize( ivBuf ) ;
6968 + if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
6969 + xmlSecError( XMLSEC_ERRORS_HERE ,
6970 + xmlSecErrorsSafeString( cipherName ) ,
6971 + "PK11_ParamFromIV" ,
6972 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6973 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6974 + xmlSecBufferDestroy( ivBuf ) ;
6975 + return -1 ;
6978 + ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
6979 + if( ctx->cipherCtx == NULL ) {
6980 + xmlSecError( XMLSEC_ERRORS_HERE ,
6981 + xmlSecErrorsSafeString( cipherName ) ,
6982 + "xmlSecBufferRemoveHead" ,
6983 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
6984 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6985 + SECITEM_FreeItem( secParam , PR_TRUE ) ;
6986 + xmlSecBufferDestroy( ivBuf ) ;
6987 + return -1 ;
6990 - ctx = xmlSecNssBlockCipherGetCtx(transform);
6991 - xmlSecAssert(ctx != NULL);
6992 + SECITEM_FreeItem( secParam , PR_TRUE ) ;
6993 + xmlSecBufferDestroy( ivBuf ) ;
6995 - if(ctx->cipherCtx != NULL) {
6996 - PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
6999 - memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
7000 + return 0 ;
7003 -static int
7004 -xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
7005 - xmlSecNssBlockCipherCtxPtr ctx;
7007 - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
7008 - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
7009 - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
7010 - xmlSecAssert2(keyReq != NULL, -1);
7012 - ctx = xmlSecNssBlockCipherGetCtx(transform);
7013 - xmlSecAssert2(ctx != NULL, -1);
7014 - xmlSecAssert2(ctx->keyId != NULL, -1);
7016 - keyReq->keyId = ctx->keyId;
7017 - keyReq->keyType = xmlSecKeyDataTypeSymmetric;
7018 - if(transform->operation == xmlSecTransformOperationEncrypt) {
7019 - keyReq->keyUsage = xmlSecKeyUsageEncrypt;
7020 - } else {
7021 - keyReq->keyUsage = xmlSecKeyUsageDecrypt;
7023 - keyReq->keyBitsSize = 8 * ctx->keySize;
7024 - return(0);
7026 +/**
7027 + * Block cipher transform update
7028 + */
7029 +static int
7030 +xmlSecNssBlockCipherCtxUpdate(
7031 + xmlSecNssBlockCipherCtxPtr ctx ,
7032 + xmlSecBufferPtr in ,
7033 + xmlSecBufferPtr out ,
7034 + int encrypt ,
7035 + const xmlChar* cipherName ,
7036 + xmlSecTransformCtxPtr transformCtx
7037 +) {
7038 + xmlSecSize inSize ;
7039 + xmlSecSize outSize ;
7040 + xmlSecSize inBlocks ;
7041 + int blockSize ;
7042 + int outLen ;
7043 + xmlSecByte* outBuf ;
7045 + xmlSecAssert2( ctx != NULL , -1 ) ;
7046 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
7047 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
7048 + xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ;
7049 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
7050 + xmlSecAssert2( in != NULL , -1 ) ;
7051 + xmlSecAssert2( out != NULL , -1 ) ;
7052 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
7054 + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
7055 + xmlSecError( XMLSEC_ERRORS_HERE ,
7056 + xmlSecErrorsSafeString( cipherName ) ,
7057 + "PK11_GetBlockSize" ,
7058 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7059 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7060 + return -1 ;
7063 + inSize = xmlSecBufferGetSize( in ) ;
7064 + outSize = xmlSecBufferGetSize( out ) ;
7066 + inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ;
7067 + inSize = inBlocks * blockSize ;
7069 + if( inSize < blockSize ) {
7070 + return 0 ;
7073 + if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
7074 + xmlSecError( XMLSEC_ERRORS_HERE ,
7075 + xmlSecErrorsSafeString( cipherName ) ,
7076 + "xmlSecBufferSetMaxSize" ,
7077 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7078 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7079 + return -1 ;
7081 + outBuf = xmlSecBufferGetData( out ) + outSize ;
7083 + if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
7084 + xmlSecError( XMLSEC_ERRORS_HERE ,
7085 + xmlSecErrorsSafeString( cipherName ) ,
7086 + "PK11_CipherOp" ,
7087 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7088 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7089 + return -1 ;
7092 + if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
7093 + xmlSecError( XMLSEC_ERRORS_HERE ,
7094 + xmlSecErrorsSafeString( cipherName ) ,
7095 + "xmlSecBufferSetSize" ,
7096 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7097 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7098 + return -1 ;
7101 + if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
7102 + xmlSecError( XMLSEC_ERRORS_HERE ,
7103 + xmlSecErrorsSafeString( cipherName ) ,
7104 + "xmlSecBufferRemoveHead" ,
7105 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7106 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7107 + return -1 ;
7110 -static int
7111 -xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
7112 - xmlSecNssBlockCipherCtxPtr ctx;
7113 - xmlSecBufferPtr buffer;
7115 - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
7116 - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
7117 - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
7118 - xmlSecAssert2(key != NULL, -1);
7120 - ctx = xmlSecNssBlockCipherGetCtx(transform);
7121 - xmlSecAssert2(ctx != NULL, -1);
7122 - xmlSecAssert2(ctx->cipher != 0, -1);
7123 - xmlSecAssert2(ctx->keyInitialized == 0, -1);
7124 - xmlSecAssert2(ctx->keyId != NULL, -1);
7125 - xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
7127 - xmlSecAssert2(ctx->keySize > 0, -1);
7128 - xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
7130 - buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
7131 - xmlSecAssert2(buffer != NULL, -1);
7133 - if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
7134 - xmlSecError(XMLSEC_ERRORS_HERE,
7135 - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7136 - NULL,
7137 - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
7138 - "keySize=%d;expected=%d",
7139 - xmlSecBufferGetSize(buffer), ctx->keySize);
7140 - return(-1);
7143 - xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
7144 - memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
7146 - ctx->keyInitialized = 1;
7147 - return(0);
7148 + return 0 ;
7151 +/**
7152 + * Block cipher transform final
7153 + */
7154 static int
7155 -xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
7156 - xmlSecNssBlockCipherCtxPtr ctx;
7157 - xmlSecBufferPtr in, out;
7158 - int ret;
7160 - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
7161 - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
7162 - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
7163 - xmlSecAssert2(transformCtx != NULL, -1);
7165 - in = &(transform->inBuf);
7166 - out = &(transform->outBuf);
7168 - ctx = xmlSecNssBlockCipherGetCtx(transform);
7169 - xmlSecAssert2(ctx != NULL, -1);
7170 +xmlSecNssBlockCipherCtxFinal(
7171 + xmlSecNssBlockCipherCtxPtr ctx ,
7172 + xmlSecBufferPtr in ,
7173 + xmlSecBufferPtr out ,
7174 + int encrypt ,
7175 + const xmlChar* cipherName ,
7176 + xmlSecTransformCtxPtr transformCtx
7177 +) {
7178 + xmlSecSize inSize ;
7179 + xmlSecSize outSize ;
7180 + int blockSize ;
7181 + int outLen ;
7182 + xmlSecByte* inBuf ;
7183 + xmlSecByte* outBuf ;
7185 + xmlSecAssert2( ctx != NULL , -1 ) ;
7186 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
7187 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
7188 + xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ;
7189 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
7190 + xmlSecAssert2( in != NULL , -1 ) ;
7191 + xmlSecAssert2( out != NULL , -1 ) ;
7192 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
7194 + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
7195 + xmlSecError( XMLSEC_ERRORS_HERE ,
7196 + xmlSecErrorsSafeString( cipherName ) ,
7197 + "PK11_GetBlockSize" ,
7198 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7199 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7200 + return -1 ;
7203 + inSize = xmlSecBufferGetSize( in ) ;
7204 + outSize = xmlSecBufferGetSize( out ) ;
7206 + /******************************************************************/
7207 + if( encrypt != 0 ) {
7208 + xmlSecAssert2( inSize < blockSize, -1 ) ;
7210 + /* create padding */
7211 + if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) {
7212 + xmlSecError( XMLSEC_ERRORS_HERE ,
7213 + xmlSecErrorsSafeString( cipherName ) ,
7214 + "xmlSecBufferSetMaxSize" ,
7215 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7216 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7217 + return -1 ;
7219 + inBuf = xmlSecBufferGetData( in ) ;
7221 + /* generate random */
7222 + if( blockSize > ( inSize + 1 ) ) {
7223 + if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) {
7224 + xmlSecError( XMLSEC_ERRORS_HERE ,
7225 + xmlSecErrorsSafeString( cipherName ) ,
7226 + "PK11_GenerateRandom" ,
7227 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7228 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7229 + return -1 ;
7233 + inBuf[blockSize-1] = blockSize - inSize ;
7234 + inSize = blockSize ;
7235 + } else {
7236 + if( inSize != blockSize ) {
7237 + xmlSecError( XMLSEC_ERRORS_HERE ,
7238 + xmlSecErrorsSafeString( cipherName ) ,
7239 + NULL ,
7240 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7241 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7242 + return -1 ;
7246 + /* process the last block */
7247 + if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
7248 + xmlSecError( XMLSEC_ERRORS_HERE ,
7249 + xmlSecErrorsSafeString( cipherName ) ,
7250 + "xmlSecBufferSetMaxSize" ,
7251 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7252 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7253 + return -1 ;
7255 + outBuf = xmlSecBufferGetData( out ) + outSize ;
7257 + if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
7258 + xmlSecError( XMLSEC_ERRORS_HERE ,
7259 + xmlSecErrorsSafeString( cipherName ) ,
7260 + "PK11_CipherOp" ,
7261 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7262 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7263 + return -1 ;
7266 + if( encrypt == 0 ) {
7267 + /* check padding */
7268 + if( outLen < outBuf[blockSize-1] ) {
7269 + xmlSecError( XMLSEC_ERRORS_HERE ,
7270 + xmlSecErrorsSafeString( cipherName ) ,
7271 + NULL ,
7272 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7273 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7274 + return -1 ;
7277 + outLen -= outBuf[blockSize-1] ;
7279 + /******************************************************************/
7281 + /******************************************************************
7282 + if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) {
7283 + xmlSecError( XMLSEC_ERRORS_HERE ,
7284 + xmlSecErrorsSafeString( cipherName ) ,
7285 + "xmlSecBufferSetMaxSize" ,
7286 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7287 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7288 + return -1 ;
7291 + outBuf = xmlSecBufferGetData( out ) + outSize ;
7293 + if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) {
7294 + xmlSecError( XMLSEC_ERRORS_HERE ,
7295 + xmlSecErrorsSafeString( cipherName ) ,
7296 + "PK11_DigestFinal" ,
7297 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7298 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7299 + return -1 ;
7301 + ******************************************************************/
7303 + if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
7304 + xmlSecError( XMLSEC_ERRORS_HERE ,
7305 + xmlSecErrorsSafeString( cipherName ) ,
7306 + "xmlSecBufferSetSize" ,
7307 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7308 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7309 + return -1 ;
7312 + if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
7313 + xmlSecError( XMLSEC_ERRORS_HERE ,
7314 + xmlSecErrorsSafeString( cipherName ) ,
7315 + "xmlSecBufferRemoveHead" ,
7316 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7317 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7318 + return -1 ;
7321 +/* PK11_Finalize( ctx->cipherCtx ) ;*/
7322 + PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ;
7323 + ctx->cipherCtx = NULL ;
7325 - if(transform->status == xmlSecTransformStatusNone) {
7326 - transform->status = xmlSecTransformStatusWorking;
7329 - if(transform->status == xmlSecTransformStatusWorking) {
7330 - if(ctx->ctxInitialized == 0) {
7331 - ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
7332 - (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
7333 - xmlSecTransformGetName(transform), transformCtx);
7334 - if(ret < 0) {
7335 - xmlSecError(XMLSEC_ERRORS_HERE,
7336 - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7337 - "xmlSecNssBlockCipherCtxInit",
7338 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
7339 - XMLSEC_ERRORS_NO_MESSAGE);
7340 - return(-1);
7343 - if((ctx->ctxInitialized == 0) && (last != 0)) {
7344 - xmlSecError(XMLSEC_ERRORS_HERE,
7345 - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7346 - NULL,
7347 - XMLSEC_ERRORS_R_INVALID_DATA,
7348 - "not enough data to initialize transform");
7349 - return(-1);
7352 - if(ctx->ctxInitialized != 0) {
7353 - ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
7354 - (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
7355 - xmlSecTransformGetName(transform), transformCtx);
7356 - if(ret < 0) {
7357 - xmlSecError(XMLSEC_ERRORS_HERE,
7358 - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7359 - "xmlSecNssBlockCipherCtxUpdate",
7360 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
7361 - XMLSEC_ERRORS_NO_MESSAGE);
7362 - return(-1);
7366 - if(last) {
7367 - ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
7368 - (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
7369 - xmlSecTransformGetName(transform), transformCtx);
7370 - if(ret < 0) {
7371 - xmlSecError(XMLSEC_ERRORS_HERE,
7372 - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7373 - "xmlSecNssBlockCipherCtxFinal",
7374 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
7375 - XMLSEC_ERRORS_NO_MESSAGE);
7376 - return(-1);
7378 - transform->status = xmlSecTransformStatusFinished;
7379 - }
7380 - } else if(transform->status == xmlSecTransformStatusFinished) {
7381 - /* the only way we can get here is if there is no input */
7382 - xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
7383 - } else if(transform->status == xmlSecTransformStatusNone) {
7384 - /* the only way we can get here is if there is no enough data in the input */
7385 - xmlSecAssert2(last == 0, -1);
7386 - } else {
7387 - xmlSecError(XMLSEC_ERRORS_HERE,
7388 - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7389 - NULL,
7390 - XMLSEC_ERRORS_R_INVALID_STATUS,
7391 - "status=%d", transform->status);
7392 - return(-1);
7395 - return(0);
7396 + return 0 ;
7400 -#ifndef XMLSEC_NO_AES
7401 -/*********************************************************************
7403 +/**
7404 + * xmlSecTransformExecuteMethod:
7405 + * @transform: the pointer to transform object.
7406 + * @last: the flag: if set to 1 then it's the last data chunk.
7407 + * @transformCtx: the pointer to transform context object.
7409 - * AES CBC cipher transforms
7410 + * Transform specific method to process a chunk of data.
7412 - ********************************************************************/
7413 + * Returns 0 on success or a negative value otherwise.
7414 + */
7415 +static int
7416 +xmlSecNssBlockCipherExecute(
7417 + xmlSecTransformPtr transform ,
7418 + int last ,
7419 + xmlSecTransformCtxPtr transformCtx
7420 +) {
7421 + xmlSecNssBlockCipherCtxPtr context = NULL ;
7422 + xmlSecBufferPtr inBuf = NULL ;
7423 + xmlSecBufferPtr outBuf = NULL ;
7424 + const xmlChar* cipherName ;
7425 + int operation ;
7426 + int rtv ;
7428 + xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
7429 + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
7430 + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
7431 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
7433 + context = xmlSecNssBlockCipherGetCtx( transform ) ;
7434 + if( context == NULL ) {
7435 + xmlSecError( XMLSEC_ERRORS_HERE ,
7436 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
7437 + "xmlSecNssBlockCipherGetCtx" ,
7438 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
7439 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7440 + return -1 ;
7443 + inBuf = &( transform->inBuf ) ;
7444 + outBuf = &( transform->outBuf ) ;
7446 + if( transform->status == xmlSecTransformStatusNone ) {
7447 + transform->status = xmlSecTransformStatusWorking ;
7450 + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
7451 + cipherName = xmlSecTransformGetName( transform ) ;
7453 + if( transform->status == xmlSecTransformStatusWorking ) {
7454 + if( context->cipherCtx == NULL ) {
7455 + rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
7456 + if( rtv < 0 ) {
7457 + xmlSecError( XMLSEC_ERRORS_HERE ,
7458 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
7459 + "xmlSecNssBlockCipherCtxInit" ,
7460 + XMLSEC_ERRORS_R_INVALID_STATUS ,
7461 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7462 + return -1 ;
7466 + if( context->cipherCtx == NULL && last != 0 ) {
7467 + xmlSecError( XMLSEC_ERRORS_HERE ,
7468 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
7469 + NULL ,
7470 + XMLSEC_ERRORS_R_INVALID_STATUS ,
7471 + "No enough data to intialize transform" ) ;
7472 + return -1 ;
7475 + if( context->cipherCtx != NULL ) {
7476 + rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
7477 + if( rtv < 0 ) {
7478 + xmlSecError( XMLSEC_ERRORS_HERE ,
7479 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
7480 + "xmlSecNssBlockCipherCtxUpdate" ,
7481 + XMLSEC_ERRORS_R_INVALID_STATUS ,
7482 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7483 + return -1 ;
7487 + if( last ) {
7488 + rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
7489 + if( rtv < 0 ) {
7490 + xmlSecError( XMLSEC_ERRORS_HERE ,
7491 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
7492 + "xmlSecNssBlockCipherCtxFinal" ,
7493 + XMLSEC_ERRORS_R_INVALID_STATUS ,
7494 + XMLSEC_ERRORS_NO_MESSAGE ) ;
7495 + return -1 ;
7497 + transform->status = xmlSecTransformStatusFinished ;
7499 + } else if( transform->status == xmlSecTransformStatusFinished ) {
7500 + if( xmlSecBufferGetSize( inBuf ) != 0 ) {
7501 + xmlSecError( XMLSEC_ERRORS_HERE ,
7502 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
7503 + NULL ,
7504 + XMLSEC_ERRORS_R_INVALID_STATUS ,
7505 + "status=%d", transform->status ) ;
7506 + return -1 ;
7508 + } else {
7509 + xmlSecError( XMLSEC_ERRORS_HERE ,
7510 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
7511 + NULL ,
7512 + XMLSEC_ERRORS_R_INVALID_STATUS ,
7513 + "status=%d", transform->status ) ;
7514 + return -1 ;
7517 + return 0 ;
7520 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
7521 +static struct _xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
7522 +#else
7523 static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
7524 - /* klass/object sizes */
7525 - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
7526 - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
7528 - xmlSecNameAes128Cbc, /* const xmlChar* name; */
7529 - xmlSecHrefAes128Cbc, /* const xmlChar* href; */
7530 - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
7532 - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
7533 - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
7534 - NULL, /* xmlSecTransformNodeReadMethod readNode; */
7535 - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
7536 - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
7537 - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
7538 - NULL, /* xmlSecTransformValidateMethod validate; */
7539 - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
7540 - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
7541 - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
7542 - NULL, /* xmlSecTransformPushXmlMethod pushXml; */
7543 - NULL, /* xmlSecTransformPopXmlMethod popXml; */
7544 - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
7546 - NULL, /* void* reserved0; */
7547 - NULL, /* void* reserved1; */
7549 +#endif
7550 + sizeof( xmlSecTransformKlass ) ,
7551 + xmlSecNssBlockCipherSize ,
7553 + xmlSecNameAes128Cbc ,
7554 + xmlSecHrefAes128Cbc ,
7555 + xmlSecTransformUsageEncryptionMethod ,
7557 + xmlSecNssBlockCipherInitialize ,
7558 + xmlSecNssBlockCipherFinalize ,
7559 + NULL ,
7560 + NULL ,
7562 + xmlSecNssBlockCipherSetKeyReq ,
7563 + xmlSecNssBlockCipherSetKey ,
7564 + NULL ,
7565 + xmlSecTransformDefaultGetDataType ,
7567 + xmlSecTransformDefaultPushBin ,
7568 + xmlSecTransformDefaultPopBin ,
7569 + NULL ,
7570 + NULL ,
7571 + xmlSecNssBlockCipherExecute ,
7573 + NULL ,
7574 + NULL
7575 +} ;
7578 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
7579 +static struct _xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
7580 +#else
7581 +static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
7582 +#endif
7583 + sizeof( xmlSecTransformKlass ) ,
7584 + xmlSecNssBlockCipherSize ,
7586 + xmlSecNameAes192Cbc ,
7587 + xmlSecHrefAes192Cbc ,
7588 + xmlSecTransformUsageEncryptionMethod ,
7590 + xmlSecNssBlockCipherInitialize ,
7591 + xmlSecNssBlockCipherFinalize ,
7592 + NULL ,
7593 + NULL ,
7595 + xmlSecNssBlockCipherSetKeyReq ,
7596 + xmlSecNssBlockCipherSetKey ,
7597 + NULL ,
7598 + xmlSecTransformDefaultGetDataType ,
7600 + xmlSecTransformDefaultPushBin ,
7601 + xmlSecTransformDefaultPopBin ,
7602 + NULL ,
7603 + NULL ,
7604 + xmlSecNssBlockCipherExecute ,
7606 + NULL ,
7607 + NULL
7608 +} ;
7611 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
7612 +static struct _xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
7613 +#else
7614 +static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
7615 +#endif
7616 + sizeof( xmlSecTransformKlass ) ,
7617 + xmlSecNssBlockCipherSize ,
7619 + xmlSecNameAes256Cbc ,
7620 + xmlSecHrefAes256Cbc ,
7621 + xmlSecTransformUsageEncryptionMethod ,
7623 + xmlSecNssBlockCipherInitialize ,
7624 + xmlSecNssBlockCipherFinalize ,
7625 + NULL ,
7626 + NULL ,
7628 + xmlSecNssBlockCipherSetKeyReq ,
7629 + xmlSecNssBlockCipherSetKey ,
7630 + NULL ,
7631 + xmlSecTransformDefaultGetDataType ,
7633 + xmlSecTransformDefaultPushBin ,
7634 + xmlSecTransformDefaultPopBin ,
7635 + NULL ,
7636 + NULL ,
7637 + xmlSecNssBlockCipherExecute ,
7639 + NULL ,
7640 + NULL
7641 +} ;
7643 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
7644 +static struct _xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
7645 +#else
7646 +static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
7647 +#endif
7648 + sizeof( xmlSecTransformKlass ) ,
7649 + xmlSecNssBlockCipherSize ,
7651 + xmlSecNameDes3Cbc ,
7652 + xmlSecHrefDes3Cbc ,
7653 + xmlSecTransformUsageEncryptionMethod ,
7655 + xmlSecNssBlockCipherInitialize ,
7656 + xmlSecNssBlockCipherFinalize ,
7657 + NULL ,
7658 + NULL ,
7660 + xmlSecNssBlockCipherSetKeyReq ,
7661 + xmlSecNssBlockCipherSetKey ,
7662 + NULL ,
7663 + xmlSecTransformDefaultGetDataType ,
7665 + xmlSecTransformDefaultPushBin ,
7666 + xmlSecTransformDefaultPopBin ,
7667 + NULL ,
7668 + NULL ,
7669 + xmlSecNssBlockCipherExecute ,
7671 + NULL ,
7672 + NULL
7673 +} ;
7676 - * xmlSecNssTransformAes128CbcGetKlass:
7677 - *
7678 - * AES 128 CBC encryption transform klass.
7679 - *
7680 - * Returns pointer to AES 128 CBC encryption transform.
7681 - */
7682 -xmlSecTransformId
7683 -xmlSecNssTransformAes128CbcGetKlass(void) {
7684 - return(&xmlSecNssAes128CbcKlass);
7685 + * xmlSecNssTransformAes128CbcGetKlass
7687 + * Get the AES128_CBC transform klass
7689 + * Return AES128_CBC transform klass
7690 + */
7691 +xmlSecTransformId
7692 +xmlSecNssTransformAes128CbcGetKlass( void ) {
7693 + return ( &xmlSecNssAes128CbcKlass ) ;
7696 -static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
7697 - /* klass/object sizes */
7698 - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
7699 - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
7701 - xmlSecNameAes192Cbc, /* const xmlChar* name; */
7702 - xmlSecHrefAes192Cbc, /* const xmlChar* href; */
7703 - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
7705 - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
7706 - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
7707 - NULL, /* xmlSecTransformNodeReadMethod readNode; */
7708 - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
7709 - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
7710 - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
7711 - NULL, /* xmlSecTransformValidateMethod validate; */
7712 - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
7713 - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
7714 - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
7715 - NULL, /* xmlSecTransformPushXmlMethod pushXml; */
7716 - NULL, /* xmlSecTransformPopXmlMethod popXml; */
7717 - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
7719 - NULL, /* void* reserved0; */
7720 - NULL, /* void* reserved1; */
7724 - * xmlSecNssTransformAes192CbcGetKlass:
7725 - *
7726 - * AES 192 CBC encryption transform klass.
7727 - *
7728 - * Returns pointer to AES 192 CBC encryption transform.
7729 - */
7730 -xmlSecTransformId
7731 -xmlSecNssTransformAes192CbcGetKlass(void) {
7732 - return(&xmlSecNssAes192CbcKlass);
7733 + * xmlSecNssTransformAes192CbcGetKlass
7735 + * Get the AES192_CBC transform klass
7737 + * Return AES192_CBC transform klass
7738 + */
7739 +xmlSecTransformId
7740 +xmlSecNssTransformAes192CbcGetKlass( void ) {
7741 + return ( &xmlSecNssAes192CbcKlass ) ;
7744 -static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
7745 - /* klass/object sizes */
7746 - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
7747 - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
7749 - xmlSecNameAes256Cbc, /* const xmlChar* name; */
7750 - xmlSecHrefAes256Cbc, /* const xmlChar* href; */
7751 - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
7753 - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
7754 - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
7755 - NULL, /* xmlSecTransformNodeReadMethod readNode; */
7756 - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
7757 - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
7758 - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
7759 - NULL, /* xmlSecTransformValidateMethod validate; */
7760 - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
7761 - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
7762 - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
7763 - NULL, /* xmlSecTransformPushXmlMethod pushXml; */
7764 - NULL, /* xmlSecTransformPopXmlMethod popXml; */
7765 - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
7767 - NULL, /* void* reserved0; */
7768 - NULL, /* void* reserved1; */
7772 - * xmlSecNssTransformAes256CbcGetKlass:
7773 - *
7774 - * AES 256 CBC encryption transform klass.
7775 - *
7776 - * Returns pointer to AES 256 CBC encryption transform.
7777 - */
7778 -xmlSecTransformId
7779 -xmlSecNssTransformAes256CbcGetKlass(void) {
7780 - return(&xmlSecNssAes256CbcKlass);
7781 + * xmlSecNssTransformAes256CbcGetKlass
7783 + * Get the AES256_CBC transform klass
7785 + * Return AES256_CBC transform klass
7786 + */
7787 +xmlSecTransformId
7788 +xmlSecNssTransformAes256CbcGetKlass( void ) {
7789 + return ( &xmlSecNssAes256CbcKlass ) ;
7792 -#endif /* XMLSEC_NO_AES */
7794 -#ifndef XMLSEC_NO_DES
7795 -static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
7796 - /* klass/object sizes */
7797 - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
7798 - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
7800 - xmlSecNameDes3Cbc, /* const xmlChar* name; */
7801 - xmlSecHrefDes3Cbc, /* const xmlChar* href; */
7802 - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
7804 - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
7805 - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
7806 - NULL, /* xmlSecTransformNodeReadMethod readNode; */
7807 - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
7808 - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
7809 - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
7810 - NULL, /* xmlSecTransformValidateMethod validate; */
7811 - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
7812 - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
7813 - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
7814 - NULL, /* xmlSecTransformPushXmlMethod pushXml; */
7815 - NULL, /* xmlSecTransformPopXmlMethod popXml; */
7816 - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
7818 - NULL, /* void* reserved0; */
7819 - NULL, /* void* reserved1; */
7822 -/**
7823 - * xmlSecNssTransformDes3CbcGetKlass:
7824 +/**
7825 + * xmlSecNssTransformDes3CbcGetKlass
7827 - * Triple DES CBC encryption transform klass.
7828 - *
7829 - * Returns pointer to Triple DES encryption transform.
7830 + * Get the DES3_CBC transform klass
7832 + * Return DES3_CBC transform klass
7834 -xmlSecTransformId
7835 -xmlSecNssTransformDes3CbcGetKlass(void) {
7836 - return(&xmlSecNssDes3CbcKlass);
7837 +xmlSecTransformId
7838 +xmlSecNssTransformDes3CbcGetKlass( void ) {
7839 + return ( &xmlSecNssDes3CbcKlass ) ;
7841 -#endif /* XMLSEC_NO_DES */
7844 --- misc/xmlsec1-1.2.6/src/nss/crypto.c 2003-10-29 16:57:25.000000000 +0100
7845 +++ misc/build/xmlsec1-1.2.6/src/nss/crypto.c 2008-06-29 23:44:19.000000000 +0200
7846 @@ -130,6 +130,7 @@
7848 * High level routines form xmlsec command line utility
7851 gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit;
7852 gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown;
7853 gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit;
7854 @@ -143,10 +144,29 @@
7855 gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
7856 gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
7857 gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
7858 -#endif /* XMLSEC_NO_X509 */
7859 +#endif
7860 gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
7861 gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
7862 gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback;
7865 + gXmlSecNssFunctions->cryptoAppInit = NULL ;
7866 + gXmlSecNssFunctions->cryptoAppShutdown = NULL ;
7867 + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ;
7868 + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ;
7869 + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ;
7870 + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ;
7871 +#ifndef XMLSEC_NO_X509
7872 + gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ;
7873 + gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ;
7874 + gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ;
7875 + gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ;
7876 + gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ;
7877 + gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ;
7878 +#endif /* XMLSEC_NO_X509 */
7879 + gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ;
7880 + gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ;
7881 + gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ;
7883 return(gXmlSecNssFunctions);
7885 --- misc/xmlsec1-1.2.6/src/nss/digests.c 2003-09-26 02:58:15.000000000 +0200
7886 +++ misc/build/xmlsec1-1.2.6/src/nss/digests.c 2008-06-29 23:44:19.000000000 +0200
7887 @@ -21,7 +21,6 @@
7888 #include <xmlsec/transforms.h>
7889 #include <xmlsec/errors.h>
7891 -#include <xmlsec/nss/app.h>
7892 #include <xmlsec/nss/crypto.h>
7894 #define XMLSEC_NSS_MAX_DIGEST_SIZE 32
7895 @@ -107,7 +106,7 @@
7896 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7897 "SECOID_FindOIDByTag",
7898 XMLSEC_ERRORS_R_CRYPTO_FAILED,
7899 - XMLSEC_ERRORS_NO_MESSAGE);
7900 + "error code=%d", PORT_GetError());
7901 return(-1);
7904 @@ -117,7 +116,7 @@
7905 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7906 "PK11_CreateDigestContext",
7907 XMLSEC_ERRORS_R_CRYPTO_FAILED,
7908 - XMLSEC_ERRORS_NO_MESSAGE);
7909 + "error code=%d", PORT_GetError());
7910 return(-1);
7913 @@ -208,7 +207,7 @@
7914 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7915 "PK11_DigestBegin",
7916 XMLSEC_ERRORS_R_CRYPTO_FAILED,
7917 - XMLSEC_ERRORS_NO_MESSAGE);
7918 + "error code=%d", PORT_GetError());
7919 return(-1);
7921 transform->status = xmlSecTransformStatusWorking;
7922 @@ -225,7 +224,7 @@
7923 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7924 "PK11_DigestOp",
7925 XMLSEC_ERRORS_R_CRYPTO_FAILED,
7926 - XMLSEC_ERRORS_NO_MESSAGE);
7927 + "error code=%d", PORT_GetError());
7928 return(-1);
7931 @@ -246,7 +245,7 @@
7932 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7933 "PK11_DigestFinal",
7934 XMLSEC_ERRORS_R_CRYPTO_FAILED,
7935 - XMLSEC_ERRORS_NO_MESSAGE);
7936 + "error code=%d", PORT_GetError());
7937 return(-1);
7939 xmlSecAssert2(ctx->dgstSize > 0, -1);
7940 @@ -285,7 +284,11 @@
7941 * SHA1 Digest transforms
7943 *****************************************************************************/
7944 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
7945 +static struct _xmlSecTransformKlass xmlSecNssSha1Klass = {
7946 +#else
7947 static xmlSecTransformKlass xmlSecNssSha1Klass = {
7948 +#endif
7949 /* klass/object sizes */
7950 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
7951 xmlSecNssDigestSize, /* xmlSecSize objSize */
7952 --- misc/xmlsec1-1.2.6/src/nss/hmac.c 2003-09-26 02:58:15.000000000 +0200
7953 +++ misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2008-06-29 23:44:19.000000000 +0200
7954 @@ -23,8 +23,8 @@
7955 #include <xmlsec/transforms.h>
7956 #include <xmlsec/errors.h>
7958 -#include <xmlsec/nss/app.h>
7959 #include <xmlsec/nss/crypto.h>
7960 +#include <xmlsec/nss/tokens.h>
7962 #define XMLSEC_NSS_MAX_HMAC_SIZE 128
7964 @@ -241,13 +241,13 @@
7965 keyItem.data = xmlSecBufferGetData(buffer);
7966 keyItem.len = xmlSecBufferGetSize(buffer);
7968 - slot = PK11_GetBestSlot(ctx->digestType, NULL);
7969 + slot = xmlSecNssSlotGet(ctx->digestType);
7970 if(slot == NULL) {
7971 xmlSecError(XMLSEC_ERRORS_HERE,
7972 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7973 - "PK11_GetBestSlot",
7974 + "xmlSecNssSlotGet",
7975 XMLSEC_ERRORS_R_CRYPTO_FAILED,
7976 - XMLSEC_ERRORS_NO_MESSAGE);
7977 + "error code=%d", PORT_GetError());
7978 return(-1);
7981 @@ -258,7 +258,7 @@
7982 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7983 "PK11_ImportSymKey",
7984 XMLSEC_ERRORS_R_CRYPTO_FAILED,
7985 - XMLSEC_ERRORS_NO_MESSAGE);
7986 + "error code=%d", PORT_GetError());
7987 PK11_FreeSlot(slot);
7988 return(-1);
7990 @@ -269,7 +269,7 @@
7991 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
7992 "PK11_CreateContextBySymKey",
7993 XMLSEC_ERRORS_R_CRYPTO_FAILED,
7994 - XMLSEC_ERRORS_NO_MESSAGE);
7995 + "error code=%d", PORT_GetError());
7996 PK11_FreeSymKey(symKey);
7997 PK11_FreeSlot(slot);
7998 return(-1);
7999 @@ -368,7 +368,7 @@
8000 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
8001 "PK11_DigestBegin",
8002 XMLSEC_ERRORS_R_CRYPTO_FAILED,
8003 - XMLSEC_ERRORS_NO_MESSAGE);
8004 + "error code=%d", PORT_GetError());
8005 return(-1);
8007 transform->status = xmlSecTransformStatusWorking;
8008 @@ -385,7 +385,7 @@
8009 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
8010 "PK11_DigestOp",
8011 XMLSEC_ERRORS_R_CRYPTO_FAILED,
8012 - XMLSEC_ERRORS_NO_MESSAGE);
8013 + "error code=%d", PORT_GetError());
8014 return(-1);
8017 @@ -408,7 +408,7 @@
8018 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
8019 "PK11_DigestFinal",
8020 XMLSEC_ERRORS_R_CRYPTO_FAILED,
8021 - XMLSEC_ERRORS_NO_MESSAGE);
8022 + "error code=%d", PORT_GetError());
8023 return(-1);
8025 xmlSecAssert2(dgstSize > 0, -1);
8026 @@ -459,7 +459,11 @@
8027 /**
8028 * HMAC SHA1
8030 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
8031 +static struct _xmlSecTransformKlass xmlSecNssHmacSha1Klass = {
8032 +#else
8033 static xmlSecTransformKlass xmlSecNssHmacSha1Klass = {
8034 +#endif
8035 /* klass/object sizes */
8036 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
8037 xmlSecNssHmacSize, /* xmlSecSize objSize */
8038 @@ -501,7 +505,11 @@
8039 /**
8040 * HMAC Ripemd160
8042 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
8043 +static struct _xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = {
8044 +#else
8045 static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = {
8046 +#endif
8047 /* klass/object sizes */
8048 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
8049 xmlSecNssHmacSize, /* xmlSecSize objSize */
8050 @@ -543,7 +551,11 @@
8051 /**
8052 * HMAC Md5
8054 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
8055 +static struct _xmlSecTransformKlass xmlSecNssHmacMd5Klass = {
8056 +#else
8057 static xmlSecTransformKlass xmlSecNssHmacMd5Klass = {
8058 +#endif
8059 /* klass/object sizes */
8060 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
8061 xmlSecNssHmacSize, /* xmlSecSize objSize */
8062 --- misc/xmlsec1-1.2.6/src/nss/keysstore.c 2003-09-26 02:58:15.000000000 +0200
8063 +++ misc/build/xmlsec1-1.2.6/src/nss/keysstore.c 2008-06-29 23:44:19.000000000 +0200
8064 @@ -1,119 +1,522 @@
8065 /**
8066 * XMLSec library
8068 - * Nss keys store that uses Simple Keys Store under the hood. Uses the
8069 - * Nss DB as a backing store for the finding keys, but the NSS DB is
8070 - * not written to by the keys store.
8071 - * So, if store->findkey is done and the key is not found in the simple
8072 - * keys store, the NSS DB is looked up.
8073 - * If store is called to adopt a key, that key is not written to the NSS
8074 - * DB.
8075 - * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
8076 - * source of keys for xmlsec
8077 - *
8078 * This is free software; see Copyright file in the source
8079 * distribution for precise wording.
8081 - * Copyright (c) 2003 America Online, Inc. All rights reserved.
8082 + * Copyright................................
8084 -#include "globals.h"
8086 -#include <stdlib.h>
8087 +/**
8088 + * NSS key store uses a key list and a slot list as the key repository. NSS slot
8089 + * list is a backup repository for the finding keys. If a key is not found from
8090 + * the key list, the NSS slot list is looked up.
8092 + * Any key in the key list will not save to pkcs11 slot. When a store to called
8093 + * to adopt a key, the key is resident in the key list; While a store to called
8094 + * to set a is resident in the key list; While a store to called to set a slot
8095 + * list, which means that the keys in the listed slot can be used for xml sign-
8096 + * nature or encryption.
8098 + * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
8100 + * The framework will decrease the user interfaces to administrate xmlSec crypto
8101 + * engine. He can only focus on NSS layer functions. For examples, after the
8102 + * user set up a slot list handler to the keys store, he do not need to do any
8103 + * other work atop xmlSec interfaces, his action on the slot list handler, such
8104 + * as add a token to, delete a token from the list, will directly effect the key
8105 + * store behaviors.
8107 + * For example, a scenariio:
8108 + * 0. Create a slot list;( NSS interfaces )
8109 + * 1. Create a keys store;( xmlSec interfaces )
8110 + * 2. Set slot list with the keys store;( xmlSec Interfaces )
8111 + * 3. Add a slot to the slot list;( NSS interfaces )
8112 + * 4. Perform xml signature; ( xmlSec Interfaces )
8113 + * 5. Deleter a slot from the slot list;( NSS interfaces )
8114 + * 6. Perform xml encryption; ( xmlSec Interfaces )
8115 + * 7. Perform xml signature;( xmlSec Interfaces )
8116 + * 8. Destroy the keys store;( xmlSec Interfaces )
8117 + * 8. Destroy the slot list.( NSS Interfaces )
8118 + */
8120 +#include "globals.h"
8121 #include <string.h>
8123 -#include <nss.h>
8124 -#include <cert.h>
8125 -#include <pk11func.h>
8126 -#include <keyhi.h>
8127 +#include <nss.h>
8128 +#include <pk11func.h>
8129 +#include <prinit.h>
8130 +#include <keyhi.h>
8132 -#include <libxml/tree.h>
8134 #include <xmlsec/xmlsec.h>
8135 -#include <xmlsec/buffer.h>
8136 -#include <xmlsec/base64.h>
8137 -#include <xmlsec/errors.h>
8138 -#include <xmlsec/xmltree.h>
8140 +#include <xmlsec/keys.h>
8141 #include <xmlsec/keysmngr.h>
8142 +#include <xmlsec/transforms.h>
8143 +#include <xmlsec/xmltree.h>
8144 +#include <xmlsec/errors.h>
8146 #include <xmlsec/nss/crypto.h>
8147 #include <xmlsec/nss/keysstore.h>
8148 -#include <xmlsec/nss/x509.h>
8149 +#include <xmlsec/nss/tokens.h>
8150 +#include <xmlsec/nss/ciphers.h>
8151 #include <xmlsec/nss/pkikeys.h>
8153 -/****************************************************************************
8154 +/**
8155 + * Internal NSS key store context
8157 - * Nss Keys Store. Uses Simple Keys Store under the hood
8158 - *
8159 - * Simple Keys Store ptr is located after xmlSecKeyStore
8160 + * This context is located after xmlSecKeyStore
8161 + */
8162 +typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
8163 +typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
8165 +struct _xmlSecNssKeysStoreCtx {
8166 + xmlSecPtrListPtr keyList ;
8167 + xmlSecPtrListPtr slotList ;
8168 +} ;
8170 +#define xmlSecNssKeysStoreSize \
8171 + ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
8173 +#define xmlSecNssKeysStoreGetCtx( data ) \
8174 + ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
8176 +int xmlSecNssKeysStoreAdoptKeySlot(
8177 + xmlSecKeyStorePtr store ,
8178 + xmlSecNssKeySlotPtr keySlot
8179 +) {
8180 + xmlSecNssKeysStoreCtxPtr context = NULL ;
8182 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
8183 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
8185 + context = xmlSecNssKeysStoreGetCtx( store ) ;
8186 + if( context == NULL ) {
8187 + xmlSecError( XMLSEC_ERRORS_HERE ,
8188 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8189 + "xmlSecNssKeysStoreGetCtx" ,
8190 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8191 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8192 + return -1 ;
8195 + if( context->slotList == NULL ) {
8196 + if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
8197 + xmlSecError( XMLSEC_ERRORS_HERE ,
8198 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8199 + "xmlSecPtrListCreate" ,
8200 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8201 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8202 + return -1 ;
8206 + if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
8207 + xmlSecError( XMLSEC_ERRORS_HERE ,
8208 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8209 + "xmlSecPtrListCheckId" ,
8210 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8211 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8212 + return -1 ;
8215 + if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
8216 + xmlSecError( XMLSEC_ERRORS_HERE ,
8217 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8218 + "xmlSecPtrListAdd" ,
8219 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8220 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8221 + return -1 ;
8224 + return 0 ;
8227 +int xmlSecNssKeysStoreAdoptKey(
8228 + xmlSecKeyStorePtr store ,
8229 + xmlSecKeyPtr key
8230 +) {
8231 + xmlSecNssKeysStoreCtxPtr context = NULL ;
8233 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
8234 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
8236 + context = xmlSecNssKeysStoreGetCtx( store ) ;
8237 + if( context == NULL ) {
8238 + xmlSecError( XMLSEC_ERRORS_HERE ,
8239 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8240 + "xmlSecNssKeysStoreGetCtx" ,
8241 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8242 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8243 + return -1 ;
8246 + if( context->keyList == NULL ) {
8247 + if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
8248 + xmlSecError( XMLSEC_ERRORS_HERE ,
8249 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8250 + "xmlSecPtrListCreate" ,
8251 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8252 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8253 + return -1 ;
8257 + if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
8258 + xmlSecError( XMLSEC_ERRORS_HERE ,
8259 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8260 + "xmlSecPtrListCheckId" ,
8261 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8262 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8263 + return -1 ;
8266 + if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
8267 + xmlSecError( XMLSEC_ERRORS_HERE ,
8268 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8269 + "xmlSecPtrListAdd" ,
8270 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8271 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8272 + return -1 ;
8275 + return 0 ;
8278 +/**
8279 + * xmlSecKeyStoreInitializeMethod:
8280 + * @store: the store.
8282 - ***************************************************************************/
8283 -#define xmlSecNssKeysStoreSize \
8284 - (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
8286 -#define xmlSecNssKeysStoreGetSS(store) \
8287 - ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
8288 - (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
8289 - (xmlSecKeyStorePtr*)NULL)
8291 -static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
8292 -static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
8293 -static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
8294 - const xmlChar* name,
8295 - xmlSecKeyInfoCtxPtr keyInfoCtx);
8296 + * Keys store specific initialization method.
8298 + * Returns 0 on success or a negative value if an error occurs.
8299 + */
8300 +static int
8301 +xmlSecNssKeysStoreInitialize(
8302 + xmlSecKeyStorePtr store
8303 +) {
8304 + xmlSecNssKeysStoreCtxPtr context = NULL ;
8306 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
8307 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
8309 + context = xmlSecNssKeysStoreGetCtx( store ) ;
8310 + if( context == NULL ) {
8311 + xmlSecError( XMLSEC_ERRORS_HERE ,
8312 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8313 + "xmlSecNssKeysStoreGetCtx" ,
8314 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8315 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8316 + return -1 ;
8319 -static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
8320 - sizeof(xmlSecKeyStoreKlass),
8321 - xmlSecNssKeysStoreSize,
8322 + context->keyList = NULL ;
8323 + context->slotList = NULL ;
8325 - /* data */
8326 - BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
8328 - /* constructors/destructor */
8329 - xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
8330 - xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
8331 - xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
8333 - /* reserved for the future */
8334 - NULL, /* void* reserved0; */
8335 - NULL, /* void* reserved1; */
8337 + return 0 ;
8340 -/**
8341 - * xmlSecNssKeysStoreGetKlass:
8342 - *
8343 - * The Nss list based keys store klass.
8344 +/**
8345 + * xmlSecKeyStoreFinalizeMethod:
8346 + * @store: the store.
8348 - * Returns Nss list based keys store klass.
8349 + * Keys store specific finalization (destroy) method.
8351 -xmlSecKeyStoreId
8352 -xmlSecNssKeysStoreGetKlass(void) {
8353 - return(&xmlSecNssKeysStoreKlass);
8354 +void
8355 +xmlSecNssKeysStoreFinalize(
8356 + xmlSecKeyStorePtr store
8357 +) {
8358 + xmlSecNssKeysStoreCtxPtr context = NULL ;
8360 + xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
8361 + xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
8363 + context = xmlSecNssKeysStoreGetCtx( store ) ;
8364 + if( context == NULL ) {
8365 + xmlSecError( XMLSEC_ERRORS_HERE ,
8366 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8367 + "xmlSecNssKeysStoreGetCtx" ,
8368 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8369 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8370 + return ;
8373 + if( context->keyList != NULL ) {
8374 + xmlSecPtrListDestroy( context->keyList ) ;
8375 + context->keyList = NULL ;
8378 + if( context->slotList != NULL ) {
8379 + xmlSecPtrListDestroy( context->slotList ) ;
8380 + context->slotList = NULL ;
8384 -/**
8385 - * xmlSecNssKeysStoreAdoptKey:
8386 - * @store: the pointer to Nss keys store.
8387 - * @key: the pointer to key.
8388 - *
8389 - * Adds @key to the @store.
8390 +xmlSecKeyPtr
8391 +xmlSecNssKeysStoreFindKeyFromSlot(
8392 + PK11SlotInfo* slot,
8393 + const xmlChar* name,
8394 + xmlSecKeyInfoCtxPtr keyInfoCtx
8395 +) {
8396 + xmlSecKeyPtr key = NULL ;
8397 + xmlSecKeyDataPtr data = NULL ;
8398 + int length ;
8400 + xmlSecAssert2( slot != NULL , NULL ) ;
8401 + xmlSecAssert2( name != NULL , NULL ) ;
8402 + xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
8404 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
8405 + PK11SymKey* symKey ;
8406 + PK11SymKey* curKey ;
8408 + /* Find symmetric key from the slot by name */
8409 + symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
8410 + for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
8411 + /* Check the key request */
8412 + length = PK11_GetKeyLength( curKey ) ;
8413 + length *= 8 ;
8414 + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
8415 + ( length > 0 ) &&
8416 + ( length < keyInfoCtx->keyReq.keyBitsSize ) )
8417 + continue ;
8419 + /* We find a eligible key */
8420 + data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
8421 + if( data == NULL ) {
8422 + /* Do nothing */
8424 + break ;
8427 + /* Destroy the sym key list */
8428 + for( curKey = symKey ; curKey != NULL ; ) {
8429 + symKey = curKey ;
8430 + curKey = PK11_GetNextSymKey( symKey ) ;
8431 + PK11_FreeSymKey( symKey ) ;
8433 + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
8434 + SECKEYPublicKeyList* pubKeyList ;
8435 + SECKEYPublicKey* pubKey ;
8436 + SECKEYPublicKeyListNode* curPub ;
8438 + /* Find asymmetric key from the slot by name */
8439 + pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
8440 + pubKey = NULL ;
8441 + curPub = PUBKEY_LIST_HEAD(pubKeyList);
8442 + for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
8443 + /* Check the key request */
8444 + length = SECKEY_PublicKeyStrength( curPub->key ) ;
8445 + length *= 8 ;
8446 + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
8447 + ( length > 0 ) &&
8448 + ( length < keyInfoCtx->keyReq.keyBitsSize ) )
8449 + continue ;
8451 + /* We find a eligible key */
8452 + pubKey = curPub->key ;
8453 + break ;
8456 + if( pubKey != NULL ) {
8457 + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
8458 + if( data == NULL ) {
8459 + /* Do nothing */
8463 + /* Destroy the public key list */
8464 + SECKEY_DestroyPublicKeyList( pubKeyList ) ;
8465 + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
8466 + SECKEYPrivateKeyList* priKeyList = NULL ;
8467 + SECKEYPrivateKey* priKey = NULL ;
8468 + SECKEYPrivateKeyListNode* curPri ;
8470 + /* Find asymmetric key from the slot by name */
8471 + priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
8472 + priKey = NULL ;
8473 + curPri = PRIVKEY_LIST_HEAD(priKeyList);
8474 + for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
8475 + /* Check the key request */
8476 + length = PK11_SignatureLen( curPri->key ) ;
8477 + length *= 8 ;
8478 + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
8479 + ( length > 0 ) &&
8480 + ( length < keyInfoCtx->keyReq.keyBitsSize ) )
8481 + continue ;
8483 + /* We find a eligible key */
8484 + priKey = curPri->key ;
8485 + break ;
8488 + if( priKey != NULL ) {
8489 + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
8490 + if( data == NULL ) {
8491 + /* Do nothing */
8495 + /* Destroy the private key list */
8496 + SECKEY_DestroyPrivateKeyList( priKeyList ) ;
8499 + /* If we have gotten the key value */
8500 + if( data != NULL ) {
8501 + if( ( key = xmlSecKeyCreate() ) == NULL ) {
8502 + xmlSecError( XMLSEC_ERRORS_HERE ,
8503 + NULL ,
8504 + "xmlSecKeyCreate" ,
8505 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8506 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8508 + xmlSecKeyDataDestroy( data ) ;
8509 + return NULL ;
8512 + if( xmlSecKeySetValue( key , data ) < 0 ) {
8513 + xmlSecError( XMLSEC_ERRORS_HERE ,
8514 + NULL ,
8515 + "xmlSecKeySetValue" ,
8516 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8517 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8519 + xmlSecKeyDestroy( key ) ;
8520 + xmlSecKeyDataDestroy( data ) ;
8521 + return NULL ;
8525 + return(key);
8528 +/**
8529 + * xmlSecKeyStoreFindKeyMethod:
8530 + * @store: the store.
8531 + * @name: the desired key name.
8532 + * @keyInfoCtx: the pointer to key info context.
8534 - * Returns 0 on success or a negative value if an error occurs.
8535 + * Keys store specific find method. The caller is responsible for destroying
8536 + * the returned key using #xmlSecKeyDestroy method.
8538 + * Returns the pointer to a key or NULL if key is not found or an error occurs.
8540 -int
8541 -xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
8542 - xmlSecKeyStorePtr *ss;
8544 - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
8545 - xmlSecAssert2((key != NULL), -1);
8546 +static xmlSecKeyPtr
8547 +xmlSecNssKeysStoreFindKey(
8548 + xmlSecKeyStorePtr store ,
8549 + const xmlChar* name ,
8550 + xmlSecKeyInfoCtxPtr keyInfoCtx
8551 +) {
8552 + xmlSecNssKeysStoreCtxPtr context = NULL ;
8553 + xmlSecKeyPtr key = NULL ;
8554 + xmlSecNssKeySlotPtr keySlot = NULL ;
8555 + xmlSecSize pos ;
8556 + xmlSecSize size ;
8558 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
8559 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
8560 + xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
8562 + context = xmlSecNssKeysStoreGetCtx( store ) ;
8563 + if( context == NULL ) {
8564 + xmlSecError( XMLSEC_ERRORS_HERE ,
8565 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8566 + "xmlSecNssKeysStoreGetCtx" ,
8567 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8568 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8569 + return NULL ;
8572 + /*-
8573 + * Look for key at keyList at first.
8574 + */
8575 + if( context->keyList != NULL ) {
8576 + size = xmlSecPtrListGetSize( context->keyList ) ;
8577 + for( pos = 0 ; pos < size ; pos ++ ) {
8578 + key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
8579 + if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
8580 + return xmlSecKeyDuplicate( key ) ;
8585 + /*-
8586 + * Find the key from slotList
8587 + */
8588 + if( context->slotList != NULL ) {
8589 + PK11SlotInfo* slot = NULL ;
8591 + size = xmlSecPtrListGetSize( context->slotList ) ;
8592 + for( pos = 0 ; pos < size ; pos ++ ) {
8593 + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
8594 + slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
8595 + if( slot == NULL ) {
8596 + continue ;
8597 + } else {
8598 + key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
8599 + if( key == NULL ) {
8600 + continue ;
8601 + } else {
8602 + return( key ) ;
8608 + /*-
8609 + * Create a session key if we can not find the key from keyList and slotList
8610 + */
8611 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
8612 + key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
8613 + if( key == NULL ) {
8614 + xmlSecError( XMLSEC_ERRORS_HERE ,
8615 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
8616 + "xmlSecKeySetValue" ,
8617 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
8618 + XMLSEC_ERRORS_NO_MESSAGE ) ;
8619 + return NULL ;
8622 + return key ;
8625 + /**
8626 + * We have no way to find the key any more.
8627 + */
8628 + return NULL ;
8631 - ss = xmlSecNssKeysStoreGetSS(store);
8632 - xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
8633 - (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
8634 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
8635 +static struct _xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
8636 +#else
8637 +static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
8638 +#endif
8639 + sizeof( xmlSecKeyStoreKlass ) ,
8640 + xmlSecNssKeysStoreSize ,
8641 + BAD_CAST "implicit_nss_keys_store" ,
8642 + xmlSecNssKeysStoreInitialize ,
8643 + xmlSecNssKeysStoreFinalize ,
8644 + xmlSecNssKeysStoreFindKey ,
8645 + NULL ,
8646 + NULL
8647 +} ;
8649 - return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
8650 +/**
8651 + * xmlSecNssKeysStoreGetKlass:
8652 + *
8653 + * The simple list based keys store klass.
8655 + * Returns simple list based keys store klass.
8656 + */
8657 +xmlSecKeyStoreId
8658 +xmlSecNssKeysStoreGetKlass( void ) {
8659 + return &xmlSecNssKeysStoreKlass ;
8663 +/**************************
8664 + * Application routines
8665 + */
8666 /**
8667 * xmlSecNssKeysStoreLoad:
8668 * @store: the pointer to Nss keys store.
8669 @@ -125,8 +528,11 @@
8670 * Returns 0 on success or a negative value if an error occurs.
8673 -xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
8674 - xmlSecKeysMngrPtr keysMngr) {
8675 +xmlSecNssKeysStoreLoad(
8676 + xmlSecKeyStorePtr store,
8677 + const char *uri,
8678 + xmlSecKeysMngrPtr keysMngr
8679 +) {
8680 xmlDocPtr doc;
8681 xmlNodePtr root;
8682 xmlNodePtr cur;
8683 @@ -252,254 +658,147 @@
8686 xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
8687 - xmlSecKeyStorePtr *ss;
8689 - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
8690 - xmlSecAssert2((filename != NULL), -1);
8692 - ss = xmlSecNssKeysStoreGetSS(store);
8693 - xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
8694 - (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
8696 - return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
8699 -static int
8700 -xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
8701 - xmlSecKeyStorePtr *ss;
8703 - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
8704 + xmlSecKeyInfoCtx keyInfoCtx;
8705 + xmlSecNssKeysStoreCtxPtr context ;
8706 + xmlSecPtrListPtr list;
8707 + xmlSecKeyPtr key;
8708 + xmlSecSize i, keysSize;
8709 + xmlDocPtr doc;
8710 + xmlNodePtr cur;
8711 + xmlSecKeyDataPtr data;
8712 + xmlSecPtrListPtr idsList;
8713 + xmlSecKeyDataId dataId;
8714 + xmlSecSize idsSize, j;
8715 + int ret;
8717 - ss = xmlSecNssKeysStoreGetSS(store);
8718 - xmlSecAssert2((*ss == NULL), -1);
8719 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ;
8720 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
8721 + xmlSecAssert2(filename != NULL, -1);
8723 + context = xmlSecNssKeysStoreGetCtx( store ) ;
8724 + xmlSecAssert2( context != NULL, -1 );
8726 + list = context->keyList ;
8727 + xmlSecAssert2( list != NULL, -1 );
8728 + xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
8730 - *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
8731 - if(*ss == NULL) {
8732 - xmlSecError(XMLSEC_ERRORS_HERE,
8733 + /* create doc */
8734 + doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
8735 + if(doc == NULL) {
8736 + xmlSecError(XMLSEC_ERRORS_HERE,
8737 xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
8738 - "xmlSecKeyStoreCreate",
8739 + "xmlSecCreateTree",
8740 XMLSEC_ERRORS_R_XMLSEC_FAILED,
8741 - "xmlSecSimpleKeysStoreId");
8742 - return(-1);
8743 + XMLSEC_ERRORS_NO_MESSAGE);
8744 + return(-1);
8747 - return(0);
8750 -static void
8751 -xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
8752 - xmlSecKeyStorePtr *ss;
8754 - xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
8756 - ss = xmlSecNssKeysStoreGetSS(store);
8757 - xmlSecAssert((ss != NULL) && (*ss != NULL));
8759 - xmlSecKeyStoreDestroy(*ss);
8762 -static xmlSecKeyPtr
8763 -xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
8764 - xmlSecKeyInfoCtxPtr keyInfoCtx) {
8765 - xmlSecKeyStorePtr* ss;
8766 - xmlSecKeyPtr key = NULL;
8767 - xmlSecKeyPtr retval = NULL;
8768 - xmlSecKeyReqPtr keyReq = NULL;
8769 - CERTCertificate *cert = NULL;
8770 - SECKEYPublicKey *pubkey = NULL;
8771 - SECKEYPrivateKey *privkey = NULL;
8772 - xmlSecKeyDataPtr data = NULL;
8773 - xmlSecKeyDataPtr x509Data = NULL;
8774 - int ret;
8776 - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
8777 - xmlSecAssert2(keyInfoCtx != NULL, NULL);
8779 - ss = xmlSecNssKeysStoreGetSS(store);
8780 - xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
8782 - key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
8783 - if (key != NULL) {
8784 - return (key);
8786 + idsList = xmlSecKeyDataIdsGet();
8787 + xmlSecAssert2(idsList != NULL, -1);
8789 + keysSize = xmlSecPtrListGetSize(list);
8790 + idsSize = xmlSecPtrListGetSize(idsList);
8791 + for(i = 0; i < keysSize; ++i) {
8792 + key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
8793 + xmlSecAssert2(key != NULL, -1);
8795 + cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
8796 + if(cur == NULL) {
8797 + xmlSecError(XMLSEC_ERRORS_HERE,
8798 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
8799 + "xmlSecAddChild",
8800 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
8801 + "node=%s",
8802 + xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
8803 + xmlFreeDoc(doc);
8804 + return(-1);
8807 - /* Try to find the key in the NSS DB, and construct an xmlSecKey.
8808 - * we must have a name to lookup keys in NSS DB.
8809 - */
8810 - if (name == NULL) {
8811 - goto done;
8813 + /* special data key name */
8814 + if(xmlSecKeyGetName(key) != NULL) {
8815 + if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
8816 + xmlSecError(XMLSEC_ERRORS_HERE,
8817 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
8818 + "xmlSecAddChild",
8819 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
8820 + "node=%s",
8821 + xmlSecErrorsSafeString(xmlSecNodeKeyName));
8822 + xmlFreeDoc(doc);
8823 + return(-1);
8827 + /* create nodes for other keys data */
8828 + for(j = 0; j < idsSize; ++j) {
8829 + dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
8830 + xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
8832 - /* what type of key are we looking for?
8833 - * TBD: For now, we'll look only for public/private keys using the
8834 - * name as a cert nickname. Later on, we can attempt to find
8835 - * symmetric keys using PK11_FindFixedKey
8836 - */
8837 - keyReq = &(keyInfoCtx->keyReq);
8838 - if (keyReq->keyType &
8839 - (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
8840 - cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
8841 - if (cert == NULL) {
8842 - goto done;
8845 - if (keyReq->keyType & xmlSecKeyDataTypePublic) {
8846 - pubkey = CERT_ExtractPublicKey(cert);
8847 - if (pubkey == NULL) {
8848 - xmlSecError(XMLSEC_ERRORS_HERE,
8849 - NULL,
8850 - "CERT_ExtractPublicKey",
8851 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
8852 - XMLSEC_ERRORS_NO_MESSAGE);
8853 - goto done;
8854 + if(dataId->dataNodeName == NULL) {
8855 + continue;
8858 + data = xmlSecKeyGetData(key, dataId);
8859 + if(data == NULL) {
8860 + continue;
8862 - }
8864 - if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
8865 - privkey = PK11_FindKeyByAnyCert(cert, NULL);
8866 - if (privkey == NULL) {
8867 - xmlSecError(XMLSEC_ERRORS_HERE,
8868 - NULL,
8869 - "PK11_FindKeyByAnyCert",
8870 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
8871 - XMLSEC_ERRORS_NO_MESSAGE);
8872 - goto done;
8873 + if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
8874 + xmlSecError(XMLSEC_ERRORS_HERE,
8875 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
8876 + "xmlSecAddChild",
8877 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
8878 + "node=%s",
8879 + xmlSecErrorsSafeString(dataId->dataNodeName));
8880 + xmlFreeDoc(doc);
8881 + return(-1);
8885 - data = xmlSecNssPKIAdoptKey(privkey, pubkey);
8886 - if(data == NULL) {
8887 - xmlSecError(XMLSEC_ERRORS_HERE,
8888 - NULL,
8889 - "xmlSecNssPKIAdoptKey",
8890 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
8891 - XMLSEC_ERRORS_NO_MESSAGE);
8892 - goto done;
8893 - }
8894 - privkey = NULL;
8895 - pubkey = NULL;
8897 - key = xmlSecKeyCreate();
8898 - if (key == NULL) {
8899 + ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
8900 + if(ret < 0) {
8901 xmlSecError(XMLSEC_ERRORS_HERE,
8902 - NULL,
8903 - "xmlSecKeyCreate",
8904 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
8905 + "xmlSecKeyInfoCtxInitialize",
8906 XMLSEC_ERRORS_R_XMLSEC_FAILED,
8907 XMLSEC_ERRORS_NO_MESSAGE);
8908 - return (NULL);
8911 - x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
8912 - if(x509Data == NULL) {
8913 - xmlSecError(XMLSEC_ERRORS_HERE,
8914 - NULL,
8915 - "xmlSecKeyDataCreate",
8916 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
8917 - "transform=%s",
8918 - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
8919 - goto done;
8922 - ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
8923 - if (ret < 0) {
8924 - xmlSecError(XMLSEC_ERRORS_HERE,
8925 - NULL,
8926 - "xmlSecNssKeyDataX509AdoptKeyCert",
8927 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
8928 - "data=%s",
8929 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
8930 - goto done;
8932 - cert = CERT_DupCertificate(cert);
8933 - if (cert == NULL) {
8934 - xmlSecError(XMLSEC_ERRORS_HERE,
8935 - NULL,
8936 - "CERT_DupCertificate",
8937 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
8938 - "data=%s",
8939 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
8940 - goto done;
8943 - ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
8944 - if (ret < 0) {
8945 - xmlSecError(XMLSEC_ERRORS_HERE,
8946 - NULL,
8947 - "xmlSecNssKeyDataX509AdoptCert",
8948 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
8949 - "data=%s",
8950 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
8951 - goto done;
8952 + xmlFreeDoc(doc);
8953 + return(-1);
8955 - cert = NULL;
8957 - ret = xmlSecKeySetValue(key, data);
8958 - if (ret < 0) {
8959 - xmlSecError(XMLSEC_ERRORS_HERE,
8960 - NULL,
8961 - "xmlSecKeySetValue",
8962 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
8963 - "data=%s",
8964 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
8965 - goto done;
8967 - data = NULL;
8968 + keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
8969 + keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
8970 + keyInfoCtx.keyReq.keyType = type;
8971 + keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
8973 - ret = xmlSecKeyAdoptData(key, x509Data);
8974 - if (ret < 0) {
8975 + /* finally write key in the node */
8976 + ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
8977 + if(ret < 0) {
8978 xmlSecError(XMLSEC_ERRORS_HERE,
8979 - NULL,
8980 - "xmlSecKeyAdoptData",
8981 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
8982 + "xmlSecKeyInfoNodeWrite",
8983 XMLSEC_ERRORS_R_XMLSEC_FAILED,
8984 - "data=%s",
8985 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
8986 - goto done;
8988 - x509Data = NULL;
8990 - retval = key;
8991 - key = NULL;
8994 -done:
8995 - if (cert != NULL) {
8996 - CERT_DestroyCertificate(cert);
8998 - if (pubkey != NULL) {
8999 - SECKEY_DestroyPublicKey(pubkey);
9001 - if (privkey != NULL) {
9002 - SECKEY_DestroyPrivateKey(privkey);
9004 - if (data != NULL) {
9005 - xmlSecKeyDataDestroy(data);
9007 - if (x509Data != NULL) {
9008 - xmlSecKeyDataDestroy(x509Data);
9010 - if (key != NULL) {
9011 - xmlSecKeyDestroy(key);
9012 + XMLSEC_ERRORS_NO_MESSAGE);
9013 + xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
9014 + xmlFreeDoc(doc);
9015 + return(-1);
9016 + }
9017 + xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
9020 - /* now that we have a key, make sure it is valid and let the simple
9021 - * store adopt it */
9022 - if (retval) {
9023 - if (xmlSecKeyIsValid(retval)) {
9024 - ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval);
9025 - if (ret < 0) {
9027 + /* now write result */
9028 + ret = xmlSaveFormatFile(filename, doc, 1);
9029 + if(ret < 0) {
9030 xmlSecError(XMLSEC_ERRORS_HERE,
9031 - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
9032 - "xmlSecSimpleKeysStoreAdoptKey",
9033 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
9034 - XMLSEC_ERRORS_NO_MESSAGE);
9035 - xmlSecKeyDestroy(retval);
9036 - retval = NULL;
9038 - } else {
9039 - xmlSecKeyDestroy(retval);
9040 - retval = NULL;
9044 - return (retval);
9045 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
9046 + "xmlSaveFormatFile",
9047 + XMLSEC_ERRORS_R_XML_FAILED,
9048 + "filename=%s",
9049 + xmlSecErrorsSafeString(filename));
9050 + xmlFreeDoc(doc);
9051 + return(-1);
9052 + }
9054 + xmlFreeDoc(doc);
9055 + return(0);
9058 --- misc/xmlsec1-1.2.6/src/nss/keytrans.c 2008-06-29 23:44:39.000000000 +0200
9059 +++ misc/build/xmlsec1-1.2.6/src/nss/keytrans.c 2008-06-29 23:44:19.000000000 +0200
9060 @@ -1 +1,752 @@
9061 -dummy
9062 +/**
9064 + * XMLSec library
9065 + *
9066 + * AES Algorithm support
9067 + *
9068 + * This is free software; see Copyright file in the source
9069 + * distribution for preciese wording.
9070 + *
9071 + * Copyright .................................
9072 + */
9073 +#include "globals.h"
9075 +#include <stdlib.h>
9076 +#include <stdio.h>
9077 +#include <string.h>
9079 +#include <nss.h>
9080 +#include <pk11func.h>
9081 +#include <keyhi.h>
9082 +#include <key.h>
9083 +#include <hasht.h>
9085 +#include <xmlsec/xmlsec.h>
9086 +#include <xmlsec/xmltree.h>
9087 +#include <xmlsec/keys.h>
9088 +#include <xmlsec/transforms.h>
9089 +#include <xmlsec/errors.h>
9091 +#include <xmlsec/nss/crypto.h>
9092 +#include <xmlsec/nss/pkikeys.h>
9093 +#include <xmlsec/nss/tokens.h>
9095 +/*********************************************************************
9097 + * key transform transforms
9099 + ********************************************************************/
9100 +typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ;
9101 +typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ;
9103 +#define xmlSecNssKeyTransportSize \
9104 + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) )
9106 +#define xmlSecNssKeyTransportGetCtx( transform ) \
9107 + ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
9109 +struct _xmlSecNssKeyTransportCtx {
9110 + CK_MECHANISM_TYPE cipher ;
9111 + SECKEYPublicKey* pubkey ;
9112 + SECKEYPrivateKey* prikey ;
9113 + xmlSecKeyDataId keyId ;
9114 + xmlSecBufferPtr material ; /* to be encrypted/decrypted material */
9115 +} ;
9117 +static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform);
9118 +static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform);
9119 +static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform,
9120 + xmlSecKeyReqPtr keyReq);
9121 +static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform,
9122 + xmlSecKeyPtr key);
9123 +static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform,
9124 + int last,
9125 + xmlSecTransformCtxPtr transformCtx);
9126 +static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform);
9128 +static int
9129 +xmlSecNssKeyTransportCheckId(
9130 + xmlSecTransformPtr transform
9131 +) {
9132 + #ifndef XMLSEC_NO_RSA
9133 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) ||
9134 + xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) {
9136 + return(1);
9138 + #endif /* XMLSEC_NO_RSA */
9140 + return(0);
9143 +static int
9144 +xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) {
9145 + xmlSecNssKeyTransportCtxPtr context ;
9146 + int ret;
9148 + xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
9149 + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
9151 + context = xmlSecNssKeyTransportGetCtx( transform ) ;
9152 + xmlSecAssert2( context != NULL , -1 ) ;
9154 + #ifndef XMLSEC_NO_RSA
9155 + if( transform->id == xmlSecNssTransformRsaPkcs1Id ) {
9156 + context->cipher = CKM_RSA_PKCS ;
9157 + context->keyId = xmlSecNssKeyDataRsaId ;
9158 + } else if( transform->id == xmlSecNssTransformRsaOaepId ) {
9159 + context->cipher = CKM_RSA_PKCS_OAEP ;
9160 + context->keyId = xmlSecNssKeyDataRsaId ;
9161 + } else
9162 + #endif /* XMLSEC_NO_RSA */
9164 + if( 1 ) {
9165 + xmlSecError( XMLSEC_ERRORS_HERE ,
9166 + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
9167 + NULL ,
9168 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9169 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9170 + return(-1);
9173 + context->pubkey = NULL ;
9174 + context->prikey = NULL ;
9175 + context->material = NULL ;
9177 + return(0);
9180 +static void
9181 +xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) {
9182 + xmlSecNssKeyTransportCtxPtr context ;
9184 + xmlSecAssert(xmlSecNssKeyTransportCheckId(transform));
9185 + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize));
9187 + context = xmlSecNssKeyTransportGetCtx( transform ) ;
9188 + xmlSecAssert( context != NULL ) ;
9190 + if( context->pubkey != NULL ) {
9191 + SECKEY_DestroyPublicKey( context->pubkey ) ;
9192 + context->pubkey = NULL ;
9195 + if( context->prikey != NULL ) {
9196 + SECKEY_DestroyPrivateKey( context->prikey ) ;
9197 + context->prikey = NULL ;
9200 + if( context->material != NULL ) {
9201 + xmlSecBufferDestroy(context->material);
9202 + context->material = NULL ;
9206 +static int
9207 +xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
9208 + xmlSecNssKeyTransportCtxPtr context ;
9209 + xmlSecSize cipherSize = 0 ;
9212 + xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
9213 + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
9214 + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
9215 + xmlSecAssert2(keyReq != NULL, -1);
9217 + context = xmlSecNssKeyTransportGetCtx( transform ) ;
9218 + xmlSecAssert2( context != NULL , -1 ) ;
9220 + keyReq->keyId = context->keyId;
9221 + if(transform->operation == xmlSecTransformOperationEncrypt) {
9222 + keyReq->keyUsage = xmlSecKeyUsageEncrypt;
9223 + keyReq->keyType = xmlSecKeyDataTypePublic;
9224 + } else {
9225 + keyReq->keyUsage = xmlSecKeyUsageDecrypt;
9226 + keyReq->keyType = xmlSecKeyDataTypePrivate;
9229 + return(0);
9232 +static int
9233 +xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
9234 + xmlSecNssKeyTransportCtxPtr context = NULL ;
9235 + xmlSecKeyDataPtr keyData = NULL ;
9236 + SECKEYPublicKey* pubkey = NULL ;
9237 + SECKEYPrivateKey* prikey = NULL ;
9239 + xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
9240 + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
9241 + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
9242 + xmlSecAssert2(key != NULL, -1);
9244 + context = xmlSecNssKeyTransportGetCtx( transform ) ;
9245 + if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) {
9246 + xmlSecError( XMLSEC_ERRORS_HERE ,
9247 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
9248 + "xmlSecNssKeyTransportGetCtx" ,
9249 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9250 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9251 + return(-1);
9253 + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
9255 + keyData = xmlSecKeyGetValue( key ) ;
9256 + if( keyData == NULL ) {
9257 + xmlSecError( XMLSEC_ERRORS_HERE ,
9258 + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
9259 + "xmlSecKeyGetValue" ,
9260 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9261 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9262 + return(-1);
9265 + if(transform->operation == xmlSecTransformOperationEncrypt) {
9266 + if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) {
9267 + xmlSecError( XMLSEC_ERRORS_HERE ,
9268 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
9269 + "xmlSecNssPKIKeyDataGetPubKey" ,
9270 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9271 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9272 + return(-1);
9275 + context->pubkey = pubkey ;
9276 + } else {
9277 + if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) {
9278 + xmlSecError( XMLSEC_ERRORS_HERE ,
9279 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
9280 + "xmlSecNssPKIKeyDataGetPrivKey" ,
9281 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9282 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9283 + return(-1);
9286 + context->prikey = prikey ;
9289 + return(0) ;
9292 +/**
9293 + * key wrap transform
9294 + */
9295 +static int
9296 +xmlSecNssKeyTransportCtxInit(
9297 + xmlSecNssKeyTransportCtxPtr ctx ,
9298 + xmlSecBufferPtr in ,
9299 + xmlSecBufferPtr out ,
9300 + int encrypt ,
9301 + xmlSecTransformCtxPtr transformCtx
9302 +) {
9303 + xmlSecSize blockSize ;
9305 + xmlSecAssert2( ctx != NULL , -1 ) ;
9306 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
9307 + xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
9308 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
9309 + xmlSecAssert2( in != NULL , -1 ) ;
9310 + xmlSecAssert2( out != NULL , -1 ) ;
9311 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
9313 + if( ctx->material != NULL ) {
9314 + xmlSecBufferDestroy( ctx->material ) ;
9315 + ctx->material = NULL ;
9318 + if( ctx->pubkey != NULL ) {
9319 + blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
9320 + } else if( ctx->prikey != NULL ) {
9321 + blockSize = PK11_SignatureLen( ctx->prikey ) ;
9322 + } else {
9323 + blockSize = -1 ;
9326 + if( blockSize < 0 ) {
9327 + xmlSecError( XMLSEC_ERRORS_HERE ,
9328 + NULL ,
9329 + NULL ,
9330 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9331 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9332 + return(-1);
9335 + ctx->material = xmlSecBufferCreate( blockSize ) ;
9336 + if( ctx->material == NULL ) {
9337 + xmlSecError( XMLSEC_ERRORS_HERE ,
9338 + NULL ,
9339 + "xmlSecBufferCreate" ,
9340 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9341 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9342 + return(-1);
9345 + /* read raw key material into context */
9346 + if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
9347 + xmlSecError( XMLSEC_ERRORS_HERE ,
9348 + NULL ,
9349 + "xmlSecBufferSetData" ,
9350 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9351 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9352 + return(-1);
9355 + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
9356 + xmlSecError( XMLSEC_ERRORS_HERE ,
9357 + NULL ,
9358 + "xmlSecBufferRemoveHead" ,
9359 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9360 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9361 + return(-1);
9364 + return(0);
9367 +/**
9368 + * key wrap transform update
9369 + */
9370 +static int
9371 +xmlSecNssKeyTransportCtxUpdate(
9372 + xmlSecNssKeyTransportCtxPtr ctx ,
9373 + xmlSecBufferPtr in ,
9374 + xmlSecBufferPtr out ,
9375 + int encrypt ,
9376 + xmlSecTransformCtxPtr transformCtx
9377 +) {
9378 + xmlSecAssert2( ctx != NULL , -1 ) ;
9379 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
9380 + xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
9381 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
9382 + xmlSecAssert2( ctx->material != NULL , -1 ) ;
9383 + xmlSecAssert2( in != NULL , -1 ) ;
9384 + xmlSecAssert2( out != NULL , -1 ) ;
9385 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
9387 + /* read raw key material and append into context */
9388 + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
9389 + xmlSecError( XMLSEC_ERRORS_HERE ,
9390 + NULL ,
9391 + "xmlSecBufferAppend" ,
9392 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9393 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9394 + return(-1);
9397 + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
9398 + xmlSecError( XMLSEC_ERRORS_HERE ,
9399 + NULL ,
9400 + "xmlSecBufferRemoveHead" ,
9401 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9402 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9403 + return(-1);
9406 + return(0);
9409 +/**
9410 + * Block cipher transform final
9411 + */
9412 +static int
9413 +xmlSecNssKeyTransportCtxFinal(
9414 + xmlSecNssKeyTransportCtxPtr ctx ,
9415 + xmlSecBufferPtr in ,
9416 + xmlSecBufferPtr out ,
9417 + int encrypt ,
9418 + xmlSecTransformCtxPtr transformCtx
9419 +) {
9420 + SECKEYPublicKey* targetKey ;
9421 + PK11SymKey* symKey ;
9422 + PK11SlotInfo* slot ;
9423 + SECItem oriskv ;
9424 + xmlSecSize blockSize ;
9425 + xmlSecBufferPtr result ;
9427 + xmlSecAssert2( ctx != NULL , -1 ) ;
9428 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
9429 + xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
9430 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
9431 + xmlSecAssert2( ctx->material != NULL , -1 ) ;
9432 + xmlSecAssert2( in != NULL , -1 ) ;
9433 + xmlSecAssert2( out != NULL , -1 ) ;
9434 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
9436 + /* read raw key material and append into context */
9437 + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
9438 + xmlSecError( XMLSEC_ERRORS_HERE ,
9439 + NULL ,
9440 + "xmlSecBufferAppend" ,
9441 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9442 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9443 + return(-1);
9446 + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
9447 + xmlSecError( XMLSEC_ERRORS_HERE ,
9448 + NULL ,
9449 + "xmlSecBufferRemoveHead" ,
9450 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9451 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9452 + return(-1);
9455 + /* Now we get all of the key materail */
9456 + /* from now on we will wrap or unwrap the key */
9457 + if( ctx->pubkey != NULL ) {
9458 + blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
9459 + } else if( ctx->prikey != NULL ) {
9460 + blockSize = PK11_SignatureLen( ctx->prikey ) ;
9461 + } else {
9462 + blockSize = -1 ;
9465 + if( blockSize < 0 ) {
9466 + xmlSecError( XMLSEC_ERRORS_HERE ,
9467 + NULL ,
9468 + "PK11_GetBlockSize" ,
9469 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9470 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9471 + return(-1);
9474 + result = xmlSecBufferCreate( blockSize * 2 ) ;
9475 + if( result == NULL ) {
9476 + xmlSecError( XMLSEC_ERRORS_HERE ,
9477 + NULL ,
9478 + "xmlSecBufferCreate" ,
9479 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9480 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9481 + return(-1);
9484 + oriskv.type = siBuffer ;
9485 + oriskv.data = xmlSecBufferGetData( ctx->material ) ;
9486 + oriskv.len = xmlSecBufferGetSize( ctx->material ) ;
9488 + if( encrypt != 0 ) {
9489 + CK_OBJECT_HANDLE id ;
9490 + SECItem wrpskv ;
9492 + /* Create template symmetric key from material */
9493 + if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) {
9494 + slot = xmlSecNssSlotGet( ctx->cipher ) ;
9495 + if( slot == NULL ) {
9496 + xmlSecError( XMLSEC_ERRORS_HERE ,
9497 + NULL ,
9498 + "xmlSecNssSlotGet" ,
9499 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9500 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9501 + xmlSecBufferDestroy(result);
9502 + return(-1);
9505 + id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ;
9506 + if( id == CK_INVALID_HANDLE ) {
9507 + xmlSecError( XMLSEC_ERRORS_HERE ,
9508 + NULL ,
9509 + "PK11_ImportPublicKey" ,
9510 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9511 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9512 + xmlSecBufferDestroy(result);
9513 + PK11_FreeSlot( slot ) ;
9514 + return(-1);
9518 + /* pay attention to mechanism */
9519 + symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ;
9520 + if( symKey == NULL ) {
9521 + xmlSecError( XMLSEC_ERRORS_HERE ,
9522 + NULL ,
9523 + "PK11_ImportSymKey" ,
9524 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9525 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9526 + xmlSecBufferDestroy(result);
9527 + PK11_FreeSlot( slot ) ;
9528 + return(-1);
9531 + wrpskv.type = siBuffer ;
9532 + wrpskv.data = xmlSecBufferGetData( result ) ;
9533 + wrpskv.len = xmlSecBufferGetMaxSize( result ) ;
9535 + if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) {
9536 + xmlSecError( XMLSEC_ERRORS_HERE ,
9537 + NULL ,
9538 + "PK11_PubWrapSymKey" ,
9539 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9540 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9541 + PK11_FreeSymKey( symKey ) ;
9542 + xmlSecBufferDestroy(result);
9543 + PK11_FreeSlot( slot ) ;
9544 + return(-1);
9547 + if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) {
9548 + xmlSecError( XMLSEC_ERRORS_HERE ,
9549 + NULL ,
9550 + "xmlSecBufferSetSize" ,
9551 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9552 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9553 + PK11_FreeSymKey( symKey ) ;
9554 + xmlSecBufferDestroy(result);
9555 + PK11_FreeSlot( slot ) ;
9556 + return(-1);
9558 + PK11_FreeSymKey( symKey ) ;
9559 + PK11_FreeSlot( slot ) ;
9560 + } else {
9561 + SECItem* keyItem ;
9562 + CK_OBJECT_HANDLE id1 ;
9564 + /* pay attention to mechanism */
9565 + if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) {
9566 + xmlSecError( XMLSEC_ERRORS_HERE ,
9567 + NULL ,
9568 + "PK11_PubUnwrapSymKey" ,
9569 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9570 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9571 + xmlSecBufferDestroy(result);
9572 + return(-1);
9575 + /* Extract raw data from symmetric key */
9576 + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
9577 + xmlSecError( XMLSEC_ERRORS_HERE ,
9578 + NULL ,
9579 + "PK11_ExtractKeyValue" ,
9580 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9581 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9582 + PK11_FreeSymKey( symKey ) ;
9583 + xmlSecBufferDestroy(result);
9584 + return(-1);
9587 + if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) {
9588 + xmlSecError( XMLSEC_ERRORS_HERE ,
9589 + NULL ,
9590 + "PK11_GetKeyData" ,
9591 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9592 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9593 + PK11_FreeSymKey( symKey ) ;
9594 + xmlSecBufferDestroy(result);
9595 + return(-1);
9598 + if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) {
9599 + xmlSecError( XMLSEC_ERRORS_HERE ,
9600 + NULL ,
9601 + "PK11_PubUnwrapSymKey" ,
9602 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9603 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9604 + PK11_FreeSymKey( symKey ) ;
9605 + xmlSecBufferDestroy(result);
9606 + return(-1);
9608 + PK11_FreeSymKey( symKey ) ;
9611 + /* Write output */
9612 + if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
9613 + xmlSecError( XMLSEC_ERRORS_HERE ,
9614 + NULL ,
9615 + "xmlSecBufferAppend" ,
9616 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9617 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9618 + xmlSecBufferDestroy(result);
9619 + return(-1);
9621 + xmlSecBufferDestroy(result);
9623 + return(0);
9626 +static int
9627 +xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
9628 + xmlSecNssKeyTransportCtxPtr context = NULL ;
9629 + xmlSecBufferPtr inBuf, outBuf ;
9630 + int operation ;
9631 + int rtv ;
9633 + xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ;
9634 + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ;
9635 + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
9636 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
9638 + context = xmlSecNssKeyTransportGetCtx( transform ) ;
9639 + if( context == NULL ) {
9640 + xmlSecError( XMLSEC_ERRORS_HERE ,
9641 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
9642 + "xmlSecNssKeyTransportGetCtx" ,
9643 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9644 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9645 + return(-1);
9648 + inBuf = &( transform->inBuf ) ;
9649 + outBuf = &( transform->outBuf ) ;
9651 + if( transform->status == xmlSecTransformStatusNone ) {
9652 + transform->status = xmlSecTransformStatusWorking ;
9655 + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
9656 + if( transform->status == xmlSecTransformStatusWorking ) {
9657 + if( context->material == NULL ) {
9658 + rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
9659 + if( rtv < 0 ) {
9660 + xmlSecError( XMLSEC_ERRORS_HERE ,
9661 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
9662 + "xmlSecNssKeyTransportCtxInit" ,
9663 + XMLSEC_ERRORS_R_INVALID_STATUS ,
9664 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9665 + return(-1);
9669 + if( context->material == NULL && last != 0 ) {
9670 + xmlSecError( XMLSEC_ERRORS_HERE ,
9671 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
9672 + NULL ,
9673 + XMLSEC_ERRORS_R_INVALID_STATUS ,
9674 + "No enough data to intialize transform" ) ;
9675 + return(-1);
9678 + if( context->material != NULL ) {
9679 + rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
9680 + if( rtv < 0 ) {
9681 + xmlSecError( XMLSEC_ERRORS_HERE ,
9682 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
9683 + "xmlSecNssKeyTransportCtxUpdate" ,
9684 + XMLSEC_ERRORS_R_INVALID_STATUS ,
9685 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9686 + return(-1);
9690 + if( last ) {
9691 + rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
9692 + if( rtv < 0 ) {
9693 + xmlSecError( XMLSEC_ERRORS_HERE ,
9694 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
9695 + "xmlSecNssKeyTransportCtxFinal" ,
9696 + XMLSEC_ERRORS_R_INVALID_STATUS ,
9697 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9698 + return(-1);
9700 + transform->status = xmlSecTransformStatusFinished ;
9702 + } else if( transform->status == xmlSecTransformStatusFinished ) {
9703 + if( xmlSecBufferGetSize( inBuf ) != 0 ) {
9704 + xmlSecError( XMLSEC_ERRORS_HERE ,
9705 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
9706 + NULL ,
9707 + XMLSEC_ERRORS_R_INVALID_STATUS ,
9708 + "status=%d", transform->status ) ;
9709 + return(-1);
9711 + } else {
9712 + xmlSecError( XMLSEC_ERRORS_HERE ,
9713 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
9714 + NULL ,
9715 + XMLSEC_ERRORS_R_INVALID_STATUS ,
9716 + "status=%d", transform->status ) ;
9717 + return(-1);
9720 + return(0);
9724 +#ifndef XMLSEC_NO_RSA
9726 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
9727 +static struct _xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = {
9728 +#else
9729 +static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = {
9730 +#endif
9731 + /* klass/object sizes */
9732 + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
9733 + xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
9735 + xmlSecNameRsaPkcs1, /* const xmlChar* name; */
9736 + xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
9737 + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
9739 + xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
9740 + xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
9741 + NULL, /* xmlSecTransformNodeReadMethod readNode; */
9742 + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
9743 + xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
9744 + xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
9745 + NULL, /* xmlSecTransformValidateMethod validate; */
9746 + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
9747 + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
9748 + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
9749 + NULL, /* xmlSecTransformPushXmlMethod pushXml; */
9750 + NULL, /* xmlSecTransformPopXmlMethod popXml; */
9751 + xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
9753 + NULL, /* void* reserved0; */
9754 + NULL, /* void* reserved1; */
9757 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
9758 +static struct _xmlSecTransformKlass xmlSecNssRsaOaepKlass = {
9759 +#else
9760 +static xmlSecTransformKlass xmlSecNssRsaOaepKlass = {
9761 +#endif
9762 + /* klass/object sizes */
9763 + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
9764 + xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
9766 + xmlSecNameRsaOaep, /* const xmlChar* name; */
9767 + xmlSecHrefRsaOaep, /* const xmlChar* href; */
9768 + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
9770 + xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
9771 + xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
9772 + NULL, /* xmlSecTransformNodeReadMethod readNode; */
9773 + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
9774 + xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
9775 + xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
9776 + NULL, /* xmlSecTransformValidateMethod validate; */
9777 + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
9778 + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
9779 + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
9780 + NULL, /* xmlSecTransformPushXmlMethod pushXml; */
9781 + NULL, /* xmlSecTransformPopXmlMethod popXml; */
9782 + xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
9784 + NULL, /* void* reserved0; */
9785 + NULL, /* void* reserved1; */
9788 +/**
9789 + * xmlSecNssTransformRsaPkcs1GetKlass:
9791 + * The RSA-PKCS1 key transport transform klass.
9793 + * Returns RSA-PKCS1 key transport transform klass.
9794 + */
9795 +xmlSecTransformId
9796 +xmlSecNssTransformRsaPkcs1GetKlass(void) {
9797 + return(&xmlSecNssRsaPkcs1Klass);
9800 +/**
9801 + * xmlSecNssTransformRsaOaepGetKlass:
9803 + * The RSA-PKCS1 key transport transform klass.
9805 + * Returns RSA-PKCS1 key transport transform klass.
9806 + */
9807 +xmlSecTransformId
9808 +xmlSecNssTransformRsaOaepGetKlass(void) {
9809 + return(&xmlSecNssRsaOaepKlass);
9812 +#endif /* XMLSEC_NO_RSA */
9814 --- misc/xmlsec1-1.2.6/src/nss/keywrapers.c 2008-06-29 23:44:40.000000000 +0200
9815 +++ misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c 2008-06-29 23:44:19.000000000 +0200
9816 @@ -1 +1,1213 @@
9817 -dummy
9818 +/**
9820 + * XMLSec library
9821 + *
9822 + * AES Algorithm support
9823 + *
9824 + * This is free software; see Copyright file in the source
9825 + * distribution for preciese wording.
9826 + *
9827 + * Copyright .................................
9828 + */
9829 +#include "globals.h"
9831 +#include <stdlib.h>
9832 +#include <stdio.h>
9833 +#include <string.h>
9835 +#include <nss.h>
9836 +#include <pk11func.h>
9837 +#include <hasht.h>
9839 +#include <xmlsec/xmlsec.h>
9840 +#include <xmlsec/xmltree.h>
9841 +#include <xmlsec/keys.h>
9842 +#include <xmlsec/transforms.h>
9843 +#include <xmlsec/errors.h>
9845 +#include <xmlsec/nss/crypto.h>
9846 +#include <xmlsec/nss/ciphers.h>
9848 +#define XMLSEC_NSS_AES128_KEY_SIZE 16
9849 +#define XMLSEC_NSS_AES192_KEY_SIZE 24
9850 +#define XMLSEC_NSS_AES256_KEY_SIZE 32
9851 +#define XMLSEC_NSS_DES3_KEY_SIZE 24
9852 +#define XMLSEC_NSS_DES3_KEY_LENGTH 24
9853 +#define XMLSEC_NSS_DES3_IV_LENGTH 8
9854 +#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
9856 +static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
9857 + 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
9860 +/*********************************************************************
9862 + * key wrap transforms
9864 + ********************************************************************/
9865 +typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
9866 +typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
9868 +#define xmlSecNssKeyWrapSize \
9869 + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
9871 +#define xmlSecNssKeyWrapGetCtx( transform ) \
9872 + ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
9874 +struct _xmlSecNssKeyWrapCtx {
9875 + CK_MECHANISM_TYPE cipher ;
9876 + PK11SymKey* symkey ;
9877 + xmlSecKeyDataId keyId ;
9878 + xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
9879 +} ;
9881 +static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
9882 +static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
9883 +static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
9884 + xmlSecKeyReqPtr keyReq);
9885 +static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
9886 + xmlSecKeyPtr key);
9887 +static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
9888 + int last,
9889 + xmlSecTransformCtxPtr transformCtx);
9890 +static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
9892 +static int
9893 +xmlSecNssKeyWrapCheckId(
9894 + xmlSecTransformPtr transform
9895 +) {
9896 + #ifndef XMLSEC_NO_DES
9897 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
9898 + return(1);
9900 + #endif /* XMLSEC_NO_DES */
9902 + #ifndef XMLSEC_NO_AES
9903 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
9904 + xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
9905 + xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
9907 + return(1);
9909 + #endif /* XMLSEC_NO_AES */
9911 + return(0);
9914 +static xmlSecSize
9915 +xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
9916 +#ifndef XMLSEC_NO_DES
9917 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
9918 + return(XMLSEC_NSS_DES3_KEY_SIZE);
9919 + } else
9920 +#endif /* XMLSEC_NO_DES */
9922 +#ifndef XMLSEC_NO_AES
9923 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
9924 + return(XMLSEC_NSS_AES128_KEY_SIZE);
9925 + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
9926 + return(XMLSEC_NSS_AES192_KEY_SIZE);
9927 + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
9928 + return(XMLSEC_NSS_AES256_KEY_SIZE);
9929 + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
9930 + return(XMLSEC_NSS_AES256_KEY_SIZE);
9931 + } else
9932 +#endif /* XMLSEC_NO_AES */
9934 + if(1)
9935 + return(0);
9939 +static int
9940 +xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
9941 + xmlSecNssKeyWrapCtxPtr context ;
9942 + int ret;
9944 + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
9945 + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
9947 + context = xmlSecNssKeyWrapGetCtx( transform ) ;
9948 + xmlSecAssert2( context != NULL , -1 ) ;
9950 + #ifndef XMLSEC_NO_DES
9951 + if( transform->id == xmlSecNssTransformKWDes3Id ) {
9952 + context->cipher = CKM_DES3_CBC ;
9953 + context->keyId = xmlSecNssKeyDataDesId ;
9954 + } else
9955 + #endif /* XMLSEC_NO_DES */
9957 + #ifndef XMLSEC_NO_AES
9958 + if( transform->id == xmlSecNssTransformKWAes128Id ) {
9959 + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
9960 + context->cipher = CKM_AES_CBC ;
9961 + context->keyId = xmlSecNssKeyDataAesId ;
9962 + } else
9963 + if( transform->id == xmlSecNssTransformKWAes192Id ) {
9964 + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
9965 + context->cipher = CKM_AES_CBC ;
9966 + context->keyId = xmlSecNssKeyDataAesId ;
9967 + } else
9968 + if( transform->id == xmlSecNssTransformKWAes256Id ) {
9969 + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
9970 + context->cipher = CKM_AES_CBC ;
9971 + context->keyId = xmlSecNssKeyDataAesId ;
9972 + } else
9973 + #endif /* XMLSEC_NO_AES */
9976 + if( 1 ) {
9977 + xmlSecError( XMLSEC_ERRORS_HERE ,
9978 + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
9979 + NULL ,
9980 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
9981 + XMLSEC_ERRORS_NO_MESSAGE ) ;
9982 + return(-1);
9985 + context->symkey = NULL ;
9986 + context->material = NULL ;
9988 + return(0);
9991 +static void
9992 +xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
9993 + xmlSecNssKeyWrapCtxPtr context ;
9995 + xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
9996 + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
9998 + context = xmlSecNssKeyWrapGetCtx( transform ) ;
9999 + xmlSecAssert( context != NULL ) ;
10001 + if( context->symkey != NULL ) {
10002 + PK11_FreeSymKey( context->symkey ) ;
10003 + context->symkey = NULL ;
10006 + if( context->material != NULL ) {
10007 + xmlSecBufferDestroy(context->material);
10008 + context->material = NULL ;
10012 +static int
10013 +xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
10014 + xmlSecNssKeyWrapCtxPtr context ;
10015 + xmlSecSize cipherSize = 0 ;
10018 + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
10019 + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
10020 + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
10021 + xmlSecAssert2(keyReq != NULL, -1);
10023 + context = xmlSecNssKeyWrapGetCtx( transform ) ;
10024 + xmlSecAssert2( context != NULL , -1 ) ;
10026 + keyReq->keyId = context->keyId;
10027 + keyReq->keyType = xmlSecKeyDataTypeSymmetric;
10028 + if(transform->operation == xmlSecTransformOperationEncrypt) {
10029 + keyReq->keyUsage = xmlSecKeyUsageEncrypt;
10030 + } else {
10031 + keyReq->keyUsage = xmlSecKeyUsageDecrypt;
10034 + keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
10036 + return(0);
10039 +static int
10040 +xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
10041 + xmlSecNssKeyWrapCtxPtr context = NULL ;
10042 + xmlSecKeyDataPtr keyData = NULL ;
10043 + PK11SymKey* symkey = NULL ;
10045 + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
10046 + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
10047 + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
10048 + xmlSecAssert2(key != NULL, -1);
10050 + context = xmlSecNssKeyWrapGetCtx( transform ) ;
10051 + if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
10052 + xmlSecError( XMLSEC_ERRORS_HERE ,
10053 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
10054 + "xmlSecNssKeyWrapGetCtx" ,
10055 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10056 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10057 + return(-1);
10059 + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
10061 + keyData = xmlSecKeyGetValue( key ) ;
10062 + if( keyData == NULL ) {
10063 + xmlSecError( XMLSEC_ERRORS_HERE ,
10064 + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
10065 + "xmlSecKeyGetValue" ,
10066 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10067 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10068 + return(-1);
10071 + if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
10072 + xmlSecError( XMLSEC_ERRORS_HERE ,
10073 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
10074 + "xmlSecNssSymKeyDataGetKey" ,
10075 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10076 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10077 + return(-1);
10080 + context->symkey = symkey ;
10082 + return(0) ;
10085 +/**
10086 + * key wrap transform
10087 + */
10088 +static int
10089 +xmlSecNssKeyWrapCtxInit(
10090 + xmlSecNssKeyWrapCtxPtr ctx ,
10091 + xmlSecBufferPtr in ,
10092 + xmlSecBufferPtr out ,
10093 + int encrypt ,
10094 + xmlSecTransformCtxPtr transformCtx
10095 +) {
10096 + xmlSecSize blockSize ;
10098 + xmlSecAssert2( ctx != NULL , -1 ) ;
10099 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
10100 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
10101 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
10102 + xmlSecAssert2( in != NULL , -1 ) ;
10103 + xmlSecAssert2( out != NULL , -1 ) ;
10104 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
10106 + if( ctx->material != NULL ) {
10107 + xmlSecBufferDestroy( ctx->material ) ;
10108 + ctx->material = NULL ;
10111 + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
10112 + xmlSecError( XMLSEC_ERRORS_HERE ,
10113 + NULL ,
10114 + "PK11_GetBlockSize" ,
10115 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10116 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10117 + return(-1);
10120 + ctx->material = xmlSecBufferCreate( blockSize ) ;
10121 + if( ctx->material == NULL ) {
10122 + xmlSecError( XMLSEC_ERRORS_HERE ,
10123 + NULL ,
10124 + "xmlSecBufferCreate" ,
10125 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10126 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10127 + return(-1);
10130 + /* read raw key material into context */
10131 + if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
10132 + xmlSecError( XMLSEC_ERRORS_HERE ,
10133 + NULL ,
10134 + "xmlSecBufferSetData" ,
10135 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10136 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10137 + return(-1);
10140 + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
10141 + xmlSecError( XMLSEC_ERRORS_HERE ,
10142 + NULL ,
10143 + "xmlSecBufferRemoveHead" ,
10144 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10145 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10146 + return(-1);
10149 + return(0);
10152 +/**
10153 + * key wrap transform update
10154 + */
10155 +static int
10156 +xmlSecNssKeyWrapCtxUpdate(
10157 + xmlSecNssKeyWrapCtxPtr ctx ,
10158 + xmlSecBufferPtr in ,
10159 + xmlSecBufferPtr out ,
10160 + int encrypt ,
10161 + xmlSecTransformCtxPtr transformCtx
10162 +) {
10163 + xmlSecAssert2( ctx != NULL , -1 ) ;
10164 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
10165 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
10166 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
10167 + xmlSecAssert2( ctx->material != NULL , -1 ) ;
10168 + xmlSecAssert2( in != NULL , -1 ) ;
10169 + xmlSecAssert2( out != NULL , -1 ) ;
10170 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
10172 + /* read raw key material and append into context */
10173 + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
10174 + xmlSecError( XMLSEC_ERRORS_HERE ,
10175 + NULL ,
10176 + "xmlSecBufferAppend" ,
10177 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10178 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10179 + return(-1);
10182 + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
10183 + xmlSecError( XMLSEC_ERRORS_HERE ,
10184 + NULL ,
10185 + "xmlSecBufferRemoveHead" ,
10186 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10187 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10188 + return(-1);
10191 + return(0);
10194 +static int
10195 +xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
10196 + xmlSecSize s;
10197 + xmlSecSize i;
10198 + xmlSecByte c;
10200 + xmlSecAssert2(buf != NULL, -1);
10202 + s = size / 2;
10203 + --size;
10204 + for(i = 0; i < s; ++i) {
10205 + c = buf[i];
10206 + buf[i] = buf[size - i];
10207 + buf[size - i] = c;
10209 + return(0);
10212 +static xmlSecByte *
10213 +xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
10214 + xmlSecByte *out, xmlSecSize outSize)
10216 + PK11Context *context = NULL;
10217 + SECStatus s;
10218 + xmlSecByte *digest = NULL;
10219 + unsigned int len;
10221 + xmlSecAssert2(in != NULL, NULL);
10222 + xmlSecAssert2(out != NULL, NULL);
10223 + xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
10225 + /* Create a context for hashing (digesting) */
10226 + context = PK11_CreateDigestContext(SEC_OID_SHA1);
10227 + if (context == NULL) {
10228 + xmlSecError(XMLSEC_ERRORS_HERE,
10229 + NULL,
10230 + "PK11_CreateDigestContext",
10231 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10232 + "error code = %d", PORT_GetError());
10233 + goto done;
10236 + s = PK11_DigestBegin(context);
10237 + if (s != SECSuccess) {
10238 + xmlSecError(XMLSEC_ERRORS_HERE,
10239 + NULL,
10240 + "PK11_DigestBegin",
10241 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10242 + "error code = %d", PORT_GetError());
10243 + goto done;
10246 + s = PK11_DigestOp(context, in, inSize);
10247 + if (s != SECSuccess) {
10248 + xmlSecError(XMLSEC_ERRORS_HERE,
10249 + NULL,
10250 + "PK11_DigestOp",
10251 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10252 + "error code = %d", PORT_GetError());
10253 + goto done;
10256 + s = PK11_DigestFinal(context, out, &len, outSize);
10257 + if (s != SECSuccess) {
10258 + xmlSecError(XMLSEC_ERRORS_HERE,
10259 + NULL,
10260 + "PK11_DigestFinal",
10261 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10262 + "error code = %d", PORT_GetError());
10263 + goto done;
10265 + xmlSecAssert2(len == SHA1_LENGTH, NULL);
10267 + digest = out;
10269 +done:
10270 + if (context != NULL) {
10271 + PK11_DestroyContext(context, PR_TRUE);
10273 + return (digest);
10276 +static int
10277 +xmlSecNssKWDes3Encrypt(
10278 + PK11SymKey* symKey ,
10279 + CK_MECHANISM_TYPE cipherMech ,
10280 + const xmlSecByte* iv ,
10281 + xmlSecSize ivSize ,
10282 + const xmlSecByte* in ,
10283 + xmlSecSize inSize ,
10284 + xmlSecByte* out ,
10285 + xmlSecSize outSize ,
10286 + int enc
10287 +) {
10288 + PK11Context* EncContext = NULL;
10289 + SECItem ivItem ;
10290 + SECItem* secParam = NULL ;
10291 + int tmp1_outlen;
10292 + unsigned int tmp2_outlen;
10293 + int result_len = -1;
10294 + SECStatus rv;
10296 + xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
10297 + xmlSecAssert2( symKey != NULL , -1 ) ;
10298 + xmlSecAssert2(iv != NULL, -1);
10299 + xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
10300 + xmlSecAssert2(in != NULL, -1);
10301 + xmlSecAssert2(inSize > 0, -1);
10302 + xmlSecAssert2(out != NULL, -1);
10303 + xmlSecAssert2(outSize >= inSize, -1);
10305 + /* Prepare IV */
10306 + ivItem.data = ( unsigned char* )iv ;
10307 + ivItem.len = ivSize ;
10309 + secParam = PK11_ParamFromIV(cipherMech, &ivItem);
10310 + if (secParam == NULL) {
10311 + xmlSecError(XMLSEC_ERRORS_HERE,
10312 + NULL,
10313 + "PK11_ParamFromIV",
10314 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10315 + "Error code = %d", PORT_GetError());
10316 + goto done;
10319 + EncContext = PK11_CreateContextBySymKey(cipherMech,
10320 + enc ? CKA_ENCRYPT : CKA_DECRYPT,
10321 + symKey, secParam);
10322 + if (EncContext == NULL) {
10323 + xmlSecError(XMLSEC_ERRORS_HERE,
10324 + NULL,
10325 + "PK11_CreateContextBySymKey",
10326 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10327 + "Error code = %d", PORT_GetError());
10328 + goto done;
10331 + tmp1_outlen = tmp2_outlen = 0;
10332 + rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
10333 + (unsigned char *)in, inSize);
10334 + if (rv != SECSuccess) {
10335 + xmlSecError(XMLSEC_ERRORS_HERE,
10336 + NULL,
10337 + "PK11_CipherOp",
10338 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10339 + "Error code = %d", PORT_GetError());
10340 + goto done;
10343 + rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
10344 + &tmp2_outlen, outSize-tmp1_outlen);
10345 + if (rv != SECSuccess) {
10346 + xmlSecError(XMLSEC_ERRORS_HERE,
10347 + NULL,
10348 + "PK11_DigestFinal",
10349 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10350 + "Error code = %d", PORT_GetError());
10351 + goto done;
10354 + result_len = tmp1_outlen + tmp2_outlen;
10356 +done:
10357 + if (secParam) {
10358 + SECITEM_FreeItem(secParam, PR_TRUE);
10360 + if (EncContext) {
10361 + PK11_DestroyContext(EncContext, PR_TRUE);
10364 + return(result_len);
10367 +static int
10368 +xmlSecNssKeyWrapDesOp(
10369 + xmlSecNssKeyWrapCtxPtr ctx ,
10370 + int encrypt ,
10371 + xmlSecBufferPtr result
10372 +) {
10373 + xmlSecByte sha1[SHA1_LENGTH];
10374 + xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
10375 + xmlSecByte* in;
10376 + xmlSecSize inSize;
10377 + xmlSecByte* out;
10378 + xmlSecSize outSize;
10379 + xmlSecSize s;
10380 + int ret;
10381 + SECStatus status;
10383 + xmlSecAssert2( ctx != NULL , -1 ) ;
10384 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
10385 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
10386 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
10387 + xmlSecAssert2( ctx->material != NULL , -1 ) ;
10388 + xmlSecAssert2( result != NULL , -1 ) ;
10390 + in = xmlSecBufferGetData(ctx->material);
10391 + inSize = xmlSecBufferGetSize(ctx->material) ;
10392 + out = xmlSecBufferGetData(result);
10393 + outSize = xmlSecBufferGetMaxSize(result) ;
10394 + if( encrypt ) {
10395 + /* step 2: calculate sha1 and CMS */
10396 + if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
10397 + xmlSecError(XMLSEC_ERRORS_HERE,
10398 + NULL,
10399 + "xmlSecNssComputeSHA1",
10400 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10401 + XMLSEC_ERRORS_NO_MESSAGE);
10402 + return(-1);
10405 + /* step 3: construct WKCKS */
10406 + memcpy(out, in, inSize);
10407 + memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
10409 + /* step 4: generate random iv */
10410 + status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
10411 + if(status != SECSuccess) {
10412 + xmlSecError(XMLSEC_ERRORS_HERE,
10413 + NULL,
10414 + "PK11_GenerateRandom",
10415 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10416 + "error code = %d", PORT_GetError());
10417 + return(-1);
10418 + }
10420 + /* step 5: first encryption, result is TEMP1 */
10421 + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
10422 + iv, XMLSEC_NSS_DES3_IV_LENGTH,
10423 + out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
10424 + out, outSize, 1);
10425 + if(ret < 0) {
10426 + xmlSecError(XMLSEC_ERRORS_HERE,
10427 + NULL,
10428 + "xmlSecNssKWDes3Encrypt",
10429 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
10430 + XMLSEC_ERRORS_NO_MESSAGE);
10431 + return(-1);
10434 + /* step 6: construct TEMP2=IV || TEMP1 */
10435 + memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
10436 + inSize + XMLSEC_NSS_DES3_IV_LENGTH);
10437 + memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
10438 + s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
10440 + /* step 7: reverse octets order, result is TEMP3 */
10441 + ret = xmlSecNssKWDes3BufferReverse(out, s);
10442 + if(ret < 0) {
10443 + xmlSecError(XMLSEC_ERRORS_HERE,
10444 + NULL,
10445 + "xmlSecNssKWDes3BufferReverse",
10446 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
10447 + XMLSEC_ERRORS_NO_MESSAGE);
10448 + return(-1);
10451 + /* step 8: second encryption with static IV */
10452 + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
10453 + xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
10454 + out, s,
10455 + out, outSize, 1);
10456 + if(ret < 0) {
10457 + xmlSecError(XMLSEC_ERRORS_HERE,
10458 + NULL,
10459 + "xmlSecNssKWDes3Encrypt",
10460 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
10461 + XMLSEC_ERRORS_NO_MESSAGE);
10462 + return(-1);
10464 + s = ret;
10466 + if( xmlSecBufferSetSize( result , s ) < 0 ) {
10467 + xmlSecError(XMLSEC_ERRORS_HERE,
10468 + NULL,
10469 + "xmlSecBufferSetSize",
10470 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
10471 + XMLSEC_ERRORS_NO_MESSAGE);
10472 + return(-1);
10474 + } else {
10475 + /* step 2: first decryption with static IV, result is TEMP3 */
10476 + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
10477 + xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
10478 + in, inSize,
10479 + out, outSize, 0);
10480 + if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
10481 + xmlSecError(XMLSEC_ERRORS_HERE,
10482 + NULL,
10483 + "xmlSecNssKWDes3Encrypt",
10484 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
10485 + XMLSEC_ERRORS_NO_MESSAGE);
10486 + return(-1);
10488 + s = ret;
10490 + /* step 3: reverse octets order in TEMP3, result is TEMP2 */
10491 + ret = xmlSecNssKWDes3BufferReverse(out, s);
10492 + if(ret < 0) {
10493 + xmlSecError(XMLSEC_ERRORS_HERE,
10494 + NULL,
10495 + "xmlSecNssKWDes3BufferReverse",
10496 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
10497 + XMLSEC_ERRORS_NO_MESSAGE);
10498 + return(-1);
10501 + /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
10502 + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
10503 + out, XMLSEC_NSS_DES3_IV_LENGTH,
10504 + out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
10505 + out, outSize, 0);
10506 + if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
10507 + xmlSecError(XMLSEC_ERRORS_HERE,
10508 + NULL,
10509 + "xmlSecNssKWDes3Encrypt",
10510 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
10511 + XMLSEC_ERRORS_NO_MESSAGE);
10512 + return(-1);
10514 + s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
10516 + /* steps 6 and 7: calculate SHA1 and validate it */
10517 + if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
10518 + xmlSecError(XMLSEC_ERRORS_HERE,
10519 + NULL,
10520 + "xmlSecNssComputeSHA1",
10521 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
10522 + XMLSEC_ERRORS_NO_MESSAGE);
10523 + return(-1);
10526 + if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
10527 + xmlSecError(XMLSEC_ERRORS_HERE,
10528 + NULL,
10529 + NULL,
10530 + XMLSEC_ERRORS_R_INVALID_DATA,
10531 + "SHA1 does not match");
10532 + return(-1);
10535 + if( xmlSecBufferSetSize( result , s ) < 0 ) {
10536 + xmlSecError(XMLSEC_ERRORS_HERE,
10537 + NULL,
10538 + "xmlSecBufferSetSize",
10539 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
10540 + XMLSEC_ERRORS_NO_MESSAGE);
10541 + return(-1);
10545 + return(0);
10548 +static int
10549 +xmlSecNssKeyWrapAesOp(
10550 + xmlSecNssKeyWrapCtxPtr ctx ,
10551 + int encrypt ,
10552 + xmlSecBufferPtr result
10553 +) {
10554 + PK11Context* cipherCtx = NULL;
10555 + SECItem ivItem ;
10556 + SECItem* secParam = NULL ;
10557 + xmlSecSize inSize ;
10558 + xmlSecSize inBlocks ;
10559 + int blockSize ;
10560 + int midSize ;
10561 + int finSize ;
10562 + xmlSecByte* out ;
10563 + xmlSecSize outSize;
10565 + xmlSecAssert2( ctx != NULL , -1 ) ;
10566 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
10567 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
10568 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
10569 + xmlSecAssert2( ctx->material != NULL , -1 ) ;
10570 + xmlSecAssert2( result != NULL , -1 ) ;
10572 + /* Do not set any IV */
10573 + memset(&ivItem, 0, sizeof(ivItem));
10575 + /* Get block size */
10576 + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
10577 + xmlSecError( XMLSEC_ERRORS_HERE ,
10578 + NULL ,
10579 + "PK11_GetBlockSize" ,
10580 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10581 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10582 + return(-1);
10585 + inSize = xmlSecBufferGetSize( ctx->material ) ;
10586 + if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
10587 + xmlSecError( XMLSEC_ERRORS_HERE ,
10588 + NULL ,
10589 + "xmlSecBufferSetMaxSize" ,
10590 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10591 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10592 + return(-1);
10595 + /* Get Param for context initialization */
10596 + if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
10597 + xmlSecError( XMLSEC_ERRORS_HERE ,
10598 + NULL ,
10599 + "PK11_ParamFromIV" ,
10600 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10601 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10602 + return(-1);
10605 + cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
10606 + if( cipherCtx == NULL ) {
10607 + xmlSecError( XMLSEC_ERRORS_HERE ,
10608 + NULL ,
10609 + "PK11_CreateContextBySymKey" ,
10610 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10611 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10612 + SECITEM_FreeItem( secParam , PR_TRUE ) ;
10613 + return(-1);
10616 + out = xmlSecBufferGetData(result) ;
10617 + outSize = xmlSecBufferGetMaxSize(result) ;
10618 + if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
10619 + xmlSecError( XMLSEC_ERRORS_HERE ,
10620 + NULL ,
10621 + "PK11_CipherOp" ,
10622 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10623 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10624 + return(-1);
10627 + if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
10628 + xmlSecError( XMLSEC_ERRORS_HERE ,
10629 + NULL ,
10630 + "PK11_DigestFinal" ,
10631 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10632 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10633 + return(-1);
10636 + if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
10637 + xmlSecError( XMLSEC_ERRORS_HERE ,
10638 + NULL ,
10639 + "xmlSecBufferSetSize" ,
10640 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10641 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10642 + return(-1);
10645 + return 0 ;
10648 +/**
10649 + * Block cipher transform final
10650 + */
10651 +static int
10652 +xmlSecNssKeyWrapCtxFinal(
10653 + xmlSecNssKeyWrapCtxPtr ctx ,
10654 + xmlSecBufferPtr in ,
10655 + xmlSecBufferPtr out ,
10656 + int encrypt ,
10657 + xmlSecTransformCtxPtr transformCtx
10658 +) {
10659 + PK11SymKey* targetKey ;
10660 + xmlSecSize blockSize ;
10661 + xmlSecBufferPtr result ;
10663 + xmlSecAssert2( ctx != NULL , -1 ) ;
10664 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
10665 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
10666 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
10667 + xmlSecAssert2( ctx->material != NULL , -1 ) ;
10668 + xmlSecAssert2( in != NULL , -1 ) ;
10669 + xmlSecAssert2( out != NULL , -1 ) ;
10670 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
10672 + /* read raw key material and append into context */
10673 + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
10674 + xmlSecError( XMLSEC_ERRORS_HERE ,
10675 + NULL ,
10676 + "xmlSecBufferAppend" ,
10677 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10678 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10679 + return(-1);
10682 + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
10683 + xmlSecError( XMLSEC_ERRORS_HERE ,
10684 + NULL ,
10685 + "xmlSecBufferRemoveHead" ,
10686 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10687 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10688 + return(-1);
10691 + /* Now we get all of the key materail */
10692 + /* from now on we will wrap or unwrap the key */
10693 + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
10694 + xmlSecError( XMLSEC_ERRORS_HERE ,
10695 + NULL ,
10696 + "PK11_GetBlockSize" ,
10697 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10698 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10699 + return(-1);
10702 + result = xmlSecBufferCreate( blockSize ) ;
10703 + if( result == NULL ) {
10704 + xmlSecError( XMLSEC_ERRORS_HERE ,
10705 + NULL ,
10706 + "xmlSecBufferCreate" ,
10707 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10708 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10709 + return(-1);
10712 + switch( ctx->cipher ) {
10713 + case CKM_DES3_CBC :
10714 + if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
10715 + xmlSecError( XMLSEC_ERRORS_HERE ,
10716 + NULL ,
10717 + "xmlSecNssKeyWrapDesOp" ,
10718 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10719 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10720 + xmlSecBufferDestroy(result);
10721 + return(-1);
10723 + break ;
10724 + /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
10725 + case CKM_AES_CBC :
10726 + if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
10727 + xmlSecError( XMLSEC_ERRORS_HERE ,
10728 + NULL ,
10729 + "xmlSecNssKeyWrapAesOp" ,
10730 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10731 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10732 + xmlSecBufferDestroy(result);
10733 + return(-1);
10735 + break ;
10738 + /* Write output */
10739 + if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
10740 + xmlSecError( XMLSEC_ERRORS_HERE ,
10741 + NULL ,
10742 + "xmlSecBufferAppend" ,
10743 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10744 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10745 + xmlSecBufferDestroy(result);
10746 + return(-1);
10748 + xmlSecBufferDestroy(result);
10750 + return(0);
10753 +static int
10754 +xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
10755 + xmlSecNssKeyWrapCtxPtr context = NULL ;
10756 + xmlSecBufferPtr inBuf, outBuf ;
10757 + int operation ;
10758 + int rtv ;
10760 + xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
10761 + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
10762 + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
10763 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
10765 + context = xmlSecNssKeyWrapGetCtx( transform ) ;
10766 + if( context == NULL ) {
10767 + xmlSecError( XMLSEC_ERRORS_HERE ,
10768 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
10769 + "xmlSecNssKeyWrapGetCtx" ,
10770 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
10771 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10772 + return(-1);
10775 + inBuf = &( transform->inBuf ) ;
10776 + outBuf = &( transform->outBuf ) ;
10778 + if( transform->status == xmlSecTransformStatusNone ) {
10779 + transform->status = xmlSecTransformStatusWorking ;
10782 + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
10783 + if( transform->status == xmlSecTransformStatusWorking ) {
10784 + if( context->material == NULL ) {
10785 + rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
10786 + if( rtv < 0 ) {
10787 + xmlSecError( XMLSEC_ERRORS_HERE ,
10788 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
10789 + "xmlSecNssKeyWrapCtxInit" ,
10790 + XMLSEC_ERRORS_R_INVALID_STATUS ,
10791 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10792 + return(-1);
10796 + if( context->material == NULL && last != 0 ) {
10797 + xmlSecError( XMLSEC_ERRORS_HERE ,
10798 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
10799 + NULL ,
10800 + XMLSEC_ERRORS_R_INVALID_STATUS ,
10801 + "No enough data to intialize transform" ) ;
10802 + return(-1);
10805 + if( context->material != NULL ) {
10806 + rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
10807 + if( rtv < 0 ) {
10808 + xmlSecError( XMLSEC_ERRORS_HERE ,
10809 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
10810 + "xmlSecNssKeyWrapCtxUpdate" ,
10811 + XMLSEC_ERRORS_R_INVALID_STATUS ,
10812 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10813 + return(-1);
10817 + if( last ) {
10818 + rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
10819 + if( rtv < 0 ) {
10820 + xmlSecError( XMLSEC_ERRORS_HERE ,
10821 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
10822 + "xmlSecNssKeyWrapCtxFinal" ,
10823 + XMLSEC_ERRORS_R_INVALID_STATUS ,
10824 + XMLSEC_ERRORS_NO_MESSAGE ) ;
10825 + return(-1);
10827 + transform->status = xmlSecTransformStatusFinished ;
10829 + } else if( transform->status == xmlSecTransformStatusFinished ) {
10830 + if( xmlSecBufferGetSize( inBuf ) != 0 ) {
10831 + xmlSecError( XMLSEC_ERRORS_HERE ,
10832 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
10833 + NULL ,
10834 + XMLSEC_ERRORS_R_INVALID_STATUS ,
10835 + "status=%d", transform->status ) ;
10836 + return(-1);
10838 + } else {
10839 + xmlSecError( XMLSEC_ERRORS_HERE ,
10840 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
10841 + NULL ,
10842 + XMLSEC_ERRORS_R_INVALID_STATUS ,
10843 + "status=%d", transform->status ) ;
10844 + return(-1);
10847 + return(0);
10850 +#ifndef XMLSEC_NO_AES
10853 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
10854 +static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
10855 +#else
10856 +static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
10857 +#endif
10858 + /* klass/object sizes */
10859 + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
10860 + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
10862 + xmlSecNameKWAes128, /* const xmlChar* name; */
10863 + xmlSecHrefKWAes128, /* const xmlChar* href; */
10864 + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
10866 + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
10867 + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
10868 + NULL, /* xmlSecTransformNodeReadMethod readNode; */
10869 + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
10870 + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
10871 + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
10872 + NULL, /* xmlSecTransformValidateMethod validate; */
10873 + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
10874 + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
10875 + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
10876 + NULL, /* xmlSecTransformPushXmlMethod pushXml; */
10877 + NULL, /* xmlSecTransformPopXmlMethod popXml; */
10878 + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
10880 + NULL, /* void* reserved0; */
10881 + NULL, /* void* reserved1; */
10884 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
10885 +static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
10886 +#else
10887 +static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
10888 +#endif
10889 + /* klass/object sizes */
10890 + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
10891 + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
10893 + xmlSecNameKWAes192, /* const xmlChar* name; */
10894 + xmlSecHrefKWAes192, /* const xmlChar* href; */
10895 + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
10897 + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
10898 + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
10899 + NULL, /* xmlSecTransformNodeReadMethod readNode; */
10900 + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
10901 + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
10902 + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
10903 + NULL, /* xmlSecTransformValidateMethod validate; */
10904 + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
10905 + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
10906 + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
10907 + NULL, /* xmlSecTransformPushXmlMethod pushXml; */
10908 + NULL, /* xmlSecTransformPopXmlMethod popXml; */
10909 + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
10911 + NULL, /* void* reserved0; */
10912 + NULL, /* void* reserved1; */
10915 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
10916 +static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
10917 +#else
10918 +static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
10919 +#endif
10920 + /* klass/object sizes */
10921 + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
10922 + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
10924 + xmlSecNameKWAes256, /* const xmlChar* name; */
10925 + xmlSecHrefKWAes256, /* const xmlChar* href; */
10926 + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
10928 + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
10929 + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
10930 + NULL, /* xmlSecTransformNodeReadMethod readNode; */
10931 + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
10932 + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
10933 + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
10934 + NULL, /* xmlSecTransformValidateMethod validate; */
10935 + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
10936 + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
10937 + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
10938 + NULL, /* xmlSecTransformPushXmlMethod pushXml; */
10939 + NULL, /* xmlSecTransformPopXmlMethod popXml; */
10940 + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
10942 + NULL, /* void* reserved0; */
10943 + NULL, /* void* reserved1; */
10946 +/**
10947 + * xmlSecNssTransformKWAes128GetKlass:
10949 + * The AES-128 key wrapper transform klass.
10951 + * Returns AES-128 key wrapper transform klass.
10952 + */
10953 +xmlSecTransformId
10954 +xmlSecNssTransformKWAes128GetKlass(void) {
10955 + return(&xmlSecNssKWAes128Klass);
10958 +/**
10959 + * xmlSecNssTransformKWAes192GetKlass:
10961 + * The AES-192 key wrapper transform klass.
10963 + * Returns AES-192 key wrapper transform klass.
10964 + */
10965 +xmlSecTransformId
10966 +xmlSecNssTransformKWAes192GetKlass(void) {
10967 + return(&xmlSecNssKWAes192Klass);
10970 +/**
10972 + * The AES-256 key wrapper transform klass.
10974 + * Returns AES-256 key wrapper transform klass.
10975 + */
10976 +xmlSecTransformId
10977 +xmlSecNssTransformKWAes256GetKlass(void) {
10978 + return(&xmlSecNssKWAes256Klass);
10981 +#endif /* XMLSEC_NO_AES */
10984 +#ifndef XMLSEC_NO_DES
10986 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
10987 +static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
10988 +#else
10989 +static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
10990 +#endif
10991 + /* klass/object sizes */
10992 + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
10993 + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
10995 + xmlSecNameKWDes3, /* const xmlChar* name; */
10996 + xmlSecHrefKWDes3, /* const xmlChar* href; */
10997 + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
10999 + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
11000 + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
11001 + NULL, /* xmlSecTransformNodeReadMethod readNode; */
11002 + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
11003 + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
11004 + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
11005 + NULL, /* xmlSecTransformValidateMethod validate; */
11006 + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
11007 + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
11008 + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
11009 + NULL, /* xmlSecTransformPushXmlMethod pushXml; */
11010 + NULL, /* xmlSecTransformPopXmlMethod popXml; */
11011 + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
11013 + NULL, /* void* reserved0; */
11014 + NULL, /* void* reserved1; */
11017 +/**
11018 + * xmlSecNssTransformKWDes3GetKlass:
11019 + *
11020 + * The Triple DES key wrapper transform klass.
11022 + * Returns Triple DES key wrapper transform klass.
11023 + */
11024 +xmlSecTransformId
11025 +xmlSecNssTransformKWDes3GetKlass(void) {
11026 + return(&xmlSecNssKWDes3Klass);
11029 +#endif /* XMLSEC_NO_DES */
11031 --- misc/xmlsec1-1.2.6/src/nss/pkikeys.c 2004-03-17 06:06:45.000000000 +0100
11032 +++ misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c 2008-06-29 23:44:19.000000000 +0200
11033 @@ -5,6 +5,7 @@
11034 * distribution for preciese wording.
11036 * Copyright (c) 2003 America Online, Inc. All rights reserved.
11037 + * Copyright ...........................
11039 #include "globals.h"
11041 @@ -24,6 +25,7 @@
11042 #include <xmlsec/nss/crypto.h>
11043 #include <xmlsec/nss/bignum.h>
11044 #include <xmlsec/nss/pkikeys.h>
11045 +#include <xmlsec/nss/tokens.h>
11047 /**************************************************************************
11049 @@ -98,14 +100,13 @@
11051 xmlSecAssert(ctx != NULL);
11052 if (ctx->privkey != NULL) {
11053 - SECKEY_DestroyPrivateKey(ctx->privkey);
11054 - ctx->privkey = NULL;
11055 + SECKEY_DestroyPrivateKey(ctx->privkey);
11056 + ctx->privkey = NULL;
11059 - if (ctx->pubkey)
11061 - SECKEY_DestroyPublicKey(ctx->pubkey);
11062 - ctx->pubkey = NULL;
11063 + if (ctx->pubkey) {
11064 + SECKEY_DestroyPublicKey(ctx->pubkey);
11065 + ctx->pubkey = NULL;
11069 @@ -115,29 +116,32 @@
11070 xmlSecNssPKIKeyDataCtxPtr ctxSrc)
11072 xmlSecNSSPKIKeyDataCtxFree(ctxDst);
11073 + ctxDst->privkey = NULL ;
11074 + ctxDst->pubkey = NULL ;
11075 if (ctxSrc->privkey != NULL) {
11076 - ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
11077 - if(ctxDst->privkey == NULL) {
11078 - xmlSecError(XMLSEC_ERRORS_HERE,
11079 - NULL,
11080 - "SECKEY_CopyPrivateKey",
11081 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
11082 - XMLSEC_ERRORS_NO_MESSAGE);
11083 - return(-1);
11085 + ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
11086 + if(ctxDst->privkey == NULL) {
11087 + xmlSecError(XMLSEC_ERRORS_HERE,
11088 + NULL,
11089 + "SECKEY_CopyPrivateKey",
11090 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
11091 + "error code=%d", PORT_GetError());
11092 + return(-1);
11096 if (ctxSrc->pubkey != NULL) {
11097 - ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
11098 - if(ctxDst->pubkey == NULL) {
11099 - xmlSecError(XMLSEC_ERRORS_HERE,
11100 - NULL,
11101 - "SECKEY_CopyPublicKey",
11102 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
11103 - XMLSEC_ERRORS_NO_MESSAGE);
11104 - return(-1);
11106 + ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
11107 + if(ctxDst->pubkey == NULL) {
11108 + xmlSecError(XMLSEC_ERRORS_HERE,
11109 + NULL,
11110 + "SECKEY_CopyPublicKey",
11111 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
11112 + "error code=%d", PORT_GetError());
11113 + return(-1);
11117 return (0);
11120 @@ -147,20 +151,41 @@
11121 SECKEYPublicKey *pubkey)
11123 xmlSecNssPKIKeyDataCtxPtr ctx;
11124 + KeyType pubType = nullKey ;
11125 + KeyType priType = nullKey ;
11127 xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
11128 xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
11130 + if( privkey != NULL ) {
11131 + priType = SECKEY_GetPrivateKeyType( privkey ) ;
11134 + if( pubkey != NULL ) {
11135 + pubType = SECKEY_GetPublicKeyType( pubkey ) ;
11138 + if( priType != nullKey && pubType != nullKey ) {
11139 + if( pubType != priType ) {
11140 + xmlSecError( XMLSEC_ERRORS_HERE ,
11141 + NULL ,
11142 + NULL ,
11143 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
11144 + "different type of private and public key" ) ;
11145 + return -1 ;
11149 ctx = xmlSecNssPKIKeyDataGetCtx(data);
11150 xmlSecAssert2(ctx != NULL, -1);
11152 if (ctx->privkey) {
11153 - SECKEY_DestroyPrivateKey(ctx->privkey);
11154 + SECKEY_DestroyPrivateKey(ctx->privkey);
11156 ctx->privkey = privkey;
11158 if (ctx->pubkey) {
11159 - SECKEY_DestroyPublicKey(ctx->pubkey);
11160 + SECKEY_DestroyPublicKey(ctx->pubkey);
11162 ctx->pubkey = pubkey;
11164 @@ -183,61 +208,75 @@
11166 xmlSecKeyDataPtr data = NULL;
11167 int ret;
11168 - KeyType kt;
11170 - if (pubkey != NULL) {
11171 - kt = SECKEY_GetPublicKeyType(pubkey);
11172 - } else {
11173 - kt = SECKEY_GetPrivateKeyType(privkey);
11174 - pubkey = SECKEY_ConvertToPublicKey(privkey);
11176 + KeyType pubType = nullKey ;
11177 + KeyType priType = nullKey ;
11179 - switch(kt) {
11180 + if( privkey != NULL ) {
11181 + priType = SECKEY_GetPrivateKeyType( privkey ) ;
11184 + if( pubkey != NULL ) {
11185 + pubType = SECKEY_GetPublicKeyType( pubkey ) ;
11188 + if( priType != nullKey && pubType != nullKey ) {
11189 + if( pubType != priType ) {
11190 + xmlSecError( XMLSEC_ERRORS_HERE ,
11191 + NULL ,
11192 + NULL ,
11193 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
11194 + "different type of private and public key" ) ;
11195 + return( NULL ) ;
11199 + pubType = priType != nullKey ? priType : pubType ;
11200 + switch(pubType) {
11201 #ifndef XMLSEC_NO_RSA
11202 case rsaKey:
11203 - data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
11204 - if(data == NULL) {
11205 - xmlSecError(XMLSEC_ERRORS_HERE,
11206 - NULL,
11207 - "xmlSecKeyDataCreate",
11208 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
11209 - "xmlSecNssKeyDataRsaId");
11210 - return(NULL);
11212 - break;
11213 + data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
11214 + if(data == NULL) {
11215 + xmlSecError(XMLSEC_ERRORS_HERE,
11216 + NULL,
11217 + "xmlSecKeyDataCreate",
11218 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
11219 + "xmlSecNssKeyDataRsaId");
11220 + return(NULL);
11222 + break;
11223 #endif /* XMLSEC_NO_RSA */
11224 #ifndef XMLSEC_NO_DSA
11225 case dsaKey:
11226 - data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
11227 - if(data == NULL) {
11228 - xmlSecError(XMLSEC_ERRORS_HERE,
11229 - NULL,
11230 - "xmlSecKeyDataCreate",
11231 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
11232 - "xmlSecNssKeyDataDsaId");
11233 - return(NULL);
11235 - break;
11236 + data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
11237 + if(data == NULL) {
11238 + xmlSecError(XMLSEC_ERRORS_HERE,
11239 + NULL,
11240 + "xmlSecKeyDataCreate",
11241 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
11242 + "xmlSecNssKeyDataDsaId");
11243 + return(NULL);
11245 + break;
11246 #endif /* XMLSEC_NO_DSA */
11247 default:
11248 - xmlSecError(XMLSEC_ERRORS_HERE,
11249 + xmlSecError(XMLSEC_ERRORS_HERE,
11250 NULL,
11251 NULL,
11252 XMLSEC_ERRORS_R_INVALID_TYPE,
11253 - "PKI key type %d not supported", kt);
11254 - return(NULL);
11255 + "PKI key type %d not supported", pubType);
11256 + return(NULL);
11259 xmlSecAssert2(data != NULL, NULL);
11260 ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
11261 if(ret < 0) {
11262 - xmlSecError(XMLSEC_ERRORS_HERE,
11263 + xmlSecError(XMLSEC_ERRORS_HERE,
11264 NULL,
11265 "xmlSecNssPKIKeyDataAdoptKey",
11266 XMLSEC_ERRORS_R_XMLSEC_FAILED,
11267 XMLSEC_ERRORS_NO_MESSAGE);
11268 - xmlSecKeyDataDestroy(data);
11269 - return(NULL);
11270 + xmlSecKeyDataDestroy(data);
11271 + return(NULL);
11273 return(data);
11275 @@ -263,7 +302,7 @@
11276 xmlSecAssert2(ctx != NULL, NULL);
11277 xmlSecAssert2(ctx->pubkey != NULL, NULL);
11279 - ret = SECKEY_CopyPublicKey(ctx->pubkey);
11280 + ret = SECKEY_CopyPublicKey(ctx->pubkey);
11281 return(ret);
11284 @@ -312,9 +351,9 @@
11285 xmlSecAssert2(ctx != NULL, nullKey);
11287 if (ctx->pubkey != NULL) {
11288 - kt = SECKEY_GetPublicKeyType(ctx->pubkey);
11289 + kt = SECKEY_GetPublicKeyType(ctx->pubkey);
11290 } else {
11291 - kt = SECKEY_GetPrivateKeyType(ctx->privkey);
11292 + kt = SECKEY_GetPrivateKeyType(ctx->privkey);
11294 return(kt);
11296 @@ -453,7 +492,11 @@
11297 static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
11298 FILE* output);
11300 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
11301 +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = {
11302 +#else
11303 static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = {
11304 +#endif
11305 sizeof(xmlSecKeyDataKlass),
11306 xmlSecNssPKIKeyDataSize,
11308 @@ -553,13 +596,13 @@
11309 goto done;
11312 - slot = PK11_GetBestSlot(CKM_DSA, NULL);
11313 + slot = xmlSecNssSlotGet(CKM_DSA);
11314 if(slot == NULL) {
11315 xmlSecError(XMLSEC_ERRORS_HERE,
11316 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
11317 - "PK11_GetBestSlot",
11318 + "xmlSecNssSlotGet",
11319 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11320 - XMLSEC_ERRORS_NO_MESSAGE);
11321 + "error code=%d", PORT_GetError());
11322 ret = -1;
11323 goto done;
11325 @@ -570,7 +613,7 @@
11326 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
11327 "PORT_NewArena",
11328 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11329 - XMLSEC_ERRORS_NO_MESSAGE);
11330 + "error code=%d", PORT_GetError());
11331 ret = -1;
11332 goto done;
11334 @@ -582,7 +625,7 @@
11335 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
11336 "PORT_ArenaZAlloc",
11337 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11338 - XMLSEC_ERRORS_NO_MESSAGE);
11339 + "error code=%d", PORT_GetError());
11340 PORT_FreeArena(arena, PR_FALSE);
11341 ret = -1;
11342 goto done;
11343 @@ -750,21 +793,21 @@
11344 goto done;
11346 data = NULL;
11348 ret = 0;
11350 done:
11351 if (slot != NULL) {
11352 - PK11_FreeSlot(slot);
11353 + PK11_FreeSlot(slot);
11355 - if (ret != 0) {
11356 - if (pubkey != NULL) {
11357 - SECKEY_DestroyPublicKey(pubkey);
11359 - if (data != NULL) {
11360 - xmlSecKeyDataDestroy(data);
11363 + if (pubkey != NULL) {
11364 + SECKEY_DestroyPublicKey(pubkey);
11367 + if (data != NULL) {
11368 + xmlSecKeyDataDestroy(data);
11371 return(ret);
11374 @@ -783,7 +826,7 @@
11376 ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
11377 xmlSecAssert2(ctx != NULL, -1);
11378 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
11379 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
11381 if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
11382 /* we can have only private key or public key */
11383 @@ -905,7 +948,8 @@
11384 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
11385 "PK11_PQG_ParamGen",
11386 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11387 - "size=%d", sizeBits);
11388 + "size=%d, error code=%d", sizeBits, PORT_GetError());
11389 + ret = -1;
11390 goto done;
11393 @@ -915,11 +959,12 @@
11394 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
11395 "PK11_PQG_VerifyParams",
11396 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11397 - "size=%d", sizeBits);
11398 + "size=%d, error code=%d", sizeBits, PORT_GetError());
11399 + ret = -1;
11400 goto done;
11403 - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
11404 + slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
11405 PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
11406 privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
11407 &pubkey, PR_FALSE, PR_TRUE, NULL);
11408 @@ -929,8 +974,9 @@
11409 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
11410 "PK11_GenerateKeyPair",
11411 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11412 - XMLSEC_ERRORS_NO_MESSAGE);
11413 + "error code=%d", PORT_GetError());
11415 + ret = -1;
11416 goto done;
11419 @@ -943,29 +989,32 @@
11420 XMLSEC_ERRORS_NO_MESSAGE);
11421 goto done;
11424 + privkey = NULL ;
11425 + pubkey = NULL ;
11426 ret = 0;
11428 done:
11429 if (slot != NULL) {
11430 - PK11_FreeSlot(slot);
11431 + PK11_FreeSlot(slot);
11434 if (pqgParams != NULL) {
11435 - PK11_PQG_DestroyParams(pqgParams);
11436 + PK11_PQG_DestroyParams(pqgParams);
11439 if (pqgVerify != NULL) {
11440 - PK11_PQG_DestroyVerify(pqgVerify);
11442 - if (ret == 0) {
11443 - return (0);
11444 + PK11_PQG_DestroyVerify(pqgVerify);
11447 if (pubkey != NULL) {
11448 - SECKEY_DestroyPublicKey(pubkey);
11449 + SECKEY_DestroyPublicKey(pubkey);
11452 if (privkey != NULL) {
11453 - SECKEY_DestroyPrivateKey(privkey);
11454 + SECKEY_DestroyPrivateKey(privkey);
11456 - return(-1);
11458 + return(ret);
11461 static xmlSecKeyDataType
11462 @@ -975,11 +1024,11 @@
11463 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
11464 ctx = xmlSecNssPKIKeyDataGetCtx(data);
11465 xmlSecAssert2(ctx != NULL, -1);
11466 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
11467 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
11468 if (ctx->privkey != NULL) {
11469 - return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
11470 - } else {
11471 - return(xmlSecKeyDataTypePublic);
11472 + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
11473 + } else if( ctx->pubkey != NULL ) {
11474 + return(xmlSecKeyDataTypePublic);
11477 return(xmlSecKeyDataTypeUnknown);
11478 @@ -992,7 +1041,7 @@
11479 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
11480 ctx = xmlSecNssPKIKeyDataGetCtx(data);
11481 xmlSecAssert2(ctx != NULL, -1);
11482 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
11483 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
11485 return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
11487 @@ -1084,7 +1133,11 @@
11488 static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
11489 FILE* output);
11491 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
11492 +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = {
11493 +#else
11494 static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = {
11495 +#endif
11496 sizeof(xmlSecKeyDataKlass),
11497 xmlSecNssPKIKeyDataSize,
11499 @@ -1181,13 +1234,13 @@
11500 goto done;
11503 - slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
11504 + slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
11505 if(slot == NULL) {
11506 xmlSecError(XMLSEC_ERRORS_HERE,
11507 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
11508 - "PK11_GetBestSlot",
11509 + "xmlSecNssSlotGet",
11510 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11511 - XMLSEC_ERRORS_NO_MESSAGE);
11512 + "error code=%d", PORT_GetError());
11513 ret = -1;
11514 goto done;
11516 @@ -1198,7 +1251,7 @@
11517 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
11518 "PORT_NewArena",
11519 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11520 - XMLSEC_ERRORS_NO_MESSAGE);
11521 + "error code=%d", PORT_GetError());
11522 ret = -1;
11523 goto done;
11525 @@ -1210,7 +1263,7 @@
11526 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
11527 "PORT_ArenaZAlloc",
11528 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11529 - XMLSEC_ERRORS_NO_MESSAGE);
11530 + "error code=%d", PORT_GetError());
11531 PORT_FreeArena(arena, PR_FALSE);
11532 ret = -1;
11533 goto done;
11534 @@ -1349,7 +1402,7 @@
11536 ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
11537 xmlSecAssert2(ctx != NULL, -1);
11538 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
11539 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
11542 if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
11543 @@ -1420,7 +1473,7 @@
11544 params.keySizeInBits = sizeBits;
11545 params.pe = 65537;
11547 - slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
11548 + slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
11549 PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
11550 privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
11551 &pubkey, PR_FALSE, PR_TRUE, NULL);
11552 @@ -1430,7 +1483,7 @@
11553 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
11554 "PK11_GenerateKeyPair",
11555 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11556 - XMLSEC_ERRORS_NO_MESSAGE);
11557 + "error code=%d", PORT_GetError());
11559 goto done;
11561 @@ -1472,7 +1525,7 @@
11563 ctx = xmlSecNssPKIKeyDataGetCtx(data);
11564 xmlSecAssert2(ctx != NULL, -1);
11565 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
11566 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
11567 if (ctx->privkey != NULL) {
11568 return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
11569 } else {
11570 @@ -1490,7 +1543,7 @@
11572 ctx = xmlSecNssPKIKeyDataGetCtx(data);
11573 xmlSecAssert2(ctx != NULL, -1);
11574 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
11575 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
11577 return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
11579 --- misc/xmlsec1-1.2.6/src/nss/signatures.c 2003-09-26 02:58:15.000000000 +0200
11580 +++ misc/build/xmlsec1-1.2.6/src/nss/signatures.c 2008-06-29 23:44:19.000000000 +0200
11581 @@ -199,7 +199,7 @@
11582 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
11583 "SGN_NewContext",
11584 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11585 - XMLSEC_ERRORS_NO_MESSAGE);
11586 + "error code=%d", PORT_GetError());
11587 return(-1);
11589 } else {
11590 @@ -222,7 +222,7 @@
11591 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
11592 "VFY_CreateContext",
11593 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11594 - XMLSEC_ERRORS_NO_MESSAGE);
11595 + "error code=%d", PORT_GetError());
11596 return(-1);
11599 @@ -282,7 +282,7 @@
11600 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
11601 "VFY_Update, VFY_End",
11602 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11603 - XMLSEC_ERRORS_NO_MESSAGE);
11604 + "error code=%d", PORT_GetError());
11606 if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
11607 xmlSecError(XMLSEC_ERRORS_HERE,
11608 @@ -341,7 +341,7 @@
11609 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
11610 "SGN_Begin",
11611 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11612 - XMLSEC_ERRORS_NO_MESSAGE);
11613 + "error code=%d", PORT_GetError());
11614 return(-1);
11616 } else {
11617 @@ -351,7 +351,7 @@
11618 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
11619 "VFY_Begin",
11620 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11621 - XMLSEC_ERRORS_NO_MESSAGE);
11622 + "error code=%d", PORT_GetError());
11623 return(-1);
11626 @@ -368,7 +368,7 @@
11627 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
11628 "SGN_Update",
11629 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11630 - XMLSEC_ERRORS_NO_MESSAGE);
11631 + "error code=%d", PORT_GetError());
11632 return(-1);
11634 } else {
11635 @@ -378,7 +378,7 @@
11636 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
11637 "VFY_Update",
11638 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11639 - XMLSEC_ERRORS_NO_MESSAGE);
11640 + "error code=%d", PORT_GetError());
11641 return(-1);
11644 @@ -404,7 +404,7 @@
11645 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
11646 "SGN_End",
11647 XMLSEC_ERRORS_R_CRYPTO_FAILED,
11648 - XMLSEC_ERRORS_NO_MESSAGE);
11649 + "error code=%d", PORT_GetError());
11650 return(-1);
11653 @@ -459,7 +459,11 @@
11655 ***************************************************************************/
11657 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
11658 +static struct _xmlSecTransformKlass xmlSecNssDsaSha1Klass = {
11659 +#else
11660 static xmlSecTransformKlass xmlSecNssDsaSha1Klass = {
11661 +#endif
11662 /* klass/object sizes */
11663 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
11664 xmlSecNssSignatureSize, /* xmlSecSize objSize */
11665 @@ -506,7 +510,11 @@
11666 * RSA-SHA1 signature transform
11668 ***************************************************************************/
11669 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
11670 +static struct _xmlSecTransformKlass xmlSecNssRsaSha1Klass = {
11671 +#else
11672 static xmlSecTransformKlass xmlSecNssRsaSha1Klass = {
11673 +#endif
11674 /* klass/object sizes */
11675 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
11676 xmlSecNssSignatureSize, /* xmlSecSize objSize */
11677 --- misc/xmlsec1-1.2.6/src/nss/symkeys.c 2003-07-21 05:12:52.000000000 +0200
11678 +++ misc/build/xmlsec1-1.2.6/src/nss/symkeys.c 2008-06-29 23:44:19.000000000 +0200
11679 @@ -15,178 +15,837 @@
11680 #include <stdio.h>
11681 #include <string.h>
11683 +#include <pk11func.h>
11684 +#include <nss.h>
11686 #include <xmlsec/xmlsec.h>
11687 #include <xmlsec/xmltree.h>
11688 +#include <xmlsec/base64.h>
11689 #include <xmlsec/keys.h>
11690 #include <xmlsec/keyinfo.h>
11691 #include <xmlsec/transforms.h>
11692 #include <xmlsec/errors.h>
11694 #include <xmlsec/nss/crypto.h>
11695 +#include <xmlsec/nss/ciphers.h>
11696 +#include <xmlsec/nss/tokens.h>
11698 /*****************************************************************************
11700 - * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
11701 + * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
11703 ****************************************************************************/
11704 -static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
11705 -static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
11706 - xmlSecKeyDataPtr src);
11707 -static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
11708 -static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
11709 - xmlSecKeyPtr key,
11710 - xmlNodePtr node,
11711 - xmlSecKeyInfoCtxPtr keyInfoCtx);
11712 -static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
11713 - xmlSecKeyPtr key,
11714 - xmlNodePtr node,
11715 - xmlSecKeyInfoCtxPtr keyInfoCtx);
11716 -static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
11717 - xmlSecKeyPtr key,
11718 - const xmlSecByte* buf,
11719 - xmlSecSize bufSize,
11720 - xmlSecKeyInfoCtxPtr keyInfoCtx);
11721 -static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
11722 - xmlSecKeyPtr key,
11723 - xmlSecByte** buf,
11724 - xmlSecSize* bufSize,
11725 - xmlSecKeyInfoCtxPtr keyInfoCtx);
11726 -static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
11727 - xmlSecSize sizeBits,
11728 - xmlSecKeyDataType type);
11730 -static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
11731 -static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
11732 -static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
11733 - FILE* output);
11734 -static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
11735 - FILE* output);
11736 -static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
11737 +typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
11738 +typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
11740 +struct _xmlSecNssSymKeyDataCtx {
11741 + CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
11742 + PK11SlotInfo* slot ; /* the key resident slot */
11743 + PK11SymKey* symkey ; /* the symmetic key */
11744 +} ;
11746 +#define xmlSecNssSymKeyDataSize \
11747 + ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
11749 +#define xmlSecNssSymKeyDataGetCtx( data ) \
11750 + ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
11753 +static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
11754 +static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
11755 + xmlSecKeyDataPtr src);
11756 +static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
11757 +static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
11758 + xmlSecKeyPtr key,
11759 + xmlNodePtr node,
11760 + xmlSecKeyInfoCtxPtr keyInfoCtx);
11761 +static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
11762 + xmlSecKeyPtr key,
11763 + xmlNodePtr node,
11764 + xmlSecKeyInfoCtxPtr keyInfoCtx);
11765 +static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
11766 + xmlSecKeyPtr key,
11767 + const xmlSecByte* buf,
11768 + xmlSecSize bufSize,
11769 + xmlSecKeyInfoCtxPtr keyInfoCtx);
11770 +static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
11771 + xmlSecKeyPtr key,
11772 + xmlSecByte** buf,
11773 + xmlSecSize* bufSize,
11774 + xmlSecKeyInfoCtxPtr keyInfoCtx);
11775 +static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
11776 + xmlSecSize sizeBits,
11777 + xmlSecKeyDataType type);
11779 +static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
11780 +static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
11781 +static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
11782 + FILE* output);
11783 +static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
11784 + FILE* output);
11785 +static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
11787 #define xmlSecNssSymKeyDataCheckId(data) \
11788 (xmlSecKeyDataIsValid((data)) && \
11789 xmlSecNssSymKeyDataKlassCheck((data)->id))
11791 +/**
11792 + * xmlSecNssSymKeyDataAdoptKey:
11793 + * @data: the pointer to symmetric key data.
11794 + * @symkey: the symmetric key
11796 + * Set the value of symmetric key data.
11798 + * Returns 0 on success or a negative value if an error occurs.
11799 + */
11800 +int
11801 +xmlSecNssSymKeyDataAdoptKey(
11802 + xmlSecKeyDataPtr data ,
11803 + PK11SymKey* symkey
11804 +) {
11805 + xmlSecNssSymKeyDataCtxPtr context = NULL ;
11807 + xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
11808 + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
11809 + xmlSecAssert2( symkey != NULL, -1 ) ;
11811 + context = xmlSecNssSymKeyDataGetCtx( data ) ;
11812 + xmlSecAssert2(context != NULL, -1);
11814 + context->cipher = PK11_GetMechanism( symkey ) ;
11816 + if( context->slot != NULL ) {
11817 + PK11_FreeSlot( context->slot ) ;
11818 + context->slot = NULL ;
11820 + context->slot = PK11_GetSlotFromKey( symkey ) ;
11822 + if( context->symkey != NULL ) {
11823 + PK11_FreeSymKey( context->symkey ) ;
11824 + context->symkey = NULL ;
11826 + context->symkey = PK11_ReferenceSymKey( symkey ) ;
11828 + return 0 ;
11831 +xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
11832 + PK11SymKey* symKey
11833 +) {
11834 + xmlSecKeyDataPtr data = NULL ;
11835 + CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
11837 + xmlSecAssert2( symKey != NULL , NULL ) ;
11839 + mechanism = PK11_GetMechanism( symKey ) ;
11840 + switch( mechanism ) {
11841 + case CKM_DES3_KEY_GEN :
11842 + case CKM_DES3_CBC :
11843 + case CKM_DES3_MAC :
11844 + data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
11845 + if( data == NULL ) {
11846 + xmlSecError( XMLSEC_ERRORS_HERE ,
11847 + NULL ,
11848 + "xmlSecKeyDataCreate" ,
11849 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
11850 + "xmlSecNssKeyDataDesId" ) ;
11851 + return NULL ;
11853 + break ;
11854 + case CKM_AES_KEY_GEN :
11855 + case CKM_AES_CBC :
11856 + case CKM_AES_MAC :
11857 + data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
11858 + if( data == NULL ) {
11859 + xmlSecError( XMLSEC_ERRORS_HERE ,
11860 + NULL ,
11861 + "xmlSecKeyDataCreate" ,
11862 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
11863 + "xmlSecNssKeyDataDesId" ) ;
11864 + return NULL ;
11866 + break ;
11867 + default :
11868 + xmlSecError( XMLSEC_ERRORS_HERE ,
11869 + NULL ,
11870 + NULL ,
11871 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
11872 + "Unsupported mechanism" ) ;
11873 + return NULL ;
11876 + if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
11877 + xmlSecError( XMLSEC_ERRORS_HERE ,
11878 + NULL ,
11879 + "xmlSecNssSymKeyDataAdoptKey" ,
11880 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
11881 + XMLSEC_ERRORS_NO_MESSAGE ) ;
11883 + xmlSecKeyDataDestroy( data ) ;
11884 + return NULL ;
11887 + return data ;
11891 +PK11SymKey*
11892 +xmlSecNssSymKeyDataGetKey(
11893 + xmlSecKeyDataPtr data
11894 +) {
11895 + xmlSecNssSymKeyDataCtxPtr ctx;
11896 + PK11SymKey* symkey ;
11898 + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
11899 + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
11901 + ctx = xmlSecNssSymKeyDataGetCtx(data);
11902 + xmlSecAssert2(ctx != NULL, NULL);
11904 + if( ctx->symkey != NULL ) {
11905 + symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
11906 + } else {
11907 + symkey = NULL ;
11910 + return(symkey);
11913 static int
11914 xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
11915 + xmlSecNssSymKeyDataCtxPtr ctx;
11917 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
11919 - return(xmlSecKeyDataBinaryValueInitialize(data));
11920 + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
11922 + ctx = xmlSecNssSymKeyDataGetCtx(data);
11923 + xmlSecAssert2(ctx != NULL, -1);
11925 + memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
11927 + /* Set the block cipher mechanism */
11928 +#ifndef XMLSEC_NO_DES
11929 + if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
11930 + ctx->cipher = CKM_DES3_KEY_GEN;
11931 + } else
11932 +#endif /* XMLSEC_NO_DES */
11934 +#ifndef XMLSEC_NO_AES
11935 + if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
11936 + ctx->cipher = CKM_AES_KEY_GEN;
11937 + } else
11938 +#endif /* XMLSEC_NO_AES */
11940 + if(1) {
11941 + xmlSecError( XMLSEC_ERRORS_HERE ,
11942 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
11943 + NULL ,
11944 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
11945 + "Unsupported block cipher" ) ;
11946 + return(-1) ;
11949 + return(0);
11952 static int
11953 xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
11954 + xmlSecNssSymKeyDataCtxPtr ctxDst;
11955 + xmlSecNssSymKeyDataCtxPtr ctxSrc;
11957 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
11958 + xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
11959 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
11960 + xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
11961 xmlSecAssert2(dst->id == src->id, -1);
11963 - return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
11965 + ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
11966 + xmlSecAssert2(ctxDst != NULL, -1);
11968 + ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
11969 + xmlSecAssert2(ctxSrc != NULL, -1);
11971 + ctxDst->cipher = ctxSrc->cipher ;
11973 + if( ctxSrc->slot != NULL ) {
11974 + if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
11975 + PK11_FreeSlot( ctxDst->slot ) ;
11976 + ctxDst->slot = NULL ;
11979 + if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
11980 + ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
11981 + } else {
11982 + if( ctxDst->slot != NULL ) {
11983 + PK11_FreeSlot( ctxDst->slot ) ;
11984 + ctxDst->slot = NULL ;
11988 + if( ctxSrc->symkey != NULL ) {
11989 + if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
11990 + PK11_FreeSymKey( ctxDst->symkey ) ;
11991 + ctxDst->symkey = NULL ;
11994 + if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
11995 + ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
11996 + } else {
11997 + if( ctxDst->symkey != NULL ) {
11998 + PK11_FreeSymKey( ctxDst->symkey ) ;
11999 + ctxDst->symkey = NULL ;
12003 + return(0);
12006 static void
12007 xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
12008 + xmlSecNssSymKeyDataCtxPtr ctx;
12010 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
12012 - xmlSecKeyDataBinaryValueFinalize(data);
12013 + xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
12015 + ctx = xmlSecNssSymKeyDataGetCtx(data);
12016 + xmlSecAssert(ctx != NULL);
12018 + if( ctx->slot != NULL ) {
12019 + PK11_FreeSlot( ctx->slot ) ;
12020 + ctx->slot = NULL ;
12023 + if( ctx->symkey != NULL ) {
12024 + PK11_FreeSymKey( ctx->symkey ) ;
12025 + ctx->symkey = NULL ;
12028 + ctx->cipher = CKM_INVALID_MECHANISM ;
12031 static int
12032 xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
12033 - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
12034 - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
12035 + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
12036 + PK11SymKey* symKey ;
12037 + PK11SlotInfo* slot ;
12038 + xmlSecBufferPtr keyBuf;
12039 + xmlSecSize len;
12040 + xmlSecKeyDataPtr data;
12041 + xmlSecNssSymKeyDataCtxPtr ctx;
12042 + SECItem keyItem ;
12043 + int ret;
12045 + xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
12046 + xmlSecAssert2(key != NULL, -1);
12047 + xmlSecAssert2(node != NULL, -1);
12048 + xmlSecAssert2(keyInfoCtx != NULL, -1);
12050 + /* Create a new KeyData from a id */
12051 + data = xmlSecKeyDataCreate(id);
12052 + if(data == NULL ) {
12053 + xmlSecError(XMLSEC_ERRORS_HERE,
12054 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12055 + "xmlSecKeyDataCreate",
12056 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12057 + XMLSEC_ERRORS_NO_MESSAGE);
12058 + return(-1);
12061 + ctx = xmlSecNssSymKeyDataGetCtx(data);
12062 + xmlSecAssert2(ctx != NULL, -1);
12064 + /* Create a buffer for raw symmetric key value */
12065 + if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
12066 + xmlSecError( XMLSEC_ERRORS_HERE ,
12067 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12068 + "xmlSecBufferCreate" ,
12069 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
12070 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12071 + xmlSecKeyDataDestroy( data ) ;
12072 + return(-1) ;
12075 + /* Read the raw key value */
12076 + if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
12077 + xmlSecError( XMLSEC_ERRORS_HERE ,
12078 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12079 + xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
12080 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
12081 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12083 + xmlSecBufferDestroy( keyBuf ) ;
12084 + xmlSecKeyDataDestroy( data ) ;
12085 + return(-1) ;
12088 + /* Get slot */
12089 + slot = xmlSecNssSlotGet(ctx->cipher);
12090 + if( slot == NULL ) {
12091 + xmlSecError( XMLSEC_ERRORS_HERE ,
12092 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12093 + "xmlSecNssSlotGet" ,
12094 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
12095 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12097 + xmlSecBufferDestroy( keyBuf ) ;
12098 + xmlSecKeyDataDestroy( data ) ;
12099 + return(-1) ;
12102 + /* Wrap the raw key value SECItem */
12103 + keyItem.type = siBuffer ;
12104 + keyItem.data = xmlSecBufferGetData( keyBuf ) ;
12105 + keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
12107 + /* Import the raw key into slot temporalily and get the key handler*/
12108 + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
12109 + if( symKey == NULL ) {
12110 + xmlSecError( XMLSEC_ERRORS_HERE ,
12111 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12112 + "PK11_ImportSymKey" ,
12113 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
12114 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12116 + PK11_FreeSlot( slot ) ;
12117 + xmlSecBufferDestroy( keyBuf ) ;
12118 + xmlSecKeyDataDestroy( data ) ;
12119 + return(-1) ;
12121 + PK11_FreeSlot( slot ) ;
12123 + /* raw key material has been copied into symKey, it isn't used any more */
12124 + xmlSecBufferDestroy( keyBuf ) ;
12126 - return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
12127 + /* Adopt the symmetric key into key data */
12128 + ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
12129 + if(ret < 0) {
12130 + xmlSecError(XMLSEC_ERRORS_HERE,
12131 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12132 + "xmlSecKeyDataBinaryValueSetBuffer",
12133 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12134 + XMLSEC_ERRORS_NO_MESSAGE);
12135 + PK11_FreeSymKey( symKey ) ;
12136 + xmlSecKeyDataDestroy( data ) ;
12137 + return(-1);
12139 + /* symKey has been duplicated into data, it isn't used any more */
12140 + PK11_FreeSymKey( symKey ) ;
12142 + /* Check value */
12143 + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
12144 + xmlSecError(XMLSEC_ERRORS_HERE,
12145 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12146 + "xmlSecKeyReqMatchKeyValue",
12147 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12148 + XMLSEC_ERRORS_NO_MESSAGE);
12149 + xmlSecKeyDataDestroy( data ) ;
12150 + return(0);
12153 + ret = xmlSecKeySetValue(key, data);
12154 + if(ret < 0) {
12155 + xmlSecError(XMLSEC_ERRORS_HERE,
12156 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12157 + "xmlSecKeySetValue",
12158 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12159 + XMLSEC_ERRORS_NO_MESSAGE);
12160 + xmlSecKeyDataDestroy( data ) ;
12161 + return(-1);
12164 + return(0);
12167 static int
12168 xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
12169 - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
12170 + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
12171 + PK11SymKey* symKey ;
12173 xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
12174 + xmlSecAssert2(key != NULL, -1);
12175 + xmlSecAssert2(node != NULL, -1);
12176 + xmlSecAssert2(keyInfoCtx != NULL, -1);
12178 + /* Get symmetric key from "key" */
12179 + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
12180 + if( symKey != NULL ) {
12181 + SECItem* keyItem ;
12182 + xmlSecBufferPtr keyBuf ;
12184 + /* Extract raw key data from symmetric key */
12185 + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
12186 + xmlSecError(XMLSEC_ERRORS_HERE,
12187 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12188 + "PK11_ExtractKeyValue",
12189 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12190 + XMLSEC_ERRORS_NO_MESSAGE);
12191 + PK11_FreeSymKey( symKey ) ;
12192 + return(-1);
12195 + /* Get raw key data from "symKey" */
12196 + keyItem = PK11_GetKeyData( symKey ) ;
12197 + if(keyItem == NULL) {
12198 + xmlSecError(XMLSEC_ERRORS_HERE,
12199 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12200 + "PK11_GetKeyData",
12201 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12202 + XMLSEC_ERRORS_NO_MESSAGE);
12203 + PK11_FreeSymKey( symKey ) ;
12204 + return(-1);
12207 + /* Create key data buffer with raw kwy material */
12208 + keyBuf = xmlSecBufferCreate(keyItem->len) ;
12209 + if(keyBuf == NULL) {
12210 + xmlSecError(XMLSEC_ERRORS_HERE,
12211 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12212 + "xmlSecBufferCreate",
12213 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12214 + XMLSEC_ERRORS_NO_MESSAGE);
12215 + PK11_FreeSymKey( symKey ) ;
12216 + return(-1);
12219 + xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
12221 + /* Write raw key material into current xml node */
12222 + if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
12223 + xmlSecError(XMLSEC_ERRORS_HERE,
12224 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12225 + "xmlSecBufferBase64NodeContentWrite",
12226 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12227 + XMLSEC_ERRORS_NO_MESSAGE);
12228 + xmlSecBufferDestroy(keyBuf);
12229 + PK11_FreeSymKey( symKey ) ;
12230 + return(-1);
12232 + xmlSecBufferDestroy(keyBuf);
12233 + PK11_FreeSymKey( symKey ) ;
12236 - return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
12237 + return 0 ;
12240 static int
12241 xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
12242 - const xmlSecByte* buf, xmlSecSize bufSize,
12243 - xmlSecKeyInfoCtxPtr keyInfoCtx) {
12244 - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
12245 + const xmlSecByte* buf, xmlSecSize bufSize,
12246 + xmlSecKeyInfoCtxPtr keyInfoCtx) {
12247 + PK11SymKey* symKey ;
12248 + PK11SlotInfo* slot ;
12249 + xmlSecKeyDataPtr data;
12250 + xmlSecNssSymKeyDataCtxPtr ctx;
12251 + SECItem keyItem ;
12252 + int ret;
12254 - return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
12255 + xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
12256 + xmlSecAssert2(key != NULL, -1);
12257 + xmlSecAssert2(buf != NULL, -1);
12258 + xmlSecAssert2(bufSize != 0, -1);
12259 + xmlSecAssert2(keyInfoCtx != NULL, -1);
12261 + /* Create a new KeyData from a id */
12262 + data = xmlSecKeyDataCreate(id);
12263 + if(data == NULL ) {
12264 + xmlSecError(XMLSEC_ERRORS_HERE,
12265 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12266 + "xmlSecKeyDataCreate",
12267 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12268 + XMLSEC_ERRORS_NO_MESSAGE);
12269 + return(-1);
12272 + ctx = xmlSecNssSymKeyDataGetCtx(data);
12273 + xmlSecAssert2(ctx != NULL, -1);
12275 + /* Get slot */
12276 + slot = xmlSecNssSlotGet(ctx->cipher);
12277 + if( slot == NULL ) {
12278 + xmlSecError( XMLSEC_ERRORS_HERE ,
12279 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12280 + "xmlSecNssSlotGet" ,
12281 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
12282 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12283 + xmlSecKeyDataDestroy( data ) ;
12284 + return(-1) ;
12287 + /* Wrap the raw key value SECItem */
12288 + keyItem.type = siBuffer ;
12289 + keyItem.data = buf ;
12290 + keyItem.len = bufSize ;
12292 + /* Import the raw key into slot temporalily and get the key handler*/
12293 + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
12294 + if( symKey == NULL ) {
12295 + xmlSecError( XMLSEC_ERRORS_HERE ,
12296 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12297 + "PK11_ImportSymKey" ,
12298 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
12299 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12300 + PK11_FreeSlot( slot ) ;
12301 + xmlSecKeyDataDestroy( data ) ;
12302 + return(-1) ;
12305 + /* Adopt the symmetric key into key data */
12306 + ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
12307 + if(ret < 0) {
12308 + xmlSecError(XMLSEC_ERRORS_HERE,
12309 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12310 + "xmlSecKeyDataBinaryValueSetBuffer",
12311 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12312 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12313 + PK11_FreeSymKey( symKey ) ;
12314 + PK11_FreeSlot( slot ) ;
12315 + xmlSecKeyDataDestroy( data ) ;
12316 + return(-1);
12318 + /* symKey has been duplicated into data, it isn't used any more */
12319 + PK11_FreeSymKey( symKey ) ;
12320 + PK11_FreeSlot( slot ) ;
12322 + /* Check value */
12323 + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
12324 + xmlSecError(XMLSEC_ERRORS_HERE,
12325 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12326 + "xmlSecKeyReqMatchKeyValue",
12327 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12328 + XMLSEC_ERRORS_NO_MESSAGE);
12329 + xmlSecKeyDataDestroy( data ) ;
12330 + return(0);
12333 + ret = xmlSecKeySetValue(key, data);
12334 + if(ret < 0) {
12335 + xmlSecError(XMLSEC_ERRORS_HERE,
12336 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12337 + "xmlSecKeySetValue",
12338 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12339 + XMLSEC_ERRORS_NO_MESSAGE);
12340 + xmlSecKeyDataDestroy( data ) ;
12341 + return(-1);
12344 + return(0);
12347 static int
12348 xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
12349 - xmlSecByte** buf, xmlSecSize* bufSize,
12350 - xmlSecKeyInfoCtxPtr keyInfoCtx) {
12351 + xmlSecByte** buf, xmlSecSize* bufSize,
12352 + xmlSecKeyInfoCtxPtr keyInfoCtx) {
12353 + PK11SymKey* symKey ;
12355 xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
12356 + xmlSecAssert2(key != NULL, -1);
12357 + xmlSecAssert2(buf != NULL, -1);
12358 + xmlSecAssert2(bufSize != 0, -1);
12359 + xmlSecAssert2(keyInfoCtx != NULL, -1);
12361 + /* Get symmetric key from "key" */
12362 + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
12363 + if( symKey != NULL ) {
12364 + SECItem* keyItem ;
12366 + /* Extract raw key data from symmetric key */
12367 + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
12368 + xmlSecError(XMLSEC_ERRORS_HERE,
12369 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12370 + "PK11_ExtractKeyValue",
12371 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12372 + XMLSEC_ERRORS_NO_MESSAGE);
12373 + PK11_FreeSymKey( symKey ) ;
12374 + return(-1);
12377 + /* Get raw key data from "symKey" */
12378 + keyItem = PK11_GetKeyData( symKey ) ;
12379 + if(keyItem == NULL) {
12380 + xmlSecError(XMLSEC_ERRORS_HERE,
12381 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12382 + "PK11_GetKeyData",
12383 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12384 + XMLSEC_ERRORS_NO_MESSAGE);
12385 + PK11_FreeSymKey( symKey ) ;
12386 + return(-1);
12389 + *bufSize = keyItem->len;
12390 + *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
12391 + if( *buf == NULL ) {
12392 + xmlSecError(XMLSEC_ERRORS_HERE,
12393 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
12394 + NULL,
12395 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12396 + XMLSEC_ERRORS_NO_MESSAGE);
12397 + PK11_FreeSymKey( symKey ) ;
12398 + return(-1);
12401 + memcpy((*buf), keyItem->data, (*bufSize));
12402 + PK11_FreeSymKey( symKey ) ;
12405 - return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
12406 + return 0 ;
12409 static int
12410 xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
12411 - xmlSecBufferPtr buffer;
12413 + PK11SymKey* symkey ;
12414 + PK11SlotInfo* slot ;
12415 + xmlSecNssSymKeyDataCtxPtr ctx;
12416 + int ret;
12418 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
12419 xmlSecAssert2(sizeBits > 0, -1);
12421 - buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
12422 - xmlSecAssert2(buffer != NULL, -1);
12424 - return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
12425 + ctx = xmlSecNssSymKeyDataGetCtx(data);
12426 + xmlSecAssert2(ctx != NULL, -1);
12428 + if( sizeBits % 8 != 0 ) {
12429 + xmlSecError(XMLSEC_ERRORS_HERE,
12430 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
12431 + NULL,
12432 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
12433 + "Symmetric key size must be octuple");
12434 + return(-1);
12437 + /* Get slot */
12438 + slot = xmlSecNssSlotGet(ctx->cipher);
12439 + if( slot == NULL ) {
12440 + xmlSecError( XMLSEC_ERRORS_HERE ,
12441 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
12442 + "xmlSecNssSlotGet" ,
12443 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
12444 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12445 + return(-1) ;
12448 + if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
12449 + xmlSecError( XMLSEC_ERRORS_HERE ,
12450 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
12451 + "PK11_Authenticate" ,
12452 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
12453 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12454 + PK11_FreeSlot( slot ) ;
12455 + return -1 ;
12458 + symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
12459 + if( symkey == NULL ) {
12460 + xmlSecError( XMLSEC_ERRORS_HERE ,
12461 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
12462 + "PK11_KeyGen" ,
12463 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
12464 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12465 + PK11_FreeSlot( slot ) ;
12466 + return -1 ;
12469 + if( ctx->slot != NULL ) {
12470 + PK11_FreeSlot( ctx->slot ) ;
12471 + ctx->slot = NULL ;
12473 + ctx->slot = slot ;
12475 + if( ctx->symkey != NULL ) {
12476 + PK11_FreeSymKey( ctx->symkey ) ;
12477 + ctx->symkey = NULL ;
12479 + ctx->symkey = symkey ;
12481 + return 0 ;
12484 static xmlSecKeyDataType
12485 xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
12486 - xmlSecBufferPtr buffer;
12487 + xmlSecNssSymKeyDataCtxPtr context = NULL ;
12488 + xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
12490 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
12491 + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
12493 - buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
12494 - xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
12495 + context = xmlSecNssSymKeyDataGetCtx( data ) ;
12496 + if( context == NULL ) {
12497 + xmlSecError( XMLSEC_ERRORS_HERE ,
12498 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
12499 + "xmlSecNssSymKeyDataGetCtx" ,
12500 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
12501 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12502 + return xmlSecKeyDataTypeUnknown ;
12505 + if( context->symkey != NULL ) {
12506 + type |= xmlSecKeyDataTypeSymmetric ;
12507 + } else {
12508 + type |= xmlSecKeyDataTypeUnknown ;
12511 - return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
12512 + return type ;
12515 static xmlSecSize
12516 xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
12517 + xmlSecNssSymKeyDataCtxPtr context ;
12518 + unsigned int length = 0 ;
12520 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
12522 - return(xmlSecKeyDataBinaryValueGetSize(data));
12523 + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
12525 + context = xmlSecNssSymKeyDataGetCtx( data ) ;
12526 + if( context == NULL ) {
12527 + xmlSecError( XMLSEC_ERRORS_HERE ,
12528 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
12529 + "xmlSecNssSymKeyDataGetCtx" ,
12530 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
12531 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12532 + return 0 ;
12535 + if( context->symkey != NULL ) {
12536 + length = PK11_GetKeyLength( context->symkey ) ;
12537 + length *= 8 ;
12540 + return length ;
12543 static void
12544 xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
12545 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
12547 - xmlSecKeyDataBinaryValueDebugDump(data, output);
12548 + /* print only size, everything else is sensitive */
12549 + fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
12550 + xmlSecKeyDataGetSize(data)) ;
12553 static void
12554 xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
12555 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
12557 - xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
12558 + /* print only size, everything else is sensitive */
12559 + fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
12560 + xmlSecKeyDataGetSize(data)) ;
12563 static int
12564 xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
12565 #ifndef XMLSEC_NO_DES
12566 if(klass == xmlSecNssKeyDataDesId) {
12567 - return(1);
12568 + return(1);
12570 #endif /* XMLSEC_NO_DES */
12572 #ifndef XMLSEC_NO_AES
12573 if(klass == xmlSecNssKeyDataAesId) {
12574 - return(1);
12575 + return(1);
12577 #endif /* XMLSEC_NO_AES */
12579 #ifndef XMLSEC_NO_HMAC
12580 if(klass == xmlSecNssKeyDataHmacId) {
12581 - return(1);
12582 + return(1);
12584 #endif /* XMLSEC_NO_HMAC */
12586 @@ -199,42 +858,46 @@
12587 * <xmlsec:AESKeyValue> processing
12589 *************************************************************************/
12590 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
12591 +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
12592 +#else
12593 static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
12594 +#endif
12595 sizeof(xmlSecKeyDataKlass),
12596 - xmlSecKeyDataBinarySize,
12597 + xmlSecNssSymKeyDataSize,
12599 /* data */
12600 xmlSecNameAESKeyValue,
12601 xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
12602 - /* xmlSecKeyDataUsage usage; */
12603 - xmlSecHrefAESKeyValue, /* const xmlChar* href; */
12604 - xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
12605 - xmlSecNs, /* const xmlChar* dataNodeNs; */
12606 + /* xmlSecKeyDataUsage usage; */
12607 + xmlSecHrefAESKeyValue, /* const xmlChar* href; */
12608 + xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
12609 + xmlSecNs, /* const xmlChar* dataNodeNs; */
12611 /* constructors/destructor */
12612 - xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
12613 - xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
12614 - xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
12615 - xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
12616 + xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
12617 + xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
12618 + xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
12619 + xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
12621 /* get info */
12622 - xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
12623 - xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
12624 - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
12625 + xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
12626 + xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
12627 + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
12629 /* read/write */
12630 - xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
12631 - xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
12632 - xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
12633 - xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
12634 + xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
12635 + xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
12636 + xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
12637 + xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
12639 /* debug */
12640 - xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
12641 - xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
12642 + xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
12643 + xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
12645 /* reserved for the future */
12646 - NULL, /* void* reserved0; */
12647 - NULL, /* void* reserved1; */
12648 + NULL, /* void* reserved0; */
12649 + NULL, /* void* reserved1; */
12652 /**
12653 @@ -251,9 +914,9 @@
12656 * xmlSecNssKeyDataAesSet:
12657 - * @data: the pointer to AES key data.
12658 - * @buf: the pointer to key value.
12659 - * @bufSize: the key value size (in bytes).
12660 + * @data: the pointer to AES key data.
12661 + * @buf: the pointer to key value.
12662 + * @bufSize: the key value size (in bytes).
12664 * Sets the value of AES key data.
12666 @@ -280,42 +943,46 @@
12667 * <xmlsec:DESKeyValue> processing
12669 *************************************************************************/
12670 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
12671 +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
12672 +#else
12673 static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
12674 +#endif
12675 sizeof(xmlSecKeyDataKlass),
12676 - xmlSecKeyDataBinarySize,
12677 + xmlSecNssSymKeyDataSize,
12679 /* data */
12680 xmlSecNameDESKeyValue,
12681 xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
12682 - /* xmlSecKeyDataUsage usage; */
12683 - xmlSecHrefDESKeyValue, /* const xmlChar* href; */
12684 - xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
12685 - xmlSecNs, /* const xmlChar* dataNodeNs; */
12686 + /* xmlSecKeyDataUsage usage; */
12687 + xmlSecHrefDESKeyValue, /* const xmlChar* href; */
12688 + xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
12689 + xmlSecNs, /* const xmlChar* dataNodeNs; */
12691 /* constructors/destructor */
12692 - xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
12693 - xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
12694 - xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
12695 - xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
12696 + xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
12697 + xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
12698 + xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
12699 + xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
12701 /* get info */
12702 - xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
12703 - xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
12704 - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
12705 + xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
12706 + xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
12707 + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
12709 /* read/write */
12710 - xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
12711 - xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
12712 - xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
12713 - xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
12714 + xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
12715 + xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
12716 + xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
12717 + xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
12719 /* debug */
12720 - xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
12721 - xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
12722 + xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
12723 + xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
12725 /* reserved for the future */
12726 - NULL, /* void* reserved0; */
12727 - NULL, /* void* reserved1; */
12728 + NULL, /* void* reserved0; */
12729 + NULL, /* void* reserved1; */
12732 /**
12733 @@ -332,9 +999,9 @@
12736 * xmlSecNssKeyDataDesSet:
12737 - * @data: the pointer to DES key data.
12738 - * @buf: the pointer to key value.
12739 - * @bufSize: the key value size (in bytes).
12740 + * @data: the pointer to DES key data.
12741 + * @buf: the pointer to key value.
12742 + * @bufSize: the key value size (in bytes).
12744 * Sets the value of DES key data.
12746 @@ -362,42 +1029,46 @@
12747 * <xmlsec:HMACKeyValue> processing
12749 *************************************************************************/
12750 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
12751 +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
12752 +#else
12753 static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
12754 +#endif
12755 sizeof(xmlSecKeyDataKlass),
12756 - xmlSecKeyDataBinarySize,
12757 + xmlSecNssSymKeyDataSize,
12759 /* data */
12760 xmlSecNameHMACKeyValue,
12761 xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
12762 - /* xmlSecKeyDataUsage usage; */
12763 - xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
12764 - xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
12765 - xmlSecNs, /* const xmlChar* dataNodeNs; */
12766 + /* xmlSecKeyDataUsage usage; */
12767 + xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
12768 + xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
12769 + xmlSecNs, /* const xmlChar* dataNodeNs; */
12771 /* constructors/destructor */
12772 - xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
12773 - xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
12774 - xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
12775 - xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
12776 + xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
12777 + xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
12778 + xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
12779 + xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
12781 /* get info */
12782 - xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
12783 - xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
12784 - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
12785 + xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
12786 + xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
12787 + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
12789 /* read/write */
12790 - xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
12791 - xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
12792 - xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
12793 - xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
12794 + xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
12795 + xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
12796 + xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
12797 + xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
12799 /* debug */
12800 - xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
12801 - xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
12802 + xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
12803 + xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
12805 /* reserved for the future */
12806 - NULL, /* void* reserved0; */
12807 - NULL, /* void* reserved1; */
12808 + NULL, /* void* reserved0; */
12809 + NULL, /* void* reserved1; */
12812 /**
12813 @@ -414,9 +1085,9 @@
12816 * xmlSecNssKeyDataHmacSet:
12817 - * @data: the pointer to HMAC key data.
12818 - * @buf: the pointer to key value.
12819 - * @bufSize: the key value size (in bytes).
12820 + * @data: the pointer to HMAC key data.
12821 + * @buf: the pointer to key value.
12822 + * @bufSize: the key value size (in bytes).
12824 * Sets the value of HMAC key data.
12826 --- misc/xmlsec1-1.2.6/src/nss/tokens.c 2008-06-29 23:44:40.000000000 +0200
12827 +++ misc/build/xmlsec1-1.2.6/src/nss/tokens.c 2008-06-29 23:44:19.000000000 +0200
12828 @@ -1 +1,548 @@
12829 -dummy
12830 +/**
12831 + * XMLSec library
12833 + * This is free software; see Copyright file in the source
12834 + * distribution for preciese wording.
12836 + * Copyright..................................
12838 + * Contributor(s): _____________________________
12840 + */
12842 +/**
12843 + * In order to ensure that particular crypto operation is performed on
12844 + * particular crypto device, a subclass of xmlSecList is used to store slot and
12845 + * mechanism information.
12847 + * In the list, a slot is bound with a mechanism. If the mechanism is available,
12848 + * this mechanism only can perform on the slot; otherwise, it can perform on
12849 + * every eligibl slot in the list.
12851 + * When try to find a slot for a particular mechanism, the slot bound with
12852 + * avaliable mechanism will be looked up firstly.
12853 + */
12854 +#include "globals.h"
12855 +#include <string.h>
12857 +#include <xmlsec/xmlsec.h>
12858 +#include <xmlsec/errors.h>
12859 +#include <xmlsec/list.h>
12861 +#include <xmlsec/nss/tokens.h>
12863 +int
12864 +xmlSecNssKeySlotSetMechList(
12865 + xmlSecNssKeySlotPtr keySlot ,
12866 + CK_MECHANISM_TYPE_PTR mechanismList
12867 +) {
12868 + int counter ;
12870 + xmlSecAssert2( keySlot != NULL , -1 ) ;
12872 + if( keySlot->mechanismList != CK_NULL_PTR ) {
12873 + xmlFree( keySlot->mechanismList ) ;
12875 + for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
12876 + keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
12877 + if( keySlot->mechanismList == NULL ) {
12878 + xmlSecError( XMLSEC_ERRORS_HERE ,
12879 + NULL ,
12880 + NULL ,
12881 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
12882 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12883 + return( -1 );
12885 + for( ; counter >= 0 ; counter -- )
12886 + *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
12889 + return( 0 );
12892 +int
12893 +xmlSecNssKeySlotEnableMech(
12894 + xmlSecNssKeySlotPtr keySlot ,
12895 + CK_MECHANISM_TYPE mechanism
12896 +) {
12897 + int counter ;
12898 + CK_MECHANISM_TYPE_PTR newList ;
12900 + xmlSecAssert2( keySlot != NULL , -1 ) ;
12902 + if( mechanism != CKM_INVALID_MECHANISM ) {
12903 + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
12904 + newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
12905 + if( newList == NULL ) {
12906 + xmlSecError( XMLSEC_ERRORS_HERE ,
12907 + NULL ,
12908 + NULL ,
12909 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
12910 + XMLSEC_ERRORS_NO_MESSAGE ) ;
12911 + return( -1 );
12913 + *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
12914 + *( newList + counter ) = mechanism ;
12915 + for( counter -= 1 ; counter >= 0 ; counter -- )
12916 + *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
12918 + xmlFree( keySlot->mechanismList ) ;
12919 + keySlot->mechanismList = newList ;
12922 + return(0);
12925 +int
12926 +xmlSecNssKeySlotDisableMech(
12927 + xmlSecNssKeySlotPtr keySlot ,
12928 + CK_MECHANISM_TYPE mechanism
12929 +) {
12930 + int counter ;
12932 + xmlSecAssert2( keySlot != NULL , -1 ) ;
12934 + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
12935 + if( *( keySlot->mechanismList + counter ) == mechanism ) {
12936 + for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
12937 + *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
12940 + break ;
12944 + return(0);
12947 +CK_MECHANISM_TYPE_PTR
12948 +xmlSecNssKeySlotGetMechList(
12949 + xmlSecNssKeySlotPtr keySlot
12950 +) {
12951 + if( keySlot != NULL )
12952 + return keySlot->mechanismList ;
12953 + else
12954 + return NULL ;
12957 +int
12958 +xmlSecNssKeySlotSetSlot(
12959 + xmlSecNssKeySlotPtr keySlot ,
12960 + PK11SlotInfo* slot
12961 +) {
12962 + xmlSecAssert2( keySlot != NULL , -1 ) ;
12964 + if( slot != NULL && keySlot->slot != slot ) {
12965 + if( keySlot->slot != NULL )
12966 + PK11_FreeSlot( keySlot->slot ) ;
12968 + if( keySlot->mechanismList != NULL ) {
12969 + xmlFree( keySlot->mechanismList ) ;
12970 + keySlot->mechanismList = NULL ;
12973 + keySlot->slot = PK11_ReferenceSlot( slot ) ;
12976 + return(0);
12979 +int
12980 +xmlSecNssKeySlotInitialize(
12981 + xmlSecNssKeySlotPtr keySlot ,
12982 + PK11SlotInfo* slot
12983 +) {
12984 + xmlSecAssert2( keySlot != NULL , -1 ) ;
12985 + xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
12986 + xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
12988 + if( slot != NULL ) {
12989 + keySlot->slot = PK11_ReferenceSlot( slot ) ;
12992 + return(0);
12995 +void
12996 +xmlSecNssKeySlotFinalize(
12997 + xmlSecNssKeySlotPtr keySlot
12998 +) {
12999 + xmlSecAssert( keySlot != NULL ) ;
13001 + if( keySlot->mechanismList != NULL ) {
13002 + xmlFree( keySlot->mechanismList ) ;
13003 + keySlot->mechanismList = NULL ;
13006 + if( keySlot->slot != NULL ) {
13007 + PK11_FreeSlot( keySlot->slot ) ;
13008 + keySlot->slot = NULL ;
13013 +PK11SlotInfo*
13014 +xmlSecNssKeySlotGetSlot(
13015 + xmlSecNssKeySlotPtr keySlot
13016 +) {
13017 + if( keySlot != NULL )
13018 + return keySlot->slot ;
13019 + else
13020 + return NULL ;
13023 +xmlSecNssKeySlotPtr
13024 +xmlSecNssKeySlotCreate() {
13025 + xmlSecNssKeySlotPtr keySlot ;
13027 + /* Allocates a new xmlSecNssKeySlot and fill the fields */
13028 + keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
13029 + if( keySlot == NULL ) {
13030 + xmlSecError( XMLSEC_ERRORS_HERE ,
13031 + NULL ,
13032 + NULL ,
13033 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13034 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13035 + return( NULL );
13037 + memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
13039 + return( keySlot ) ;
13042 +int
13043 +xmlSecNssKeySlotCopy(
13044 + xmlSecNssKeySlotPtr newKeySlot ,
13045 + xmlSecNssKeySlotPtr keySlot
13046 +) {
13047 + CK_MECHANISM_TYPE_PTR mech ;
13048 + int counter ;
13050 + xmlSecAssert2( newKeySlot != NULL , -1 ) ;
13051 + xmlSecAssert2( keySlot != NULL , -1 ) ;
13053 + if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
13054 + if( newKeySlot->slot != NULL )
13055 + PK11_FreeSlot( newKeySlot->slot ) ;
13057 + newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
13060 + if( keySlot->mechanismList != CK_NULL_PTR ) {
13061 + xmlFree( newKeySlot->mechanismList ) ;
13063 + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
13064 + newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
13065 + if( newKeySlot->mechanismList == NULL ) {
13066 + xmlSecError( XMLSEC_ERRORS_HERE ,
13067 + NULL ,
13068 + NULL ,
13069 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13070 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13071 + return( -1 );
13073 + for( ; counter >= 0 ; counter -- )
13074 + *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
13077 + return( 0 );
13080 +xmlSecNssKeySlotPtr
13081 +xmlSecNssKeySlotDuplicate(
13082 + xmlSecNssKeySlotPtr keySlot
13083 +) {
13084 + xmlSecNssKeySlotPtr newKeySlot ;
13085 + int ret ;
13087 + xmlSecAssert2( keySlot != NULL , NULL ) ;
13089 + newKeySlot = xmlSecNssKeySlotCreate() ;
13090 + if( newKeySlot == NULL ) {
13091 + xmlSecError( XMLSEC_ERRORS_HERE ,
13092 + NULL ,
13093 + NULL ,
13094 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13095 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13096 + return( NULL );
13099 + if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
13100 + xmlSecError( XMLSEC_ERRORS_HERE ,
13101 + NULL ,
13102 + NULL ,
13103 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13104 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13105 + return( NULL );
13108 + return( newKeySlot );
13111 +void
13112 +xmlSecNssKeySlotDestroy(
13113 + xmlSecNssKeySlotPtr keySlot
13114 +) {
13115 + xmlSecAssert( keySlot != NULL ) ;
13117 + if( keySlot->mechanismList != NULL )
13118 + xmlFree( keySlot->mechanismList ) ;
13120 + if( keySlot->slot != NULL )
13121 + PK11_FreeSlot( keySlot->slot ) ;
13123 + xmlFree( keySlot ) ;
13126 +int
13127 +xmlSecNssKeySlotBindMech(
13128 + xmlSecNssKeySlotPtr keySlot ,
13129 + CK_MECHANISM_TYPE type
13130 +) {
13131 + int counter ;
13133 + xmlSecAssert2( keySlot != NULL , 0 ) ;
13134 + xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
13135 + xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
13137 + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
13138 + if( *( keySlot->mechanismList + counter ) == type )
13139 + return(1) ;
13142 + return( 0 ) ;
13145 +int
13146 +xmlSecNssKeySlotSupportMech(
13147 + xmlSecNssKeySlotPtr keySlot ,
13148 + CK_MECHANISM_TYPE type
13149 +) {
13150 + xmlSecAssert2( keySlot != NULL , 0 ) ;
13151 + xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
13152 + xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
13154 + if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
13155 + return(1);
13156 + } else
13157 + return(0);
13160 +void
13161 +xmlSecNssKeySlotDebugDump(
13162 + xmlSecNssKeySlotPtr keySlot ,
13163 + FILE* output
13164 +) {
13165 + xmlSecAssert( keySlot != NULL ) ;
13166 + xmlSecAssert( output != NULL ) ;
13168 + fprintf( output, "== KEY SLOT\n" );
13171 +void
13172 +xmlSecNssKeySlotDebugXmlDump(
13173 + xmlSecNssKeySlotPtr keySlot ,
13174 + FILE* output
13175 +) {
13178 +/**
13179 + * Key Slot List
13180 + */
13181 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
13182 +static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
13183 +#else
13184 +static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
13185 +#endif
13186 + BAD_CAST "mechanism-list",
13187 + (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
13188 + (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
13189 + (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
13190 + (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
13193 +xmlSecPtrListId
13194 +xmlSecNssKeySlotListGetKlass(void) {
13195 + return(&xmlSecNssKeySlotPtrListKlass);
13199 +/*-
13200 + * Global PKCS#11 crypto token repository -- Key slot list
13201 + */
13202 +static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
13204 +PK11SlotInfo*
13205 +xmlSecNssSlotGet(
13206 + CK_MECHANISM_TYPE type
13207 +) {
13208 + PK11SlotInfo* slot = NULL ;
13209 + xmlSecNssKeySlotPtr keySlot ;
13210 + xmlSecSize ksSize ;
13211 + xmlSecSize ksPos ;
13212 + char flag ;
13214 + if( _xmlSecNssKeySlotList == NULL ) {
13215 + slot = PK11_GetBestSlot( type , NULL ) ;
13216 + } else {
13217 + ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
13219 + /*-
13220 + * Firstly, checking whether the mechanism is bound with a special slot.
13221 + * If no bound slot, we try to find the first eligible slot in the list.
13222 + */
13223 + for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
13224 + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
13225 + if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
13226 + slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
13227 + flag = 2 ;
13228 + } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
13229 + slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
13230 + flag = 1 ;
13233 + if( flag == 2 )
13234 + break ;
13236 + if( slot != NULL )
13237 + slot = PK11_ReferenceSlot( slot ) ;
13240 + if( slot != NULL && PK11_NeedLogin( slot ) ) {
13241 + if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
13242 + xmlSecError( XMLSEC_ERRORS_HERE ,
13243 + NULL ,
13244 + NULL ,
13245 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13246 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13247 + PK11_FreeSlot( slot ) ;
13248 + return( NULL );
13252 + return slot ;
13255 +int
13256 +xmlSecNssSlotInitialize(
13257 + void
13258 +) {
13259 + if( _xmlSecNssKeySlotList != NULL ) {
13260 + xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
13261 + _xmlSecNssKeySlotList = NULL ;
13264 + _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
13265 + if( _xmlSecNssKeySlotList == NULL ) {
13266 + xmlSecError( XMLSEC_ERRORS_HERE ,
13267 + NULL ,
13268 + NULL ,
13269 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13270 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13271 + return( -1 );
13274 + return(0);
13277 +void
13278 +xmlSecNssSlotShutdown(
13279 + void
13280 +) {
13281 + if( _xmlSecNssKeySlotList != NULL ) {
13282 + xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
13283 + _xmlSecNssKeySlotList = NULL ;
13287 +int
13288 +xmlSecNssSlotAdopt(
13289 + PK11SlotInfo* slot,
13290 + CK_MECHANISM_TYPE type
13291 +) {
13292 + xmlSecNssKeySlotPtr keySlot ;
13293 + xmlSecSize ksSize ;
13294 + xmlSecSize ksPos ;
13295 + char flag ;
13297 + xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
13298 + xmlSecAssert2( slot != NULL, -1 ) ;
13300 + ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
13302 + /*-
13303 + * Firstly, checking whether the slot is in the repository already.
13304 + */
13305 + flag = 0 ;
13306 + for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
13307 + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
13308 + /* If find the slot in the list */
13309 + if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
13310 + /* If mechnism type is valid, bind the slot with the mechanism */
13311 + if( type != CKM_INVALID_MECHANISM ) {
13312 + if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
13313 + xmlSecError( XMLSEC_ERRORS_HERE ,
13314 + NULL ,
13315 + NULL ,
13316 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13317 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13318 + return(-1);
13322 + flag = 1 ;
13326 + /* If the slot do not in the list, add a new item to the list */
13327 + if( flag == 0 ) {
13328 + /* Create a new KeySlot */
13329 + keySlot = xmlSecNssKeySlotCreate() ;
13330 + if( keySlot == NULL ) {
13331 + xmlSecError( XMLSEC_ERRORS_HERE ,
13332 + NULL ,
13333 + NULL ,
13334 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13335 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13336 + return(-1);
13339 + /* Initialize the keySlot with a slot */
13340 + if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
13341 + xmlSecError( XMLSEC_ERRORS_HERE ,
13342 + NULL ,
13343 + NULL ,
13344 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13345 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13346 + xmlSecNssKeySlotDestroy( keySlot ) ;
13347 + return(-1);
13350 + /* If mechnism type is valid, bind the slot with the mechanism */
13351 + if( type != CKM_INVALID_MECHANISM ) {
13352 + if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
13353 + xmlSecError( XMLSEC_ERRORS_HERE ,
13354 + NULL ,
13355 + NULL ,
13356 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13357 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13358 + xmlSecNssKeySlotDestroy( keySlot ) ;
13359 + return(-1);
13363 + /* Add keySlot into the list */
13364 + if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
13365 + xmlSecError( XMLSEC_ERRORS_HERE ,
13366 + NULL ,
13367 + NULL ,
13368 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
13369 + XMLSEC_ERRORS_NO_MESSAGE ) ;
13370 + xmlSecNssKeySlotDestroy( keySlot ) ;
13371 + return(-1);
13375 + return(0);
13378 --- misc/xmlsec1-1.2.6/src/nss/x509.c 2003-09-26 05:53:09.000000000 +0200
13379 +++ misc/build/xmlsec1-1.2.6/src/nss/x509.c 2008-06-29 23:44:19.000000000 +0200
13380 @@ -34,7 +34,6 @@
13381 #include <xmlsec/keys.h>
13382 #include <xmlsec/keyinfo.h>
13383 #include <xmlsec/keysmngr.h>
13384 -#include <xmlsec/x509.h>
13385 #include <xmlsec/base64.h>
13386 #include <xmlsec/errors.h>
13388 @@ -61,37 +60,21 @@
13389 static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
13390 xmlNodePtr node,
13391 xmlSecKeyInfoCtxPtr keyInfoCtx);
13392 -static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
13393 - xmlNodePtr node,
13394 - xmlSecKeyInfoCtxPtr keyInfoCtx);
13395 static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
13396 xmlNodePtr node,
13397 xmlSecKeyInfoCtxPtr keyInfoCtx);
13398 -static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
13399 - xmlNodePtr node,
13400 - xmlSecKeyInfoCtxPtr keyInfoCtx);
13401 static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
13402 xmlNodePtr node,
13403 xmlSecKeyInfoCtxPtr keyInfoCtx);
13404 -static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
13405 - xmlNodePtr node,
13406 - xmlSecKeyInfoCtxPtr keyInfoCtx);
13407 static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
13408 xmlNodePtr node,
13409 xmlSecKeyInfoCtxPtr keyInfoCtx);
13410 -static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
13411 - xmlNodePtr node,
13412 - xmlSecKeyInfoCtxPtr keyInfoCtx);
13413 static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
13414 xmlNodePtr node,
13415 xmlSecKeyInfoCtxPtr keyInfoCtx);
13416 -static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
13417 - xmlNodePtr node,
13418 - xmlSecKeyInfoCtxPtr keyInfoCtx);
13419 static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
13420 xmlSecKeyPtr key,
13421 xmlSecKeyInfoCtxPtr keyInfoCtx);
13423 static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf,
13424 xmlSecSize size);
13425 static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf);
13426 @@ -104,9 +87,6 @@
13427 xmlSecKeyInfoCtxPtr keyInfoCtx);
13428 static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
13429 int base64LineWrap);
13430 -static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
13431 -static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
13432 -static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
13433 static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
13434 FILE* output);
13435 static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
13436 @@ -254,7 +234,11 @@
13440 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
13441 +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = {
13442 +#else
13443 static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = {
13444 +#endif
13445 sizeof(xmlSecKeyDataKlass),
13446 xmlSecNssX509DataSize,
13448 @@ -378,7 +362,7 @@
13449 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
13450 "CERT_NewCertList",
13451 XMLSEC_ERRORS_R_CRYPTO_FAILED,
13452 - XMLSEC_ERRORS_NO_MESSAGE);
13453 + "error code=%d", PORT_GetError());
13454 return(-1);
13457 @@ -389,7 +373,7 @@
13458 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
13459 "CERT_AddCertToListTail",
13460 XMLSEC_ERRORS_R_CRYPTO_FAILED,
13461 - XMLSEC_ERRORS_NO_MESSAGE);
13462 + "error code=%d", PORT_GetError());
13463 return(-1);
13465 ctx->numCerts++;
13466 @@ -588,7 +572,7 @@
13467 xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
13468 "CERT_DupCertificate",
13469 XMLSEC_ERRORS_R_CRYPTO_FAILED,
13470 - XMLSEC_ERRORS_NO_MESSAGE);
13471 + "error code=%d", PORT_GetError());
13472 return(-1);
13475 @@ -627,7 +611,7 @@
13476 xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
13477 "SEC_DupCrl",
13478 XMLSEC_ERRORS_R_CRYPTO_FAILED,
13479 - XMLSEC_ERRORS_NO_MESSAGE);
13480 + "error code=%d", PORT_GetError());
13481 return(-1);
13484 @@ -652,7 +636,7 @@
13485 xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
13486 "CERT_DupCertificate",
13487 XMLSEC_ERRORS_R_CRYPTO_FAILED,
13488 - XMLSEC_ERRORS_NO_MESSAGE);
13489 + "error code=%d", PORT_GetError());
13490 return(-1);
13492 ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
13493 @@ -752,31 +736,22 @@
13494 xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
13495 xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
13496 xmlSecKeyDataPtr data;
13497 + xmlNodePtr cur;
13498 + xmlChar* buf;
13499 CERTCertificate* cert;
13500 CERTSignedCrl* crl;
13501 xmlSecSize size, pos;
13502 - int content = 0;
13503 - int ret;
13505 xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
13506 xmlSecAssert2(key != NULL, -1);
13507 xmlSecAssert2(node != NULL, -1);
13508 xmlSecAssert2(keyInfoCtx != NULL, -1);
13510 - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
13511 - if (content < 0) {
13512 - xmlSecError(XMLSEC_ERRORS_HERE,
13513 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13514 - "xmlSecX509DataGetNodeContent",
13515 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13516 - "content=%d", content);
13517 - return(-1);
13518 - } else if(content == 0) {
13519 - /* by default we are writing certificates and crls */
13520 - content = XMLSEC_X509DATA_DEFAULT;
13521 + /* todo: flag in ctx remove all existing content */
13522 + if(0) {
13523 + xmlNodeSetContent(node, NULL);
13526 - /* get x509 data */
13527 data = xmlSecKeyGetData(key, id);
13528 if(data == NULL) {
13529 /* no x509 data in the key */
13530 @@ -795,80 +770,75 @@
13531 "pos=%d", pos);
13532 return(-1);
13535 - if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
13536 - ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
13537 - if(ret < 0) {
13538 - xmlSecError(XMLSEC_ERRORS_HERE,
13539 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13540 - "xmlSecNssX509CertificateNodeWrite",
13541 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13542 - "pos=%d", pos);
13543 - return(-1);
13546 + /* set base64 lines size from context */
13547 + buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
13548 + if(buf == NULL) {
13549 + xmlSecError(XMLSEC_ERRORS_HERE,
13550 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13551 + "xmlSecNssX509CertBase64DerWrite",
13552 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
13553 + XMLSEC_ERRORS_NO_MESSAGE);
13554 + return(-1);
13557 - if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
13558 - ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
13559 - if(ret < 0) {
13560 - xmlSecError(XMLSEC_ERRORS_HERE,
13561 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13562 - "xmlSecNssX509SubjectNameNodeWrite",
13563 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13564 - "pos=%d", pos);
13565 - return(-1);
13568 + cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
13569 + if(cur == NULL) {
13570 + xmlSecError(XMLSEC_ERRORS_HERE,
13571 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13572 + "xmlSecAddChild",
13573 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
13574 + "node=%s",
13575 + xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
13576 + xmlFree(buf);
13577 + return(-1);
13579 + /* todo: add \n around base64 data - from context */
13580 + /* todo: add errors check */
13581 + xmlNodeSetContent(cur, xmlSecStringCR);
13582 + xmlNodeSetContent(cur, buf);
13583 + xmlFree(buf);
13584 + }
13586 - if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
13587 - ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
13588 - if(ret < 0) {
13589 - xmlSecError(XMLSEC_ERRORS_HERE,
13590 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13591 - "xmlSecNssX509IssuerSerialNodeWrite",
13592 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13593 - "pos=%d", pos);
13594 - return(-1);
13597 + /* write crls */
13598 + size = xmlSecNssKeyDataX509GetCrlsSize(data);
13599 + for(pos = 0; pos < size; ++pos) {
13600 + crl = xmlSecNssKeyDataX509GetCrl(data, pos);
13601 + if(crl == NULL) {
13602 + xmlSecError(XMLSEC_ERRORS_HERE,
13603 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13604 + "xmlSecNssKeyDataX509GetCrl",
13605 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
13606 + "pos=%d", pos);
13607 + return(-1);
13610 - if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
13611 - ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
13612 - if(ret < 0) {
13613 - xmlSecError(XMLSEC_ERRORS_HERE,
13614 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13615 - "xmlSecNssX509SKINodeWrite",
13616 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13617 - "pos=%d", pos);
13618 - return(-1);
13621 - }
13622 + /* set base64 lines size from context */
13623 + buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
13624 + if(buf == NULL) {
13625 + xmlSecError(XMLSEC_ERRORS_HERE,
13626 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13627 + "xmlSecNssX509CrlBase64DerWrite",
13628 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
13629 + XMLSEC_ERRORS_NO_MESSAGE);
13630 + return(-1);
13633 - /* write crls if needed */
13634 - if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
13635 - size = xmlSecNssKeyDataX509GetCrlsSize(data);
13636 - for(pos = 0; pos < size; ++pos) {
13637 - crl = xmlSecNssKeyDataX509GetCrl(data, pos);
13638 - if(crl == NULL) {
13639 - xmlSecError(XMLSEC_ERRORS_HERE,
13640 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13641 - "xmlSecNssKeyDataX509GetCrl",
13642 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13643 - "pos=%d", pos);
13644 - return(-1);
13647 - ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
13648 - if(ret < 0) {
13649 - xmlSecError(XMLSEC_ERRORS_HERE,
13650 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13651 - "xmlSecNssX509CRLNodeWrite",
13652 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13653 - "pos=%d", pos);
13654 - return(-1);
13657 + cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
13658 + if(cur == NULL) {
13659 + xmlSecError(XMLSEC_ERRORS_HERE,
13660 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
13661 + "xmlSecAddChild",
13662 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
13663 + "new_node=%s",
13664 + xmlSecErrorsSafeString(xmlSecNodeX509CRL));
13665 + xmlFree(buf);
13666 + return(-1);
13668 + /* todo: add \n around base64 data - from context */
13669 + /* todo: add errors check */
13670 + xmlNodeSetContent(cur, xmlSecStringCR);
13671 + xmlNodeSetContent(cur, buf);
13674 return(0);
13675 @@ -1015,19 +985,13 @@
13676 xmlSecAssert2(keyInfoCtx != NULL, -1);
13678 content = xmlNodeGetContent(node);
13679 - if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
13680 - if(content != NULL) {
13681 - xmlFree(content);
13683 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
13684 - xmlSecError(XMLSEC_ERRORS_HERE,
13685 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
13686 - xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
13687 - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
13688 - XMLSEC_ERRORS_NO_MESSAGE);
13689 - return(-1);
13691 - return(0);
13692 + if(content == NULL){
13693 + xmlSecError(XMLSEC_ERRORS_HERE,
13694 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
13695 + xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
13696 + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
13697 + XMLSEC_ERRORS_NO_MESSAGE);
13698 + return(-1);
13701 cert = xmlSecNssX509CertBase64DerRead(content);
13702 @@ -1057,46 +1021,6 @@
13703 return(0);
13706 -static int
13707 -xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
13708 - xmlChar* buf;
13709 - xmlNodePtr cur;
13711 - xmlSecAssert2(cert != NULL, -1);
13712 - xmlSecAssert2(node != NULL, -1);
13713 - xmlSecAssert2(keyInfoCtx != NULL, -1);
13715 - /* set base64 lines size from context */
13716 - buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
13717 - if(buf == NULL) {
13718 - xmlSecError(XMLSEC_ERRORS_HERE,
13719 - NULL,
13720 - "xmlSecNssX509CertBase64DerWrite",
13721 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13722 - XMLSEC_ERRORS_NO_MESSAGE);
13723 - return(-1);
13726 - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
13727 - if(cur == NULL) {
13728 - xmlSecError(XMLSEC_ERRORS_HERE,
13729 - NULL,
13730 - "xmlSecAddChild",
13731 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13732 - "node=%s",
13733 - xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
13734 - xmlFree(buf);
13735 - return(-1);
13738 - /* todo: add \n around base64 data - from context */
13739 - /* todo: add errors check */
13740 - xmlNodeSetContent(cur, xmlSecStringCR);
13741 - xmlNodeSetContent(cur, buf);
13742 - xmlFree(buf);
13743 - return(0);
13746 static int
13747 xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
13748 xmlSecKeyDataStorePtr x509Store;
13749 @@ -1120,19 +1044,13 @@
13752 subject = xmlNodeGetContent(node);
13753 - if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
13754 - if(subject != NULL) {
13755 - xmlFree(subject);
13757 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
13758 - xmlSecError(XMLSEC_ERRORS_HERE,
13759 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
13760 - xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
13761 - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
13762 - XMLSEC_ERRORS_NO_MESSAGE);
13763 - return(-1);
13765 - return(0);
13766 + if(subject == NULL) {
13767 + xmlSecError(XMLSEC_ERRORS_HERE,
13768 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
13769 + xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
13770 + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
13771 + XMLSEC_ERRORS_NO_MESSAGE);
13772 + return(-1);
13775 cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
13776 @@ -1167,40 +1085,6 @@
13777 return(0);
13780 -static int
13781 -xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
13782 - xmlChar* buf = NULL;
13783 - xmlNodePtr cur = NULL;
13785 - xmlSecAssert2(cert != NULL, -1);
13786 - xmlSecAssert2(node != NULL, -1);
13788 - buf = xmlSecNssX509NameWrite(&(cert->subject));
13789 - if(buf == NULL) {
13790 - xmlSecError(XMLSEC_ERRORS_HERE,
13791 - NULL,
13792 - "xmlSecNssX509NameWrite(&(cert->subject))",
13793 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13794 - XMLSEC_ERRORS_NO_MESSAGE);
13795 - return(-1);
13798 - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
13799 - if(cur == NULL) {
13800 - xmlSecError(XMLSEC_ERRORS_HERE,
13801 - NULL,
13802 - "xmlSecAddChild",
13803 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13804 - "node=%s",
13805 - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
13806 - xmlFree(buf);
13807 - return(-1);
13809 - xmlNodeSetContent(cur, buf);
13810 - xmlFree(buf);
13811 - return(0);
13814 static int
13815 xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
13816 xmlSecKeyDataStorePtr x509Store;
13817 @@ -1226,21 +1110,9 @@
13820 cur = xmlSecGetNextElementNode(node->children);
13821 - if(cur == NULL) {
13822 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
13823 - xmlSecError(XMLSEC_ERRORS_HERE,
13824 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
13825 - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
13826 - XMLSEC_ERRORS_R_NODE_NOT_FOUND,
13827 - "node=%s",
13828 - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
13829 - return(-1);
13831 - return(0);
13835 /* the first is required node X509IssuerName */
13836 - if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
13837 + if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
13838 xmlSecError(XMLSEC_ERRORS_HERE,
13839 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
13840 xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
13841 @@ -1332,78 +1204,6 @@
13842 return(0);
13845 -static int
13846 -xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
13847 - xmlNodePtr cur;
13848 - xmlNodePtr issuerNameNode;
13849 - xmlNodePtr issuerNumberNode;
13850 - xmlChar* buf;
13852 - xmlSecAssert2(cert != NULL, -1);
13853 - xmlSecAssert2(node != NULL, -1);
13855 - /* create xml nodes */
13856 - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
13857 - if(cur == NULL) {
13858 - xmlSecError(XMLSEC_ERRORS_HERE,
13859 - NULL,
13860 - "xmlSecAddChild",
13861 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13862 - "node=%s",
13863 - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
13864 - return(-1);
13867 - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
13868 - if(issuerNameNode == NULL) {
13869 - xmlSecError(XMLSEC_ERRORS_HERE,
13870 - NULL,
13871 - "xmlSecAddChild",
13872 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13873 - "node=%s",
13874 - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
13875 - return(-1);
13878 - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
13879 - if(issuerNumberNode == NULL) {
13880 - xmlSecError(XMLSEC_ERRORS_HERE,
13881 - NULL,
13882 - "xmlSecAddChild",
13883 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13884 - "node=%s",
13885 - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
13886 - return(-1);
13889 - /* write data */
13890 - buf = xmlSecNssX509NameWrite(&(cert->issuer));
13891 - if(buf == NULL) {
13892 - xmlSecError(XMLSEC_ERRORS_HERE,
13893 - NULL,
13894 - "xmlSecNssX509NameWrite(&(cert->issuer))",
13895 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13896 - XMLSEC_ERRORS_NO_MESSAGE);
13897 - return(-1);
13899 - xmlNodeSetContent(issuerNameNode, buf);
13900 - xmlFree(buf);
13902 - buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
13903 - if(buf == NULL) {
13904 - xmlSecError(XMLSEC_ERRORS_HERE,
13905 - NULL,
13906 - "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
13907 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13908 - XMLSEC_ERRORS_NO_MESSAGE);
13909 - return(-1);
13911 - xmlNodeSetContent(issuerNumberNode, buf);
13912 - xmlFree(buf);
13914 - return(0);
13917 static int
13918 xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
13919 xmlSecKeyDataStorePtr x509Store;
13920 @@ -1427,20 +1227,14 @@
13923 ski = xmlNodeGetContent(node);
13924 - if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
13925 - if(ski != NULL) {
13926 - xmlFree(ski);
13928 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
13929 - xmlSecError(XMLSEC_ERRORS_HERE,
13930 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
13931 - xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
13932 - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
13933 - "node=%s",
13934 - xmlSecErrorsSafeString(xmlSecNodeX509SKI));
13935 - return(-1);
13937 - return(0);
13938 + if(ski == NULL) {
13939 + xmlSecError(XMLSEC_ERRORS_HERE,
13940 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
13941 + xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
13942 + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
13943 + "node=%s",
13944 + xmlSecErrorsSafeString(xmlSecNodeX509SKI));
13945 + return(-1);
13948 cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
13949 @@ -1475,41 +1269,6 @@
13950 return(0);
13953 -static int
13954 -xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
13955 - xmlChar *buf = NULL;
13956 - xmlNodePtr cur = NULL;
13958 - xmlSecAssert2(cert != NULL, -1);
13959 - xmlSecAssert2(node != NULL, -1);
13961 - buf = xmlSecNssX509SKIWrite(cert);
13962 - if(buf == NULL) {
13963 - xmlSecError(XMLSEC_ERRORS_HERE,
13964 - NULL,
13965 - "xmlSecNssX509SKIWrite",
13966 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13967 - XMLSEC_ERRORS_NO_MESSAGE);
13968 - return(-1);
13971 - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
13972 - if(cur == NULL) {
13973 - xmlSecError(XMLSEC_ERRORS_HERE,
13974 - NULL,
13975 - "xmlSecAddChild",
13976 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
13977 - "new_node=%s",
13978 - xmlSecErrorsSafeString(xmlSecNodeX509SKI));
13979 - xmlFree(buf);
13980 - return(-1);
13982 - xmlNodeSetContent(cur, buf);
13983 - xmlFree(buf);
13985 - return(0);
13988 static int
13989 xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
13990 xmlChar *content;
13991 @@ -1520,19 +1279,13 @@
13992 xmlSecAssert2(keyInfoCtx != NULL, -1);
13994 content = xmlNodeGetContent(node);
13995 - if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
13996 - if(content != NULL) {
13997 - xmlFree(content);
13999 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
14000 - xmlSecError(XMLSEC_ERRORS_HERE,
14001 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
14002 - xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
14003 - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
14004 - XMLSEC_ERRORS_NO_MESSAGE);
14005 - return(-1);
14007 - return(0);
14008 + if(content == NULL){
14009 + xmlSecError(XMLSEC_ERRORS_HERE,
14010 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
14011 + xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
14012 + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
14013 + XMLSEC_ERRORS_NO_MESSAGE);
14014 + return(-1);
14017 crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
14018 @@ -1552,47 +1305,6 @@
14021 static int
14022 -xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
14023 - xmlChar* buf = NULL;
14024 - xmlNodePtr cur = NULL;
14026 - xmlSecAssert2(crl != NULL, -1);
14027 - xmlSecAssert2(node != NULL, -1);
14028 - xmlSecAssert2(keyInfoCtx != NULL, -1);
14030 - /* set base64 lines size from context */
14031 - buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
14032 - if(buf == NULL) {
14033 - xmlSecError(XMLSEC_ERRORS_HERE,
14034 - NULL,
14035 - "xmlSecNssX509CrlBase64DerWrite",
14036 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14037 - XMLSEC_ERRORS_NO_MESSAGE);
14038 - return(-1);
14041 - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
14042 - if(cur == NULL) {
14043 - xmlSecError(XMLSEC_ERRORS_HERE,
14044 - NULL,
14045 - "xmlSecAddChild",
14046 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14047 - "new_node=%s",
14048 - xmlSecErrorsSafeString(xmlSecNodeX509CRL));
14049 - xmlFree(buf);
14050 - return(-1);
14052 - /* todo: add \n around base64 data - from context */
14053 - /* todo: add errors check */
14054 - xmlNodeSetContent(cur, xmlSecStringCR);
14055 - xmlNodeSetContent(cur, buf);
14056 - xmlFree(buf);
14058 - return(0);
14062 -static int
14063 xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
14064 xmlSecKeyInfoCtxPtr keyInfoCtx) {
14065 xmlSecNssX509DataCtxPtr ctx;
14066 @@ -1600,6 +1312,10 @@
14067 int ret;
14068 SECStatus status;
14069 PRTime notBefore, notAfter;
14071 + PK11SlotInfo* slot ;
14072 + SECKEYPublicKey *pubKey = NULL;
14073 + SECKEYPrivateKey *priKey = NULL;
14075 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
14076 xmlSecAssert2(key != NULL, -1);
14077 @@ -1632,10 +1348,13 @@
14078 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
14079 "CERT_DupCertificate",
14080 XMLSEC_ERRORS_R_CRYPTO_FAILED,
14081 - XMLSEC_ERRORS_NO_MESSAGE);
14082 + "error code=%d", PORT_GetError());
14083 return(-1);
14086 + /*-
14087 + * Get Public key from cert, which does not always work for sign action.
14089 keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
14090 if(keyValue == NULL) {
14091 xmlSecError(XMLSEC_ERRORS_HERE,
14092 @@ -1645,6 +1364,54 @@
14093 XMLSEC_ERRORS_NO_MESSAGE);
14094 return(-1);
14096 + */
14098 + /*-
14099 + * I'll search key according to KeyReq.
14100 + */
14101 + slot = cert->slot ;
14102 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
14103 + if( ( priKey = PK11_FindKeyByAnyCert( cert , NULL ) ) == NULL ) {
14104 + xmlSecError( XMLSEC_ERRORS_HERE ,
14105 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
14106 + "PK11_FindPrivateKeyFromCert" ,
14107 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
14108 + XMLSEC_ERRORS_NO_MESSAGE ) ;
14109 + return -1 ;
14113 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
14114 + if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
14115 + xmlSecError( XMLSEC_ERRORS_HERE ,
14116 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
14117 + "CERT_ExtractPublicKey" ,
14118 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
14119 + XMLSEC_ERRORS_NO_MESSAGE ) ;
14121 + if( priKey != NULL )
14122 + SECKEY_DestroyPrivateKey( priKey ) ;
14123 + return -1 ;
14127 + keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
14128 + if( keyValue == NULL ) {
14129 + xmlSecError( XMLSEC_ERRORS_HERE ,
14130 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
14131 + "xmlSecNssPKIAdoptKey" ,
14132 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
14133 + XMLSEC_ERRORS_NO_MESSAGE ) ;
14135 + if( priKey != NULL )
14136 + SECKEY_DestroyPrivateKey( priKey ) ;
14138 + if( pubKey != NULL )
14139 + SECKEY_DestroyPublicKey( pubKey ) ;
14141 + return -1 ;
14143 + /* Modify keyValue get Done */
14145 /* verify that the key matches our expectations */
14146 if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
14147 @@ -1725,14 +1492,6 @@
14148 return(0);
14151 -/**
14152 - * xmlSecNssX509CertGetKey:
14153 - * @cert: the certificate.
14154 - *
14155 - * Extracts public key from the @cert.
14157 - * Returns public key value or NULL if an error occurs.
14158 - */
14159 xmlSecKeyDataPtr
14160 xmlSecNssX509CertGetKey(CERTCertificate* cert) {
14161 xmlSecKeyDataPtr data;
14162 @@ -1746,7 +1505,7 @@
14163 NULL,
14164 "CERT_ExtractPublicKey",
14165 XMLSEC_ERRORS_R_CRYPTO_FAILED,
14166 - XMLSEC_ERRORS_NO_MESSAGE);
14167 + "error code=%d", PORT_GetError());
14168 return(NULL);
14171 @@ -1804,7 +1563,7 @@
14172 NULL,
14173 "__CERT_NewTempCertificate",
14174 XMLSEC_ERRORS_R_CRYPTO_FAILED,
14175 - XMLSEC_ERRORS_NO_MESSAGE);
14176 + "error code=%d", PORT_GetError());
14177 return(NULL);
14180 @@ -1827,7 +1586,7 @@
14181 NULL,
14182 "cert->derCert",
14183 XMLSEC_ERRORS_R_CRYPTO_FAILED,
14184 - XMLSEC_ERRORS_NO_MESSAGE);
14185 + "error code=%d", PORT_GetError());
14186 return(NULL);
14189 @@ -1890,7 +1649,7 @@
14190 NULL,
14191 "PK11_GetInternalKeySlot",
14192 XMLSEC_ERRORS_R_CRYPTO_FAILED,
14193 - XMLSEC_ERRORS_NO_MESSAGE);
14194 + "error code=%d", PORT_GetError());
14195 return NULL;
14198 @@ -1905,7 +1664,7 @@
14199 NULL,
14200 "PK11_ImportCRL",
14201 XMLSEC_ERRORS_R_CRYPTO_FAILED,
14202 - XMLSEC_ERRORS_NO_MESSAGE);
14203 + "error code=%d", PORT_GetError());
14204 PK11_FreeSlot(slot);
14205 return(NULL);
14207 @@ -1929,7 +1688,7 @@
14208 NULL,
14209 "crl->derCrl",
14210 XMLSEC_ERRORS_R_CRYPTO_FAILED,
14211 - XMLSEC_ERRORS_NO_MESSAGE);
14212 + "error code=%d", PORT_GetError());
14213 return(NULL);
14216 @@ -1946,86 +1705,6 @@
14217 return(res);
14220 -static xmlChar*
14221 -xmlSecNssX509NameWrite(CERTName* nm) {
14222 - xmlChar *res = NULL;
14223 - char *str;
14225 - xmlSecAssert2(nm != NULL, NULL);
14227 - str = CERT_NameToAscii(nm);
14228 - if (str == NULL) {
14229 - xmlSecError(XMLSEC_ERRORS_HERE,
14230 - NULL,
14231 - "CERT_NameToAscii",
14232 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
14233 - XMLSEC_ERRORS_NO_MESSAGE);
14234 - return(NULL);
14237 - res = xmlStrdup(BAD_CAST str);
14238 - if(res == NULL) {
14239 - xmlSecError(XMLSEC_ERRORS_HERE,
14240 - NULL,
14241 - "xmlStrdup",
14242 - XMLSEC_ERRORS_R_MALLOC_FAILED,
14243 - XMLSEC_ERRORS_NO_MESSAGE);
14244 - PORT_Free(str);
14245 - return(NULL);
14247 - PORT_Free(str);
14248 - return(res);
14251 -static xmlChar*
14252 -xmlSecNssASN1IntegerWrite(SECItem *num) {
14253 - xmlChar *res = NULL;
14255 - xmlSecAssert2(num != NULL, NULL);
14257 - /* TODO : to be implemented after
14258 - * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
14259 - */
14260 - return(res);
14263 -static xmlChar*
14264 -xmlSecNssX509SKIWrite(CERTCertificate* cert) {
14265 - xmlChar *res = NULL;
14266 - SECItem ski;
14267 - SECStatus rv;
14269 - xmlSecAssert2(cert != NULL, NULL);
14271 - memset(&ski, 0, sizeof(ski));
14273 - rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
14274 - if (rv != SECSuccess) {
14275 - xmlSecError(XMLSEC_ERRORS_HERE,
14276 - NULL,
14277 - "CERT_FindSubjectKeyIDExtension",
14278 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
14279 - XMLSEC_ERRORS_NO_MESSAGE);
14280 - SECITEM_FreeItem(&ski, PR_FALSE);
14281 - return(NULL);
14284 - res = xmlSecBase64Encode(ski.data, ski.len, 0);
14285 - if(res == NULL) {
14286 - xmlSecError(XMLSEC_ERRORS_HERE,
14287 - NULL,
14288 - "xmlSecBase64Encode",
14289 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14290 - XMLSEC_ERRORS_NO_MESSAGE);
14291 - SECITEM_FreeItem(&ski, PR_FALSE);
14292 - return(NULL);
14294 - SECITEM_FreeItem(&ski, PR_FALSE);
14296 - return(res);
14300 static void
14301 xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
14302 SECItem *sn;
14303 @@ -2084,7 +1763,11 @@
14304 xmlSecSize bufSize,
14305 xmlSecKeyInfoCtxPtr keyInfoCtx);
14307 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
14308 +static struct _xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = {
14309 +#else
14310 static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = {
14311 +#endif
14312 sizeof(xmlSecKeyDataKlass),
14313 sizeof(xmlSecKeyData),
14315 --- misc/xmlsec1-1.2.6/src/nss/x509vfy.c 2003-09-26 02:58:15.000000000 +0200
14316 +++ misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c 2008-06-29 23:44:19.000000000 +0200
14317 @@ -30,6 +30,7 @@
14318 #include <xmlsec/keyinfo.h>
14319 #include <xmlsec/keysmngr.h>
14320 #include <xmlsec/base64.h>
14321 +#include <xmlsec/bn.h>
14322 #include <xmlsec/errors.h>
14324 #include <xmlsec/nss/crypto.h>
14325 @@ -43,8 +44,8 @@
14326 typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
14327 *xmlSecNssX509StoreCtxPtr;
14328 struct _xmlSecNssX509StoreCtx {
14329 - CERTCertList* certsList; /* just keeping a reference to destroy later */
14330 -};
14331 + CERTCertList* certsList; /* just keeping a reference to destroy later */
14332 +};
14334 /****************************************************************************
14336 @@ -54,45 +55,40 @@
14338 ***************************************************************************/
14339 #define xmlSecNssX509StoreGetCtx(store) \
14340 - ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
14341 - sizeof(xmlSecKeyDataStoreKlass)))
14342 + ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
14343 + sizeof(xmlSecKeyDataStoreKlass)))
14344 #define xmlSecNssX509StoreSize \
14345 - (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
14346 + (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
14348 static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
14349 static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
14350 -static int xmlSecNssX509NameStringRead (xmlSecByte **str,
14351 - int *strLen,
14352 - xmlSecByte *res,
14353 - int resLen,
14354 - xmlSecByte delim,
14355 - int ingoreTrailingSpaces);
14356 -static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
14357 - int len);
14359 -static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
14361 +static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
14363 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
14364 +static struct _xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
14365 +#else
14366 static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
14367 - sizeof(xmlSecKeyDataStoreKlass),
14368 - xmlSecNssX509StoreSize,
14370 - /* data */
14371 - xmlSecNameX509Store, /* const xmlChar* name; */
14373 - /* constructors/destructor */
14374 - xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
14375 - xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
14377 - /* reserved for the future */
14378 - NULL, /* void* reserved0; */
14379 - NULL, /* void* reserved1; */
14380 +#endif
14381 + sizeof(xmlSecKeyDataStoreKlass),
14382 + xmlSecNssX509StoreSize,
14384 + /* data */
14385 + xmlSecNameX509Store, /* const xmlChar* name; */
14387 + /* constructors/destructor */
14388 + xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
14389 + xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
14391 + /* reserved for the future */
14392 + NULL, /* void* reserved0; */
14393 + NULL, /* void* reserved1; */
14396 static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName,
14397 - xmlChar *issuerName,
14398 - xmlChar *issuerSerial,
14399 - xmlChar *ski);
14400 + xmlChar *issuerName,
14401 + xmlChar *issuerSerial,
14402 + xmlChar *ski);
14405 /**
14406 @@ -104,7 +100,7 @@
14408 xmlSecKeyDataStoreId
14409 xmlSecNssX509StoreGetKlass(void) {
14410 - return(&xmlSecNssX509StoreKlass);
14411 + return(&xmlSecNssX509StoreKlass);
14415 @@ -125,15 +121,15 @@
14416 xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
14417 xmlChar *issuerName, xmlChar *issuerSerial,
14418 xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
14419 - xmlSecNssX509StoreCtxPtr ctx;
14421 - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
14422 - xmlSecAssert2(keyInfoCtx != NULL, NULL);
14423 + xmlSecNssX509StoreCtxPtr ctx;
14425 + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
14426 + xmlSecAssert2(keyInfoCtx != NULL, NULL);
14428 - ctx = xmlSecNssX509StoreGetCtx(store);
14429 - xmlSecAssert2(ctx != NULL, NULL);
14430 + ctx = xmlSecNssX509StoreGetCtx(store);
14431 + xmlSecAssert2(ctx != NULL, NULL);
14433 - return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
14434 + return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
14438 @@ -148,116 +144,130 @@
14440 CERTCertificate *
14441 xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
14442 - xmlSecKeyInfoCtx* keyInfoCtx) {
14443 - xmlSecNssX509StoreCtxPtr ctx;
14444 - CERTCertListNode* head;
14445 - CERTCertificate* cert = NULL;
14446 - CERTCertListNode* head1;
14447 - CERTCertificate* cert1 = NULL;
14448 - SECStatus status = SECFailure;
14449 - int64 timeboundary;
14450 - int64 tmp1, tmp2;
14452 - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
14453 - xmlSecAssert2(certs != NULL, NULL);
14454 - xmlSecAssert2(keyInfoCtx != NULL, NULL);
14456 - ctx = xmlSecNssX509StoreGetCtx(store);
14457 - xmlSecAssert2(ctx != NULL, NULL);
14459 - for (head = CERT_LIST_HEAD(certs);
14460 - !CERT_LIST_END(head, certs);
14461 - head = CERT_LIST_NEXT(head)) {
14462 - cert = head->cert;
14463 + xmlSecKeyInfoCtx* keyInfoCtx) {
14464 + xmlSecNssX509StoreCtxPtr ctx;
14465 + CERTCertListNode* head;
14466 + CERTCertificate* cert = NULL;
14467 + CERTCertListNode* head1;
14468 + CERTCertificate* cert1 = NULL;
14469 + SECStatus status = SECFailure;
14470 + int64 timeboundary;
14471 + int64 tmp1, tmp2;
14473 + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
14474 + xmlSecAssert2(certs != NULL, NULL);
14475 + xmlSecAssert2(keyInfoCtx != NULL, NULL);
14477 + ctx = xmlSecNssX509StoreGetCtx(store);
14478 + xmlSecAssert2(ctx != NULL, NULL);
14480 + for (head = CERT_LIST_HEAD(certs);
14481 + !CERT_LIST_END(head, certs);
14482 + head = CERT_LIST_NEXT(head)) {
14483 + cert = head->cert;
14484 if(keyInfoCtx->certsVerificationTime > 0) {
14485 - /* convert the time since epoch in seconds to microseconds */
14486 - LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
14487 - tmp1 = (int64)PR_USEC_PER_SEC;
14488 - tmp2 = timeboundary;
14489 - LL_MUL(timeboundary, tmp1, tmp2);
14490 + /* convert the time since epoch in seconds to microseconds */
14491 + LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
14492 + tmp1 = (int64)PR_USEC_PER_SEC;
14493 + tmp2 = timeboundary;
14494 + LL_MUL(timeboundary, tmp1, tmp2);
14495 } else {
14496 - timeboundary = PR_Now();
14497 + timeboundary = PR_Now();
14500 /* if cert is the issuer of any other cert in the list, then it is
14501 * to be skipped */
14502 for (head1 = CERT_LIST_HEAD(certs);
14503 - !CERT_LIST_END(head1, certs);
14504 - head1 = CERT_LIST_NEXT(head1)) {
14505 + !CERT_LIST_END(head1, certs);
14506 + head1 = CERT_LIST_NEXT(head1)) {
14508 - cert1 = head1->cert;
14509 - if (cert1 == cert) {
14510 + cert1 = head1->cert;
14511 + if (cert1 == cert) {
14512 continue;
14516 - if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
14517 - == SECEqual) {
14518 + if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
14519 + == SECEqual) {
14520 break;
14525 if (!CERT_LIST_END(head1, certs)) {
14526 - continue;
14527 + continue;
14530 - status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
14531 - cert, PR_FALSE,
14532 - (SECCertificateUsage)0,
14533 - timeboundary , NULL, NULL, NULL);
14534 - if (status == SECSuccess) {
14535 - break;
14536 + /* JL: OpenOffice.org implements its own certificate verification routine.
14537 + The goal is to seperate validation of the signature
14538 + and the certificate. For example, OOo could show that the document signature is valid,
14539 + but the certificate could not be verified. If we do not prevent the verification of
14540 + the certificate by libxmlsec and the verification fails, then the XML signature may not be
14541 + verified. This would happen, for example, if the root certificate is not installed.
14543 + In the store schould only be the certificate from the X509Certificate element
14544 + and the X509IssuerSerial element. The latter is only there
14545 + if the certificate is installed. Both certificates must be the same!
14546 + In case of writing the signature, the store contains only the certificate that
14547 + was created based on the information from the X509IssuerSerial element. */
14548 + status = SECSuccess;
14549 + break;
14550 +/* status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
14551 + cert, PR_FALSE,
14552 + (SECCertificateUsage)0,
14553 + timeboundary , NULL, NULL, NULL);
14554 + if (status == SECSuccess) {
14555 + break;
14556 + } */
14560 - if (status == SECSuccess) {
14561 + if (status == SECSuccess) {
14562 return (cert);
14565 - switch(PORT_GetError()) {
14568 + switch(PORT_GetError()) {
14569 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
14570 case SEC_ERROR_CA_CERT_INVALID:
14571 case SEC_ERROR_UNKNOWN_SIGNER:
14572 - xmlSecError(XMLSEC_ERRORS_HERE,
14573 - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14574 - NULL,
14575 - XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
14576 - "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
14577 - cert->subjectName);
14578 - break;
14579 + xmlSecError(XMLSEC_ERRORS_HERE,
14580 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14581 + NULL,
14582 + XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
14583 + "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
14584 + cert->subjectName);
14585 + break;
14586 case SEC_ERROR_EXPIRED_CERTIFICATE:
14587 - xmlSecError(XMLSEC_ERRORS_HERE,
14588 - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14589 - NULL,
14590 - XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
14591 - "cert with subject name %s has expired",
14592 - cert->subjectName);
14593 - break;
14594 + xmlSecError(XMLSEC_ERRORS_HERE,
14595 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14596 + NULL,
14597 + XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
14598 + "cert with subject name %s has expired",
14599 + cert->subjectName);
14600 + break;
14601 case SEC_ERROR_REVOKED_CERTIFICATE:
14602 - xmlSecError(XMLSEC_ERRORS_HERE,
14603 - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14604 - NULL,
14605 - XMLSEC_ERRORS_R_CERT_REVOKED,
14606 - "cert with subject name %s has been revoked",
14607 - cert->subjectName);
14608 - break;
14609 + xmlSecError(XMLSEC_ERRORS_HERE,
14610 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14611 + NULL,
14612 + XMLSEC_ERRORS_R_CERT_REVOKED,
14613 + "cert with subject name %s has been revoked",
14614 + cert->subjectName);
14615 + break;
14616 default:
14617 - xmlSecError(XMLSEC_ERRORS_HERE,
14618 - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14619 - NULL,
14620 - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
14621 - "cert with subject name %s could not be verified",
14622 - cert->subjectName);
14623 - break;
14625 + xmlSecError(XMLSEC_ERRORS_HERE,
14626 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14627 + NULL,
14628 + XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
14629 + "cert with subject name %s could not be verified, errcode %d",
14630 + cert->subjectName,
14631 + PORT_GetError());
14632 + break;
14635 - return (NULL);
14636 + return (NULL);
14640 * xmlSecNssX509StoreAdoptCert:
14641 - * @store: the pointer to X509 key data store klass.
14642 - * @cert: the pointer to NSS X509 certificate.
14643 - * @type: the certificate type (trusted/untrusted).
14644 + * @store: the pointer to X509 key data store klass.
14645 + * @cert: the pointer to NSS X509 certificate.
14646 + * @type: the certificate type (trusted/untrusted).
14648 * Adds trusted (root) or untrusted certificate to the store.
14650 @@ -265,67 +275,67 @@
14653 xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
14654 - xmlSecNssX509StoreCtxPtr ctx;
14655 - int ret;
14656 + xmlSecNssX509StoreCtxPtr ctx;
14657 + int ret;
14659 - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
14660 - xmlSecAssert2(cert != NULL, -1);
14661 + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
14662 + xmlSecAssert2(cert != NULL, -1);
14664 - ctx = xmlSecNssX509StoreGetCtx(store);
14665 - xmlSecAssert2(ctx != NULL, -1);
14666 + ctx = xmlSecNssX509StoreGetCtx(store);
14667 + xmlSecAssert2(ctx != NULL, -1);
14669 - if(ctx->certsList == NULL) {
14670 - ctx->certsList = CERT_NewCertList();
14671 - if(ctx->certsList == NULL) {
14672 - xmlSecError(XMLSEC_ERRORS_HERE,
14673 - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14674 - "CERT_NewCertList",
14675 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
14676 - XMLSEC_ERRORS_NO_MESSAGE);
14677 - return(-1);
14681 - ret = CERT_AddCertToListTail(ctx->certsList, cert);
14682 - if(ret != SECSuccess) {
14683 - xmlSecError(XMLSEC_ERRORS_HERE,
14684 - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14685 - "CERT_AddCertToListTail",
14686 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
14687 - XMLSEC_ERRORS_NO_MESSAGE);
14688 - return(-1);
14690 + if(ctx->certsList == NULL) {
14691 + ctx->certsList = CERT_NewCertList();
14692 + if(ctx->certsList == NULL) {
14693 + xmlSecError(XMLSEC_ERRORS_HERE,
14694 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14695 + "CERT_NewCertList",
14696 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
14697 + "error code=%d", PORT_GetError());
14698 + return(-1);
14702 - return(0);
14703 + ret = CERT_AddCertToListTail(ctx->certsList, cert);
14704 + if(ret != SECSuccess) {
14705 + xmlSecError(XMLSEC_ERRORS_HERE,
14706 + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
14707 + "CERT_AddCertToListTail",
14708 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
14709 + "error code=%d", PORT_GetError());
14710 + return(-1);
14713 + return(0);
14716 static int
14717 xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) {
14718 - xmlSecNssX509StoreCtxPtr ctx;
14719 - xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
14720 + xmlSecNssX509StoreCtxPtr ctx;
14721 + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
14723 - ctx = xmlSecNssX509StoreGetCtx(store);
14724 - xmlSecAssert2(ctx != NULL, -1);
14725 + ctx = xmlSecNssX509StoreGetCtx(store);
14726 + xmlSecAssert2(ctx != NULL, -1);
14728 - memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
14729 + memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
14731 - return(0);
14732 + return(0);
14735 static void
14736 xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
14737 - xmlSecNssX509StoreCtxPtr ctx;
14738 - xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
14739 + xmlSecNssX509StoreCtxPtr ctx;
14740 + xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
14742 - ctx = xmlSecNssX509StoreGetCtx(store);
14743 - xmlSecAssert(ctx != NULL);
14745 - if (ctx->certsList) {
14746 + ctx = xmlSecNssX509StoreGetCtx(store);
14747 + xmlSecAssert(ctx != NULL);
14749 + if (ctx->certsList) {
14750 CERT_DestroyCertList(ctx->certsList);
14751 ctx->certsList = NULL;
14755 - memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
14756 + memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
14760 @@ -340,376 +350,213 @@
14762 static CERTCertificate*
14763 xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
14764 - xmlChar *issuerSerial, xmlChar *ski) {
14765 - CERTCertificate *cert = NULL;
14766 - xmlChar *p = NULL;
14767 - CERTName *name = NULL;
14768 - SECItem *nameitem = NULL;
14769 - PRArenaPool *arena = NULL;
14771 - if (subjectName != NULL) {
14772 - p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
14773 - if (p == NULL) {
14774 - xmlSecError(XMLSEC_ERRORS_HERE,
14775 - NULL,
14776 - "xmlSecNssX509NameRead",
14777 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14778 - "subject=%s",
14779 - xmlSecErrorsSafeString(subjectName));
14780 - goto done;
14783 - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
14784 - if (arena == NULL) {
14785 - xmlSecError(XMLSEC_ERRORS_HERE,
14786 - NULL,
14787 - "PORT_NewArena",
14788 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
14789 - XMLSEC_ERRORS_NO_MESSAGE);
14790 - goto done;
14793 - name = CERT_AsciiToName((char*)p);
14794 - if (name == NULL) {
14795 - xmlSecError(XMLSEC_ERRORS_HERE,
14796 - NULL,
14797 - "CERT_AsciiToName",
14798 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14799 - XMLSEC_ERRORS_NO_MESSAGE);
14800 - goto done;
14803 - nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
14804 - SEC_ASN1_GET(CERT_NameTemplate));
14805 - if (nameitem == NULL) {
14806 - xmlSecError(XMLSEC_ERRORS_HERE,
14807 - NULL,
14808 - "SEC_ASN1EncodeItem",
14809 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14810 - XMLSEC_ERRORS_NO_MESSAGE);
14811 - goto done;
14814 - cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
14815 - goto done;
14818 - if((issuerName != NULL) && (issuerSerial != NULL)) {
14819 - CERTIssuerAndSN issuerAndSN;
14821 - p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
14822 - if (p == NULL) {
14823 - xmlSecError(XMLSEC_ERRORS_HERE,
14824 - NULL,
14825 - "xmlSecNssX509NameRead",
14826 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14827 - "issuer=%s",
14828 - xmlSecErrorsSafeString(issuerName));
14829 - goto done;
14832 - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
14833 - if (arena == NULL) {
14834 - xmlSecError(XMLSEC_ERRORS_HERE,
14835 - NULL,
14836 - "PORT_NewArena",
14837 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
14838 - XMLSEC_ERRORS_NO_MESSAGE);
14839 - goto done;
14842 - name = CERT_AsciiToName((char*)p);
14843 - if (name == NULL) {
14844 - xmlSecError(XMLSEC_ERRORS_HERE,
14845 - NULL,
14846 - "CERT_AsciiToName",
14847 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14848 - XMLSEC_ERRORS_NO_MESSAGE);
14849 - goto done;
14852 - nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
14853 - SEC_ASN1_GET(CERT_NameTemplate));
14854 - if (nameitem == NULL) {
14855 - xmlSecError(XMLSEC_ERRORS_HERE,
14856 - NULL,
14857 - "SEC_ASN1EncodeItem",
14858 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14859 - XMLSEC_ERRORS_NO_MESSAGE);
14860 - goto done;
14863 - memset(&issuerAndSN, 0, sizeof(issuerAndSN));
14864 + xmlChar *issuerSerial, xmlChar *ski) {
14865 + CERTCertificate *cert = NULL;
14866 + CERTName *name = NULL;
14867 + SECItem *nameitem = NULL;
14868 + PRArenaPool *arena = NULL;
14870 + if (subjectName != NULL) {
14871 + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
14872 + if (arena == NULL) {
14873 + xmlSecError(XMLSEC_ERRORS_HERE,
14874 + NULL,
14875 + "PORT_NewArena",
14876 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
14877 + "error code=%d", PORT_GetError());
14878 + goto done;
14881 - issuerAndSN.derIssuer.data = nameitem->data;
14882 - issuerAndSN.derIssuer.len = nameitem->len;
14883 + name = CERT_AsciiToName((char*)subjectName);
14884 + if (name == NULL) {
14885 + xmlSecError(XMLSEC_ERRORS_HERE,
14886 + NULL,
14887 + "CERT_AsciiToName",
14888 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
14889 + "error code=%d", PORT_GetError());
14890 + goto done;
14893 - /* TBD: serial num can be arbitrarily long */
14894 - xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
14895 + nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
14896 + SEC_ASN1_GET(CERT_NameTemplate));
14897 + if (nameitem == NULL) {
14898 + xmlSecError(XMLSEC_ERRORS_HERE,
14899 + NULL,
14900 + "SEC_ASN1EncodeItem",
14901 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
14902 + "error code=%d", PORT_GetError());
14903 + goto done;
14906 - cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
14907 - &issuerAndSN);
14908 - SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
14909 - goto done;
14912 - if(ski != NULL) {
14913 - SECItem subjKeyID;
14914 - int len;
14916 - len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
14917 - if(len < 0) {
14918 - xmlSecError(XMLSEC_ERRORS_HERE,
14919 - NULL,
14920 - "xmlSecBase64Decode",
14921 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14922 - "ski=%s",
14923 - xmlSecErrorsSafeString(ski));
14924 - goto done;
14927 - memset(&subjKeyID, 0, sizeof(subjKeyID));
14928 - subjKeyID.data = ski;
14929 - subjKeyID.len = xmlStrlen(ski);
14930 - cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
14931 - &subjKeyID);
14933 + cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
14934 + goto done;
14937 -done:
14938 - if (p != NULL) {
14939 - PORT_Free(p);
14941 - if (arena != NULL) {
14942 - PORT_FreeArena(arena, PR_FALSE);
14944 - if (name != NULL) {
14945 - CERT_DestroyName(name);
14947 + if((issuerName != NULL) && (issuerSerial != NULL)) {
14948 + CERTIssuerAndSN issuerAndSN;
14950 - return(cert);
14952 + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
14953 + if (arena == NULL) {
14954 + xmlSecError(XMLSEC_ERRORS_HERE,
14955 + NULL,
14956 + "PORT_NewArena",
14957 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
14958 + "error code=%d", PORT_GetError());
14959 + goto done;
14962 -/**
14963 - * xmlSecNssX509NameRead:
14964 - */
14965 -static xmlSecByte *
14966 -xmlSecNssX509NameRead(xmlSecByte *str, int len) {
14967 - xmlSecByte name[256];
14968 - xmlSecByte value[256];
14969 - xmlSecByte *retval = NULL;
14970 - xmlSecByte *p = NULL;
14971 - int nameLen, valueLen;
14973 - xmlSecAssert2(str != NULL, NULL);
14975 - /* return string should be no longer than input string */
14976 - retval = (xmlSecByte *)PORT_Alloc(len+1);
14977 - if(retval == NULL) {
14978 - xmlSecError(XMLSEC_ERRORS_HERE,
14979 - NULL,
14980 - "PORT_Alloc",
14981 - XMLSEC_ERRORS_R_MALLOC_FAILED,
14982 - XMLSEC_ERRORS_NO_MESSAGE);
14983 - return(NULL);
14985 - p = retval;
14987 - while(len > 0) {
14988 - /* skip spaces after comma or semicolon */
14989 - while((len > 0) && isspace(*str)) {
14990 - ++str; --len;
14993 - nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
14994 - if(nameLen < 0) {
14995 - xmlSecError(XMLSEC_ERRORS_HERE,
14996 - NULL,
14997 - "xmlSecNssX509NameStringRead",
14998 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
14999 - XMLSEC_ERRORS_NO_MESSAGE);
15000 - goto done;
15002 - memcpy(p, name, nameLen);
15003 - p+=nameLen;
15004 - *p++='=';
15005 - if(len > 0) {
15006 - ++str; --len;
15007 - if((*str) == '\"') {
15008 - valueLen = xmlSecNssX509NameStringRead(&str, &len,
15009 - value, sizeof(value), '"', 1);
15010 - if(valueLen < 0) {
15011 - xmlSecError(XMLSEC_ERRORS_HERE,
15012 + name = CERT_AsciiToName((char*)issuerName);
15013 + if (name == NULL) {
15014 + xmlSecError(XMLSEC_ERRORS_HERE,
15015 NULL,
15016 - "xmlSecNssX509NameStringRead",
15017 + "CERT_AsciiToName",
15018 XMLSEC_ERRORS_R_XMLSEC_FAILED,
15019 - XMLSEC_ERRORS_NO_MESSAGE);
15020 - goto done;
15022 - /* skip spaces before comma or semicolon */
15023 - while((len > 0) && isspace(*str)) {
15024 - ++str; --len;
15025 + "error code=%d", PORT_GetError());
15026 + goto done;
15028 - if((len > 0) && ((*str) != ',')) {
15029 - xmlSecError(XMLSEC_ERRORS_HERE,
15030 - NULL,
15031 - NULL,
15032 - XMLSEC_ERRORS_R_INVALID_DATA,
15033 - "comma is expected");
15034 - goto done;
15036 - if(len > 0) {
15037 - ++str; --len;
15039 + nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
15040 + SEC_ASN1_GET(CERT_NameTemplate));
15041 + if (nameitem == NULL) {
15042 + xmlSecError(XMLSEC_ERRORS_HERE,
15043 + NULL,
15044 + "SEC_ASN1EncodeItem",
15045 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
15046 + "error code=%d", PORT_GetError());
15047 + goto done;
15049 - *p++='\"';
15050 - memcpy(p, value, valueLen);
15051 - p+=valueLen;
15052 - *p++='\"';
15053 - } else if((*str) == '#') {
15054 - /* TODO: read octect values */
15055 - xmlSecError(XMLSEC_ERRORS_HERE,
15056 - NULL,
15057 - NULL,
15058 - XMLSEC_ERRORS_R_INVALID_DATA,
15059 - "reading octect values is not implemented yet");
15060 - goto done;
15061 - } else {
15062 - valueLen = xmlSecNssX509NameStringRead(&str, &len,
15063 - value, sizeof(value), ',', 1);
15064 - if(valueLen < 0) {
15065 - xmlSecError(XMLSEC_ERRORS_HERE,
15067 + memset(&issuerAndSN, 0, sizeof(issuerAndSN));
15069 + issuerAndSN.derIssuer.data = nameitem->data;
15070 + issuerAndSN.derIssuer.len = nameitem->len;
15072 + if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
15073 + xmlSecError(XMLSEC_ERRORS_HERE,
15074 NULL,
15075 - "xmlSecNssX509NameStringRead",
15076 + "xmlSecNssIntegerToItem",
15077 XMLSEC_ERRORS_R_XMLSEC_FAILED,
15078 - XMLSEC_ERRORS_NO_MESSAGE);
15079 - goto done;
15081 - memcpy(p, value, valueLen);
15082 - p+=valueLen;
15083 - if (len > 0)
15084 - *p++=',';
15085 - }
15086 - } else {
15087 - valueLen = 0;
15088 + "serial number=%s",
15089 + xmlSecErrorsSafeString(issuerSerial));
15090 + goto done;
15093 + cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
15094 + &issuerAndSN);
15095 + SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
15096 + goto done;
15099 + if(ski != NULL) {
15100 + SECItem subjKeyID;
15101 + int len;
15103 + len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
15104 + if(len < 0) {
15105 + xmlSecError(XMLSEC_ERRORS_HERE,
15106 + NULL,
15107 + "xmlSecBase64Decode",
15108 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
15109 + "ski=%s",
15110 + xmlSecErrorsSafeString(ski));
15111 + goto done;
15114 + memset(&subjKeyID, 0, sizeof(subjKeyID));
15115 + subjKeyID.data = ski;
15116 + subjKeyID.len = xmlStrlen(ski);
15117 + cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
15118 + &subjKeyID);
15120 - if(len > 0) {
15121 - ++str; --len;
15122 - }
15125 - *p = 0;
15126 - return(retval);
15129 done:
15130 - PORT_Free(retval);
15131 - return (NULL);
15132 + if (arena != NULL) {
15133 + PORT_FreeArena(arena, PR_FALSE);
15135 + if (name != NULL) {
15136 + CERT_DestroyName(name);
15139 + return(cert);
15142 +static int
15143 +xmlSecNssIntegerToItem(
15144 + const xmlChar* integer ,
15145 + SECItem *item
15146 +) {
15147 + xmlSecBn bn ;
15148 + xmlSecSize i, length ;
15149 + const xmlSecByte* bnInteger ;
15151 + xmlSecAssert2( integer != NULL, -1 ) ;
15152 + xmlSecAssert2( item != NULL, -1 ) ;
15154 -/**
15155 - * xmlSecNssX509NameStringRead:
15156 - */
15157 -static int
15158 -xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
15159 - xmlSecByte *res, int resLen,
15160 - xmlSecByte delim, int ingoreTrailingSpaces) {
15161 - xmlSecByte *p, *q, *nonSpace;
15163 - xmlSecAssert2(str != NULL, -1);
15164 - xmlSecAssert2(strLen != NULL, -1);
15165 - xmlSecAssert2(res != NULL, -1);
15167 - p = (*str);
15168 - nonSpace = q = res;
15169 - while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
15170 - if((*p) != '\\') {
15171 - if(ingoreTrailingSpaces && !isspace(*p)) {
15172 - nonSpace = q;
15174 - *(q++) = *(p++);
15175 - } else {
15176 - ++p;
15177 - nonSpace = q;
15178 - if(xmlSecIsHex((*p))) {
15179 - if((p - (*str) + 1) >= (*strLen)) {
15180 - xmlSecError(XMLSEC_ERRORS_HERE,
15181 - NULL,
15182 - NULL,
15183 - XMLSEC_ERRORS_R_INVALID_DATA,
15184 - "two hex digits expected");
15185 - return(-1);
15187 - *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
15188 - p += 2;
15189 - } else {
15190 - if(((++p) - (*str)) >= (*strLen)) {
15191 - xmlSecError(XMLSEC_ERRORS_HERE,
15192 - NULL,
15193 - NULL,
15194 - XMLSEC_ERRORS_R_INVALID_DATA,
15195 - "escaped symbol missed");
15196 - return(-1);
15198 - *(q++) = *(p++);
15200 - }
15202 - if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
15203 - xmlSecError(XMLSEC_ERRORS_HERE,
15204 - NULL,
15205 - NULL,
15206 - XMLSEC_ERRORS_R_INVALID_SIZE,
15207 - "buffer is too small");
15208 - return(-1);
15210 - (*strLen) -= (p - (*str));
15211 - (*str) = p;
15212 - return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
15214 + if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
15215 + xmlSecError( XMLSEC_ERRORS_HERE,
15216 + NULL,
15217 + "xmlSecBnInitialize",
15218 + XMLSEC_ERRORS_R_INVALID_DATA,
15219 + XMLSEC_ERRORS_NO_MESSAGE ) ;
15220 + return -1 ;
15223 -/* code lifted from NSS */
15224 -static void
15225 -xmlSecNssNumToItem(SECItem *it, unsigned long ui)
15227 - unsigned char bb[5];
15228 - int len;
15230 - bb[0] = 0;
15231 - bb[1] = (unsigned char) (ui >> 24);
15232 - bb[2] = (unsigned char) (ui >> 16);
15233 - bb[3] = (unsigned char) (ui >> 8);
15234 - bb[4] = (unsigned char) (ui);
15236 - /*
15237 - ** Small integers are encoded in a single byte. Larger integers
15238 - ** require progressively more space.
15239 - */
15240 - if (ui > 0x7f) {
15241 - if (ui > 0x7fff) {
15242 - if (ui > 0x7fffffL) {
15243 - if (ui >= 0x80000000L) {
15244 - len = 5;
15245 - } else {
15246 - len = 4;
15248 - } else {
15249 - len = 3;
15251 - } else {
15252 - len = 2;
15254 - } else {
15255 - len = 1;
15258 - it->data = (unsigned char *)PORT_Alloc(len);
15259 - if (it->data == NULL) {
15260 - return;
15262 + if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
15263 + xmlSecError( XMLSEC_ERRORS_HERE,
15264 + NULL,
15265 + "xmlSecBnFromDecString",
15266 + XMLSEC_ERRORS_R_INVALID_DATA,
15267 + XMLSEC_ERRORS_NO_MESSAGE ) ;
15269 + xmlSecBnFinalize( &bn ) ;
15270 + return -1 ;
15273 + length = xmlSecBnGetSize( &bn ) ;
15274 + if( length <= 0 ) {
15275 + xmlSecError( XMLSEC_ERRORS_HERE,
15276 + NULL,
15277 + "xmlSecBnGetSize",
15278 + XMLSEC_ERRORS_R_INVALID_DATA,
15279 + XMLSEC_ERRORS_NO_MESSAGE ) ;
15281 + xmlSecBnFinalize( &bn ) ;
15282 + return -1 ;
15285 + bnInteger = xmlSecBnGetData( &bn ) ;
15286 + if( bnInteger == NULL ) {
15287 + xmlSecError( XMLSEC_ERRORS_HERE,
15288 + NULL,
15289 + "xmlSecBnGetData",
15290 + XMLSEC_ERRORS_R_INVALID_DATA,
15291 + XMLSEC_ERRORS_NO_MESSAGE ) ;
15293 - it->len = len;
15294 - PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
15295 + xmlSecBnFinalize( &bn ) ;
15296 + return -1 ;
15299 + item->data = ( unsigned char * )PORT_Alloc( length );
15300 + if( item->data == NULL ) {
15301 + xmlSecError( XMLSEC_ERRORS_HERE,
15302 + NULL,
15303 + "PORT_Alloc",
15304 + XMLSEC_ERRORS_R_INVALID_DATA,
15305 + XMLSEC_ERRORS_NO_MESSAGE ) ;
15307 + xmlSecBnFinalize( &bn ) ;
15308 + return -1 ;
15311 + item->len = length;
15313 + for( i = 0 ; i < length ; i ++ )
15314 + item->data[i] = *( bnInteger + i ) ;
15316 + xmlSecBnFinalize( &bn ) ;
15318 + return 0 ;
15320 -#endif /* XMLSEC_NO_X509 */
15322 +#endif /* XMLSEC_NO_X509 */
15324 --- misc/xmlsec1-1.2.6/win32/Makefile.msvc 2004-06-09 16:35:12.000000000 +0200
15325 +++ misc/build/xmlsec1-1.2.6/win32/Makefile.msvc 2008-06-29 23:44:19.000000000 +0200
15326 @@ -223,6 +223,10 @@
15327 $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
15329 XMLSEC_NSS_OBJS = \
15330 + $(XMLSEC_NSS_INTDIR)\akmngr.obj\
15331 + $(XMLSEC_NSS_INTDIR)\keytrans.obj\
15332 + $(XMLSEC_NSS_INTDIR)\keywrapers.obj\
15333 + $(XMLSEC_NSS_INTDIR)\tokens.obj\
15334 $(XMLSEC_NSS_INTDIR)\app.obj\
15335 $(XMLSEC_NSS_INTDIR)\bignum.obj\
15336 $(XMLSEC_NSS_INTDIR)\ciphers.obj \
15337 @@ -235,9 +239,6 @@
15338 $(XMLSEC_NSS_INTDIR)\x509.obj\
15339 $(XMLSEC_NSS_INTDIR)\x509vfy.obj\
15340 $(XMLSEC_NSS_INTDIR)\keysstore.obj\
15341 - $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\
15342 - $(XMLSEC_NSS_INTDIR)\kw_des.obj\
15343 - $(XMLSEC_NSS_INTDIR)\kw_aes.obj\
15344 $(XMLSEC_NSS_INTDIR)\strings.obj
15345 XMLSEC_NSS_OBJS_A = \
15346 $(XMLSEC_NSS_INTDIR_A)\app.obj\
15347 @@ -258,6 +259,7 @@
15348 $(XMLSEC_NSS_INTDIR_A)\strings.obj
15350 XMLSEC_MSCRYPTO_OBJS = \
15351 + $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
15352 $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
15353 $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
15354 $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
15355 @@ -376,7 +378,7 @@
15356 XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
15357 XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
15359 -XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib
15360 +XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib
15361 XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
15363 XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib