diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-03-09 18:19:29 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2016-03-10 15:16:06 +0000 |
| commit | 70c8d27892f811121a891ebd4742c97d19632f93 (patch) | |
| tree | 1f12dc9cc2613ae196fd94f0e7956f95cbc95815 | |
| parent | 069e92f5ccb7b8601e9fa8de4d3ec9639afa1ea6 (diff) | |
Upgrade libxmlsec to 1.2.15
The primary benefit is that this release supports sha256 out of the box,
so we can drop xmlsec1-nss-sha256.patch.1 and
xmlsec1-mscrypto-sha256.patch.1.
Change-Id: I78606c02591ac8ae7e347b0faa510ae2483e3183
Reviewed-on: https://gerrit.libreoffice.org/23096
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
21 files changed, 1877 insertions, 2337 deletions
diff --git a/download.lst b/download.lst index 71a5de4c2ac2..7072a3adfd2b 100644 --- a/download.lst +++ b/download.lst @@ -91,7 +91,7 @@ export LIBEXTTEXTCAT_TARBALL := 10d61fbaa6a06348823651b1bd7940fe-libexttextcat-3 export LIBGLTF_MD5SUM := d63a9f47ab048f5009d90693d6aa6424 export LIBGLTF_TARBALL := libgltf-0.0.2.tar.bz2 export LIBLANGTAG_TARBALL := aa899eff126216dafe721149fbdb511b-liblangtag-0.5.8.tar.bz2 -export LIBXMLSEC_TARBALL := 1f24ab1d39f4a51faf22244c94a6203f-xmlsec1-1.2.14.tar.gz +export LIBXMLSEC_TARBALL := 43bc8011a33ef9fba862eca4573034c4-xmlsec1-1.2.15.tar.gz export LIBXML_TARBALL := daece17e045f1c107610e137ab50c179-libxml2-2.9.3.tar.gz export LIBXSLT_TARBALL := 9667bf6f9310b957254fdcf6596600b7-libxslt-1.1.28.tar.gz export LPSOLVE_TARBALL := 26b3e95ddf3d9c077c480ea45874b3b8-lp_solve_5.5.tar.gz diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk index 59156316e187..79b019cdd15e 100644 --- a/external/libxmlsec/UnpackedTarball_xmlsec.mk +++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk @@ -8,25 +8,22 @@ # xmlsec_patches := -xmlsec_patches += xmlsec1-configure.patch -xmlsec_patches += xmlsec1-configure-libxml-libxslt.patch -xmlsec_patches += xmlsec1-oldlibtool.patch -xmlsec_patches += xmlsec1-nssdisablecallbacks.patch -xmlsec_patches += xmlsec1-nssmangleciphers.patch -xmlsec_patches += xmlsec1-noverify.patch -xmlsec_patches += xmlsec1-mingw-keymgr-mscrypto.patch -xmlsec_patches += xmlsec1-vc.patch -xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch -xmlsec_patches += xmlsec1-android.patch +xmlsec_patches += xmlsec1-configure.patch.1 +xmlsec_patches += xmlsec1-configure-libxml-libxslt.patch.1 +xmlsec_patches += xmlsec1-oldlibtool.patch.1 +xmlsec_patches += xmlsec1-nssdisablecallbacks.patch.1 +xmlsec_patches += xmlsec1-nssmangleciphers.patch.1 +xmlsec_patches += xmlsec1-noverify.patch.1 +xmlsec_patches += xmlsec1-mingw-keymgr-mscrypto.patch.1 +xmlsec_patches += xmlsec1-vc.patch.1 +xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1 +xmlsec_patches += xmlsec1-android.patch.1 # Partial backport of <https://github.com/lsh123/xmlsec/commit/6a4968bc33f83aaf61efc0a80333350ce9c372f5>. -xmlsec_patches += xmlsec1-1.2.14-ansi.patch +xmlsec_patches += xmlsec1-1.2.14-ansi.patch.1 xmlsec_patches += xmlsec1-customkeymanage.patch.1 xmlsec_patches += xmlsec1-update-config.guess.patch.1 # Upstreamed as <https://github.com/lsh123/xmlsec/commit/7069e2b0ab49679008abedd6d223fb95538b0684>. xmlsec_patches += xmlsec1-ooxml.patch.1 -# Partial backport of <https://github.com/lsh123/xmlsec/commit/a17e8da3a8f56348d71d325aa8d3e6366f13b512>. -xmlsec_patches += xmlsec1-nss-sha256.patch.1 -xmlsec_patches += xmlsec1-mscrypto-sha256.patch.1 $(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec)) diff --git a/external/libxmlsec/xmlsec1-1.2.14-ansi.patch b/external/libxmlsec/xmlsec1-1.2.14-ansi.patch deleted file mode 100644 index 24a9584c9023..000000000000 --- a/external/libxmlsec/xmlsec1-1.2.14-ansi.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- misc/xmlsec1-1.2.14/configure.in 2012-08-29 22:44:51.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/configure.in 2012-08-29 22:46:23.000000000 +0200 -@@ -46,10 +46,6 @@ - AC_PATH_PROG(HELP2MAN, help2man) - AC_PATH_PROG(MAN2HTML, man2html) - --dnl Make sure we have an ANSI compiler --AM_C_PROTOTYPES --test "z$U" != "z" && AC_MSG_ERROR(Compiler not ANSI compliant) -- - dnl Checks for header files. - AC_HEADER_DIRENT - AC_HEADER_STDC diff --git a/external/libxmlsec/xmlsec1-1.2.14-ansi.patch.1 b/external/libxmlsec/xmlsec1-1.2.14-ansi.patch.1 new file mode 100644 index 000000000000..a004295369ef --- /dev/null +++ b/external/libxmlsec/xmlsec1-1.2.14-ansi.patch.1 @@ -0,0 +1,27 @@ +From 7aaf2be1bb36db78450ea7f06dd571d98f57c06f Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:15:25 +0100 +Subject: [PATCH 11/14] xmlsec1-1.2.14-ansi.patch + +--- + configure.in | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/configure.in b/configure.in +index cbf6e4a..403ec63 100644 +--- a/configure.in ++++ b/configure.in +@@ -46,10 +46,6 @@ AC_PATH_PROG(TAR, tar, /bin/tar) + AC_PATH_PROG(HELP2MAN, help2man) + AC_PATH_PROG(MAN2HTML, man2html) + +-dnl Make sure we have an ANSI compiler +-AM_C_PROTOTYPES +-test "z$U" != "z" && AC_MSG_ERROR(Compiler not ANSI compliant) +- + dnl Checks for header files. + AC_HEADER_DIRENT + AC_HEADER_STDC +-- +2.6.2 + diff --git a/external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch b/external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch deleted file mode 100644 index 4d9764549429..000000000000 --- a/external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- build/xmlsec1-1.2.14/include/xmlsec/xmlsec.h.ORIGINAL 2009-12-05 15:19:18.000000000 -0600 -+++ build/xmlsec1-1.2.14/include/xmlsec/xmlsec.h 2011-02-13 03:09:42.917240245 -0600 -@@ -11,16 +11,16 @@ - #ifndef __XMLSEC_H__ - #define __XMLSEC_H__ - --#ifdef __cplusplus --extern "C" { --#endif /* __cplusplus */ -- - #include <libxml/tree.h> - - #include <xmlsec/version.h> - #include <xmlsec/exports.h> - #include <xmlsec/strings.h> - -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ - /*********************************************************************** - * - * Basic types to make ports to exotic platforms easier diff --git a/external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch.1 b/external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch.1 new file mode 100644 index 000000000000..120462f788e9 --- /dev/null +++ b/external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch.1 @@ -0,0 +1,39 @@ +From 4acfcb9acf87b4e6e6ee4d68875255b198b0fa0c Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:12:48 +0100 +Subject: [PATCH 09/14] xmlsec1-1.2.14_fix_extern_c.patch + +Conflicts: + include/xmlsec/xmlsec.h +--- + include/xmlsec/xmlsec.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/include/xmlsec/xmlsec.h b/include/xmlsec/xmlsec.h +index 9ab4cea..a6c09f2 100644 +--- a/include/xmlsec/xmlsec.h ++++ b/include/xmlsec/xmlsec.h +@@ -11,16 +11,16 @@ + #ifndef __XMLSEC_H__ + #define __XMLSEC_H__ + +-#ifdef __cplusplus +-extern "C" { +-#endif /* __cplusplus */ +- + #include <libxml/tree.h> + + #include <xmlsec/version.h> + #include <xmlsec/exports.h> + #include <xmlsec/strings.h> + ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ + /*********************************************************************** + * + * Basic types to make ports to exotic platforms easier +-- +2.6.2 + diff --git a/external/libxmlsec/xmlsec1-android.patch b/external/libxmlsec/xmlsec1-android.patch.1 index 4b81b7c9803c..d2dc1b4fe4e8 100644 --- a/external/libxmlsec/xmlsec1-android.patch +++ b/external/libxmlsec/xmlsec1-android.patch.1 @@ -1,6 +1,17 @@ ---- build/xmlsec1-1.2.14/config.sub -+++ build/xmlsec1-1.2.14/config.sub -@@ -120,7 +120,7 @@ +From f78fe748f06042492147e4ca57621acd3da2c605 Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:13:10 +0100 +Subject: [PATCH 10/14] xmlsec1-android.patch + +--- + config.sub | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/config.sub b/config.sub +index a39437d..45bad78 100755 +--- a/config.sub ++++ b/config.sub +@@ -120,7 +120,7 @@ esac # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in @@ -9,7 +20,7 @@ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) -@@ -1275,7 +1275,7 @@ +@@ -1275,7 +1275,7 @@ case $os in | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ @@ -18,3 +29,6 @@ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ +-- +2.6.2 + diff --git a/external/libxmlsec/xmlsec1-configure-libxml-libxslt.patch b/external/libxmlsec/xmlsec1-configure-libxml-libxslt.patch.1 index c20b8494e28b..72d08f80108e 100644 --- a/external/libxmlsec/xmlsec1-configure-libxml-libxslt.patch +++ b/external/libxmlsec/xmlsec1-configure-libxml-libxslt.patch.1 @@ -1,6 +1,17 @@ ---- misc/xmlsec1-1.2.14/configure.in Wed Jun 30 11:55:37 2010 -+++ misc/build/xmlsec1-1.2.14/configure.in Wed Jun 30 11:53:55 2010 -@@ -231,7 +231,7 @@ +From 9d5883f326e74e846fa9ce987d45516454d6ba0e Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:06:58 +0100 +Subject: [PATCH 02/14] xmlsec1-configure-libxml-libxslt.patch + +--- + configure.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.in b/configure.in +index 14cb432..cbf6e4a 100644 +--- a/configure.in ++++ b/configure.in +@@ -220,7 +220,7 @@ fi if test "z$LIBXML_FOUND" = "zno" ; then if test "z$with_libxml" != "zyes" ; then AC_PATH_PROG([LIBXML_CONFIG], [$LIBXML_CONFIG], [], @@ -9,7 +20,7 @@ fi AC_MSG_CHECKING([libxml2 $LIBXML_CONFIG ]) if ! LIBXML_VERSION=`$LIBXML_CONFIG --version 2>/dev/null`; then -@@ -296,7 +296,7 @@ +@@ -287,7 +287,7 @@ fi if test "z$LIBXSLT_FOUND" = "zno" ; then if test "z$with_libxslt" != "zyes" ; then AC_PATH_PROG([LIBXSLT_CONFIG], [$LIBXSLT_CONFIG], [], @@ -18,3 +29,6 @@ fi AC_MSG_CHECKING(for libxslt libraries >= $LIBXSLT_MIN_VERSION) if ! LIBXSLT_VERSION=`$LIBXSLT_CONFIG --version 2>/dev/null`; then +-- +2.6.2 + diff --git a/external/libxmlsec/xmlsec1-configure.patch b/external/libxmlsec/xmlsec1-configure.patch.1 index 19fdc570d806..54e713f43dcb 100644 --- a/external/libxmlsec/xmlsec1-configure.patch +++ b/external/libxmlsec/xmlsec1-configure.patch.1 @@ -1,5 +1,21 @@ ---- misc/xmlsec1-1.2.14/Makefile.am -+++ misc/build/xmlsec1-1.2.14/Makefile.am +From e48dde538ebdf7e76b824d65bb600fc7d1e60e17 Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:06:19 +0100 +Subject: [PATCH 01/14] xmlsec1-configure.patch + +Conflicts: + configure.in +--- + Makefile.am | 5 +++-- + Makefile.in | 5 +++-- + configure.in | 52 ++++++++++++++++++++++++++++++++++++++++------------ + win32/Makefile.msvc | 2 +- + 4 files changed, 47 insertions(+), 17 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 3fce548..a3befe8 100644 +--- a/Makefile.am ++++ b/Makefile.am @@ -1,8 +1,9 @@ NULL = @@ -12,9 +28,11 @@ DEFAULT_CRYPTO = @XMLSEC_CRYPTO@ bin_SCRIPTS = xmlsec1-config ---- misc/xmlsec1-1.2.14/Makefile.in 2009-06-25 22:53:34.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/Makefile.in 2009-10-01 10:32:48.708515261 +0200 -@@ -341,8 +341,9 @@ +diff --git a/Makefile.in b/Makefile.in +index 9e5401b..47c3cf4 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -341,8 +341,9 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ NULL = SAFE_VERSION = @XMLSEC_VERSION_SAFE@ @@ -26,9 +44,11 @@ DEFAULT_CRYPTO = @XMLSEC_CRYPTO@ bin_SCRIPTS = xmlsec1-config pkgconfig_DATA = xmlsec1.pc @XMLSEC_CRYPTO_PC_FILES_LIST@ ---- misc/xmlsec1-1.2.14/configure.in 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/configure.in 2009-10-01 10:28:50.990755126 +0200 -@@ -192,8 +192,8 @@ +diff --git a/configure.in b/configure.in +index bd5837d..14cb432 100644 +--- a/configure.in ++++ b/configure.in +@@ -183,8 +183,8 @@ dnl find libxml dnl ========================================================================== LIBXML_MIN_VERSION="2.7.4" LIBXML_CONFIG="xml2-config" @@ -39,7 +59,7 @@ LIBXML_FOUND="no" AC_ARG_WITH(libxml, [ --with-libxml=[PFX] libxml2 location] -@@ -202,6 +202,8 @@ +@@ -193,6 +193,8 @@ AC_ARG_WITH(libxml-src, [ --with-libxml-src=[PFX] not installed yet libxml2 location] ) @@ -48,7 +68,7 @@ if test "z$with_libxml" = "zno" -o "z$with_libxml_src" = "zno"; then AC_MSG_CHECKING(for libxml2 libraries >= $LIBXML_MIN_VERSION) AC_MSG_ERROR(libxml2 >= $LIBXML_MIN_VERSION is required for $XMLSEC_PACKAGE) -@@ -245,6 +247,8 @@ +@@ -236,6 +238,8 @@ if test "z$LIBXML_FOUND" = "zno" ; then fi fi @@ -57,15 +77,15 @@ AC_SUBST(LIBXML_CFLAGS) AC_SUBST(LIBXML_LIBS) AC_SUBST(LIBXML_CONFIG) -@@ -555,12 +559,26 @@ +@@ -546,12 +550,26 @@ dnl ========================================================================== XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" +if test "z$MOZ_FLAVOUR" = "zfirefox" ; then + MOZILLA_MIN_VERSION="1.0" +fi - NSS_MIN_VERSION="3.2" - NSPR_MIN_VERSION="4.0" + NSS_MIN_VERSION="3.9" + NSPR_MIN_VERSION="4.4.1" NSS_CFLAGS="" NSS_LIBS="" -NSS_LIBS_LIST="-lnss3 -lsmime3" @@ -86,7 +106,7 @@ NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss" NSS_FOUND="no" NSPR_PACKAGE=mozilla-nspr -@@ -586,6 +604,16 @@ +@@ -577,6 +595,16 @@ elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z dnl We are going to try all options dnl if test "z$NSS_FOUND" = "zno" ; then @@ -103,7 +123,7 @@ PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION, [NSS_FOUND=yes NSPR_PACKAGE=mozilla-nspr NSS_PACKAGE=mozilla-nss], [NSS_FOUND=no]) -@@ -612,8 +640,8 @@ +@@ -603,8 +631,8 @@ if test "z$NSS_FOUND" = "zno" ; then ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi @@ -114,7 +134,7 @@ AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) NSPR_INCLUDES_FOUND="no" -@@ -634,21 +662,21 @@ +@@ -625,21 +653,21 @@ if test "z$NSS_FOUND" = "zno" ; then NSPR_PRINIT_H="$with_nspr/include/prinit.h" else for dir in $ac_nss_inc_dir ; do @@ -140,7 +160,7 @@ dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" -@@ -719,7 +747,7 @@ +@@ -710,7 +738,7 @@ if test "z$NSS_FOUND" = "zno" ; then done for dir in $ac_nss_lib_dir ; do @@ -149,7 +169,7 @@ dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" -@@ -738,7 +766,7 @@ +@@ -729,7 +757,7 @@ if test "z$NSS_FOUND" = "zno" ; then if test "z$NSS_INCLUDES_FOUND" = "zyes" -a "z$NSS_LIBS_FOUND" = "zyes" ; then OLD_CPPFLAGS=$CPPFLAGS @@ -158,9 +178,11 @@ AC_EGREP_CPP(yes,[ #include <nss.h> #if NSS_VMAJOR >= 3 && NSS_VMINOR >= 2 ---- misc/xmlsec1-1.2.14/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc 2009-10-01 10:28:50.997747312 +0200 -@@ -376,7 +376,7 @@ +diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc +index 2577a1e..cfa0a46 100644 +--- a/win32/Makefile.msvc ++++ b/win32/Makefile.msvc +@@ -388,7 +388,7 @@ APP_LIBS = $(SOLIBS) $(XMLSEC_CRYPTO_SOLIBS) XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib @@ -169,3 +191,6 @@ XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib +-- +2.6.2 + diff --git a/external/libxmlsec/xmlsec1-customkeymanage.patch.1 b/external/libxmlsec/xmlsec1-customkeymanage.patch.1 index d261d73548e3..1c512f6437f4 100644 --- a/external/libxmlsec/xmlsec1-customkeymanage.patch.1 +++ b/external/libxmlsec/xmlsec1-customkeymanage.patch.1 @@ -1,8 +1,17 @@ -From a74ad2cada3cd652f08679d65cb6e1ef3acad21c Mon Sep 17 00:00:00 2001 +From 249eb9792617b159bff3ea7fbc7ee1ef7716f7e4 Mon Sep 17 00:00:00 2001 From: Miklos Vajna <vmiklos@collabora.co.uk> Date: Fri, 4 Mar 2016 16:19:12 +0100 Subject: [PATCH] xmlsec1-customkeymanage.patch +Conflicts: + include/xmlsec/nss/app.h + include/xmlsec/nss/keysstore.h + src/nss/hmac.c + src/nss/keysstore.c + src/nss/pkikeys.c + src/nss/symkeys.c + src/nss/x509.c + src/nss/x509vfy.c --- include/xmlsec/mscrypto/Makefile.am | 1 + include/xmlsec/mscrypto/Makefile.in | 1 + @@ -19,15 +28,15 @@ Subject: [PATCH] xmlsec1-customkeymanage.patch src/nss/Makefile.in | 30 +- src/nss/akmngr.c | 384 +++++++++++ src/nss/hmac.c | 8 +- - src/nss/keysstore.c | 830 ++++++++++++++++-------- + src/nss/keysstore.c | 826 ++++++++++++++++-------- src/nss/keywrapers.c | 1213 +++++++++++++++++++++++++++++++++++ src/nss/pkikeys.c | 51 +- - src/nss/symkeys.c | 717 ++++++++++++++++++++- + src/nss/symkeys.c | 705 +++++++++++++++++++- src/nss/tokens.c | 548 ++++++++++++++++ - src/nss/x509.c | 547 ++++------------ - src/nss/x509vfy.c | 303 +++------ + src/nss/x509.c | 565 ++++------------ + src/nss/x509vfy.c | 292 +++------ win32/Makefile.msvc | 4 + - 23 files changed, 4275 insertions(+), 960 deletions(-) + 23 files changed, 4256 insertions(+), 970 deletions(-) create mode 100644 include/xmlsec/mscrypto/akmngr.h create mode 100644 include/xmlsec/nss/akmngr.h create mode 100644 include/xmlsec/nss/ciphers.h @@ -50,7 +59,7 @@ index 18dff94..44837b6 100644 certkeys.h \ crypto.h \ diff --git a/include/xmlsec/mscrypto/Makefile.in b/include/xmlsec/mscrypto/Makefile.in -index 1570c0f..1d02a06 100644 +index 4bc1320..689971b 100644 --- a/include/xmlsec/mscrypto/Makefile.in +++ b/include/xmlsec/mscrypto/Makefile.in @@ -281,6 +281,7 @@ top_srcdir = @top_srcdir@ @@ -153,7 +162,7 @@ index e352162..997ca7f 100644 install-exec-hook: diff --git a/include/xmlsec/nss/Makefile.in b/include/xmlsec/nss/Makefile.in -index cd99f9d..3fb47cf 100644 +index 4b70b00..815d1da 100644 --- a/include/xmlsec/nss/Makefile.in +++ b/include/xmlsec/nss/Makefile.in @@ -288,6 +288,9 @@ bignum.h \ @@ -229,7 +238,7 @@ index 0000000..8053511 + + diff --git a/include/xmlsec/nss/app.h b/include/xmlsec/nss/app.h -index b78492f..1d85eae 100644 +index 387d34e..d5dc345 100644 --- a/include/xmlsec/nss/app.h +++ b/include/xmlsec/nss/app.h @@ -22,6 +22,9 @@ extern "C" { @@ -239,18 +248,18 @@ index b78492f..1d85eae 100644 +#include <xmlsec/nss/tokens.h> +#include <xmlsec/nss/akmngr.h> + - /** + /******************************************************************** + * * Init/shutdown - */ -@@ -36,6 +39,8 @@ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr - xmlSecKeyPtr key); - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, - const char* uri); -+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, -+ xmlSecNssKeySlotPtr keySlot); - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, - const char* filename, - xmlSecKeyDataType type); +@@ -40,6 +43,8 @@ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlS + xmlSecKeyPtr key); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, + const char* uri); ++XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, ++ xmlSecNssKeySlotPtr keySlot); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, + const char* filename, + xmlSecKeyDataType type); diff --git a/include/xmlsec/nss/ciphers.h b/include/xmlsec/nss/ciphers.h new file mode 100644 index 0000000..607eb1e @@ -293,11 +302,11 @@ index 0000000..607eb1e + + diff --git a/include/xmlsec/nss/keysstore.h b/include/xmlsec/nss/keysstore.h -index 10e6bb3..126f2fb 100644 +index a2cc289..8571f68 100644 --- a/include/xmlsec/nss/keysstore.h +++ b/include/xmlsec/nss/keysstore.h @@ -16,6 +16,8 @@ extern "C" { - #endif /* __cplusplus */ + #endif /* __cplusplus */ #include <xmlsec/xmlsec.h> +#include <xmlsec/keysmngr.h> @@ -306,14 +315,14 @@ index 10e6bb3..126f2fb 100644 /**************************************************************************** * @@ -31,6 +33,8 @@ extern "C" { - XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); - XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, - xmlSecKeyPtr key); -+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, -+ xmlSecNssKeySlotPtr keySlot); - XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, - const char *uri, - xmlSecKeysMngrPtr keysMngr); + XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); + XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, + xmlSecKeyPtr key); ++XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, ++ xmlSecNssKeySlotPtr keySlot); + XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, + const char *uri, + xmlSecKeysMngrPtr keysMngr); diff --git a/include/xmlsec/nss/tokens.h b/include/xmlsec/nss/tokens.h new file mode 100644 index 0000000..444c561 @@ -745,7 +754,7 @@ index 0000000..3bbd124 +} + diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am -index 5209533..d8d3bdc 100644 +index 8cd8586..48a6bf9 100644 --- a/src/nss/Makefile.am +++ b/src/nss/Makefile.am @@ -35,6 +35,9 @@ libxmlsec1_nss_la_SOURCES =\ @@ -759,7 +768,7 @@ index 5209533..d8d3bdc 100644 if SHAREDLIB_HACK diff --git a/src/nss/Makefile.in b/src/nss/Makefile.in -index d6bc31e..50a2cb8 100644 +index d10f05f..7275b4a 100644 --- a/src/nss/Makefile.in +++ b/src/nss/Makefile.in @@ -72,7 +72,8 @@ am__DEPENDENCIES_1 = @@ -788,7 +797,7 @@ index d6bc31e..50a2cb8 100644 + akmngr.c keywrapers.c tokens.c \ $(NULL) $(am__append_1) libxmlsec1_nss_la_LIBADD = \ - ../libxmlsec1.la \ + $(NSS_LIBS) \ @@ -439,6 +443,9 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@ @@ -1218,7 +1227,7 @@ index 0000000..65b94ac +} + diff --git a/src/nss/hmac.c b/src/nss/hmac.c -index 98bf0c1..97dce9d 100644 +index dfe5a53..f6b26fe 100644 --- a/src/nss/hmac.c +++ b/src/nss/hmac.c @@ -23,8 +23,8 @@ @@ -1230,32 +1239,32 @@ index 98bf0c1..97dce9d 100644 +#include <xmlsec/nss/tokens.h> /* sizes in bits */ - #define XMLSEC_NSS_MIN_HMAC_SIZE 80 -@@ -286,13 +286,13 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + #define XMLSEC_NSS_MIN_HMAC_SIZE 80 +@@ -358,13 +358,13 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keyItem.data = xmlSecBufferGetData(buffer); - keyItem.len = xmlSecBufferGetSize(buffer); + keyItem.len = xmlSecBufferGetSize(buffer); - slot = PK11_GetBestSlot(ctx->digestType, NULL); + slot = xmlSecNssSlotGet(ctx->digestType); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- "PK11_GetBestSlot", -+ "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- "PK11_GetBestSlot", ++ "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); } - + diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c -index a583f60..41a6d93 100644 +index f07e44b..e4cb0f1 100644 --- a/src/nss/keysstore.c +++ b/src/nss/keysstore.c @@ -1,36 +1,56 @@ - /** + /** * XMLSec library - * + * - * Nss keys store that uses Simple Keys Store under the hood. Uses the - * Nss DB as a backing store for the finding keys, but the NSS DB is - * not written to by the keys store. @@ -1263,12 +1272,12 @@ index a583f60..41a6d93 100644 - * keys store, the NSS DB is looked up. - * If store is called to adopt a key, that key is not written to the NSS - * DB. -- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate +- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate - * source of keys for xmlsec -- * +- * * This is free software; see Copyright file in the source * distribution for precise wording. - * + * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ + @@ -1309,13 +1318,13 @@ index a583f60..41a6d93 100644 #include <stdlib.h> #include <string.h> - #include <nss.h> --#include <cert.h> - #include <pk11func.h> + #include <nss.h> +-#include <cert.h> + #include <pk11func.h> +#include <prinit.h> - #include <keyhi.h> + #include <keyhi.h> --#include <libxml/tree.h> +-#include <libxml/tree.h> - #include <xmlsec/xmlsec.h> -#include <xmlsec/buffer.h> @@ -1324,7 +1333,7 @@ index a583f60..41a6d93 100644 #include <xmlsec/errors.h> #include <xmlsec/xmltree.h> -@@ -38,81 +58,460 @@ +@@ -38,82 +58,461 @@ #include <xmlsec/nss/crypto.h> #include <xmlsec/nss/keysstore.h> @@ -1337,22 +1346,39 @@ index a583f60..41a6d93 100644 * - * Nss Keys Store. Uses Simple Keys Store under the hood + * Internal NSS key store context - * + * - * Simple Keys Store ptr is located after xmlSecKeyStore + * This context is located after xmlSecKeyStore * ***************************************************************************/ +-#define xmlSecNssKeysStoreSize \ +- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) +- +-#define xmlSecNssKeysStoreGetSS(store) \ +- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ +- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ +- (xmlSecKeyStorePtr*)NULL) +typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; +typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; -+ + +-static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); +-static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); +-static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, +- const xmlChar* name, +- xmlSecKeyInfoCtxPtr keyInfoCtx); +- +-static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { +- sizeof(xmlSecKeyStoreKlass), +- xmlSecNssKeysStoreSize, +struct _xmlSecNssKeysStoreCtx { + xmlSecPtrListPtr keyList ; + xmlSecPtrListPtr slotList ; +} ; -+ - #define xmlSecNssKeysStoreSize \ -- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) -+ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) + +- /* data */ +- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ ++#define xmlSecNssKeysStoreSize \ ++ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) + +#define xmlSecNssKeysStoreGetCtx( data ) \ + ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) @@ -1406,10 +1432,10 @@ index a583f60..41a6d93 100644 + return 0 ; +} --#define xmlSecNssKeysStoreGetSS(store) \ -- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ -- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ -- (xmlSecKeyStorePtr*)NULL) +- /* constructors/destructor */ +- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ +- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ +- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ +int xmlSecNssKeysStoreAdoptKey( + xmlSecKeyStorePtr store , + xmlSecKeyPtr key @@ -1460,7 +1486,11 @@ index a583f60..41a6d93 100644 + + return 0 ; +} -+ + +- /* reserved for the future */ +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ +-}; +/* + * xmlSecKeyStoreInitializeMethod: + * @store: the store. @@ -1494,18 +1524,19 @@ index a583f60..41a6d93 100644 + return 0 ; +} --static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); --static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); --static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, -- const xmlChar* name, -- xmlSecKeyInfoCtxPtr keyInfoCtx); -+/** -+ * + /** +- * xmlSecNssKeysStoreGetKlass: + * +- * The Nss list based keys store klass. + * xmlSecKeyStoreFinalizeMethod: + * @store: the store. -+ * + * +- * Returns: Nss list based keys store klass. + * Keys store specific finalization (destroy) method. -+ */ + */ +-xmlSecKeyStoreId +-xmlSecNssKeysStoreGetKlass(void) { +- return(&xmlSecNssKeysStoreKlass); +void +xmlSecNssKeysStoreFinalize( + xmlSecKeyStorePtr store @@ -1534,11 +1565,12 @@ index a583f60..41a6d93 100644 + xmlSecPtrListDestroy( context->slotList ) ; + context->slotList = NULL ; + } -+} + } --static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { -- sizeof(xmlSecKeyStoreKlass), -- xmlSecNssKeysStoreSize, +-/** +- * xmlSecNssKeysStoreAdoptKey: +- * @store: the pointer to Nss keys store. +- * @key: the pointer to key. +xmlSecKeyPtr +xmlSecNssKeysStoreFindKeyFromSlot( + PK11SlotInfo* slot, @@ -1676,25 +1708,23 @@ index a583f60..41a6d93 100644 + + return(key); +} - -- /* data */ -- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ -- -- /* constructors/destructor */ -- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ -- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ -- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ ++ +/** + * xmlSecKeyStoreFindKeyMethod: + * @store: the store. + * @name: the desired key name. + * @keyInfoCtx: the pointer to key info context. -+ * + * +- * Adds @key to the @store. + * Keys store specific find method. The caller is responsible for destroying + * the returned key using #xmlSecKeyDestroy method. -+ * + * +- * Returns: 0 on success or a negative value if an error occurs. + * Returns the pointer to a key or NULL if key is not found or an error occurs. -+ */ + */ +-int +-xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { +- xmlSecKeyStorePtr *ss; +static xmlSecKeyPtr +xmlSecNssKeysStoreFindKey( + xmlSecKeyStorePtr store , @@ -1720,7 +1750,9 @@ index a583f60..41a6d93 100644 + XMLSEC_ERRORS_NO_MESSAGE ) ; + return NULL ; + } -+ + +- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); +- xmlSecAssert2((key != NULL), -1); + /*- + * Look for key at keyList at first. + */ @@ -1734,10 +1766,9 @@ index a583f60..41a6d93 100644 + } + } -- /* reserved for the future */ -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ --}; +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && +- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); + /*- + * Find the key from slotList + */ @@ -1760,7 +1791,8 @@ index a583f60..41a6d93 100644 + } + } + } -+ + +- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); + /*- + * Create a session key if we can not find the key from keyList and slotList + */ @@ -1794,49 +1826,25 @@ index a583f60..41a6d93 100644 + NULL , + NULL +} ; - - /** - * xmlSecNssKeysStoreGetKlass: - * -- * The Nss list based keys store klass. ++ ++/** ++ * xmlSecNssKeysStoreGetKlass: ++ * + * The simple list based keys store klass. - * -- * Returns: Nss list based keys store klass. - */ - xmlSecKeyStoreId --xmlSecNssKeysStoreGetKlass(void) { -- return(&xmlSecNssKeysStoreKlass); ++ * ++ */ ++xmlSecKeyStoreId +xmlSecNssKeysStoreGetKlass( void ) { + return &xmlSecNssKeysStoreKlass ; } --/** -- * xmlSecNssKeysStoreAdoptKey: -- * @store: the pointer to Nss keys store. -- * @key: the pointer to key. -- * -- * Adds @key to the @store. -- * -- * Returns: 0 on success or a negative value if an error occurs. +/************************** + * Application routines - */ --int --xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { -- xmlSecKeyStorePtr *ss; -- -- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); -- xmlSecAssert2((key != NULL), -1); -- -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && -- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); -- -- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); --} - - /** ++ */ ++ + /** * xmlSecNssKeysStoreLoad: + * @store: the pointer to Nss keys store. @@ -252,234 +651,147 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, */ int @@ -1856,19 +1864,22 @@ index a583f60..41a6d93 100644 + int ret; xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); -- xmlSecAssert2((filename != NULL), -1); -- -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && -- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); +- xmlSecAssert2((filename != NULL), -1); + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; + xmlSecAssert2(filename != NULL, -1); -- return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); --} +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && +- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); + context = xmlSecNssKeysStoreGetCtx( store ) ; + xmlSecAssert2( context != NULL, -1 ); +- return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); +-} ++ list = context->keyList ; ++ xmlSecAssert2( list != NULL, -1 ); ++ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); + -static int -xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { - xmlSecKeyStorePtr *ss; @@ -1877,44 +1888,41 @@ index a583f60..41a6d93 100644 - - ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert2((*ss == NULL), -1); -+ list = context->keyList ; -+ xmlSecAssert2( list != NULL, -1 ); -+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); - +- - *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); - if(*ss == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecError(XMLSEC_ERRORS_HERE, + /* create doc */ + doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); + if(doc == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -- "xmlSecKeyStoreCreate", -+ "xmlSecCreateTree", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "xmlSecSimpleKeysStoreId"); -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); ++ xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +- "xmlSecKeyStoreCreate", ++ "xmlSecCreateTree", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "xmlSecSimpleKeysStoreId"); ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } -- return(0); +- return(0); -} - -static void -xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { - xmlSecKeyStorePtr *ss; -- +- - xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); -- +- - ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert((ss != NULL) && (*ss != NULL)); -- +- - xmlSecKeyStoreDestroy(*ss); -} - --static xmlSecKeyPtr --xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, -- xmlSecKeyInfoCtxPtr keyInfoCtx) { +-static xmlSecKeyPtr +-xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, +- xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyStorePtr* ss; - xmlSecKeyPtr key = NULL; - xmlSecKeyPtr retval = NULL; @@ -1934,48 +1942,48 @@ index a583f60..41a6d93 100644 - - key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); - if (key != NULL) { -- return (key); +- return (key); - } - - /* Try to find the key in the NSS DB, and construct an xmlSecKey. - * we must have a name to lookup keys in NSS DB. - */ - if (name == NULL) { -- goto done; +- goto done; - } + idsList = xmlSecKeyDataIdsGet(); + xmlSecAssert2(idsList != NULL, -1); -- /* what type of key are we looking for? +- /* what type of key are we looking for? - * TBD: For now, we'll look only for public/private keys using the - * name as a cert nickname. Later on, we can attempt to find -- * symmetric keys using PK11_FindFixedKey +- * symmetric keys using PK11_FindFixedKey - */ - keyReq = &(keyInfoCtx->keyReq); -- if (keyReq->keyType & -- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { -- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); -- if (cert == NULL) { -- goto done; -- } +- if (keyReq->keyType & +- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { +- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); +- if (cert == NULL) { +- goto done; +- } + keysSize = xmlSecPtrListGetSize(list); + idsSize = xmlSecPtrListGetSize(idsList); + for(i = 0; i < keysSize; ++i) { + key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); + xmlSecAssert2(key != NULL, -1); -- if (keyReq->keyType & xmlSecKeyDataTypePublic) { -- pubkey = CERT_ExtractPublicKey(cert); -- if (pubkey == NULL) { +- if (keyReq->keyType & xmlSecKeyDataTypePublic) { +- pubkey = CERT_ExtractPublicKey(cert); +- if (pubkey == NULL) { + cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); + if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_ExtractPublicKey", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } + xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_ExtractPublicKey", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, @@ -1983,20 +1991,20 @@ index a583f60..41a6d93 100644 + xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); + xmlFreeDoc(doc); + return(-1); - } + } -- if (keyReq->keyType & xmlSecKeyDataTypePrivate) { -- privkey = PK11_FindKeyByAnyCert(cert, NULL); -- if (privkey == NULL) { +- if (keyReq->keyType & xmlSecKeyDataTypePrivate) { +- privkey = PK11_FindKeyByAnyCert(cert, NULL); +- if (privkey == NULL) { + /* special data key name */ + if(xmlSecKeyGetName(key) != NULL) { + if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "PK11_FindKeyByAnyCert", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; + xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "PK11_FindKeyByAnyCert", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, @@ -2004,162 +2012,162 @@ index a583f60..41a6d93 100644 + xmlSecErrorsSafeString(xmlSecNodeKeyName)); + xmlFreeDoc(doc); + return(-1); - } - } - -- data = xmlSecNssPKIAdoptKey(privkey, pubkey); -- if(data == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssPKIAdoptKey", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- privkey = NULL; -- pubkey = NULL; + } + } + +- data = xmlSecNssPKIAdoptKey(privkey, pubkey); +- if(data == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssPKIAdoptKey", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- privkey = NULL; +- pubkey = NULL; +- +- key = xmlSecKeyCreate(); +- if (key == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyCreate", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return (NULL); +- } + /* create nodes for other keys data */ + for(j = 0; j < idsSize; ++j) { + dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); + xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); -- key = xmlSecKeyCreate(); -- if (key == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyCreate", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return (NULL); +- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); +- if(x509Data == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyDataCreate", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "transform=%s", +- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); +- goto done; - } + if(dataId->dataNodeName == NULL) { + continue; + } -- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); -- if(x509Data == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyDataCreate", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "transform=%s", -- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); -- goto done; -- } +- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); +- if (ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssKeyDataX509AdoptKeyCert", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; +- } +- cert = CERT_DupCertificate(cert); +- if (cert == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_DupCertificate", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; + data = xmlSecKeyGetData(key, dataId); + if(data == NULL) { + continue; -+ } - -- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); -- if (ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssKeyDataX509AdoptKeyCert", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; -- } -- cert = CERT_DupCertificate(cert); -- if (cert == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_DupCertificate", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; ++ } ++ + if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), + "xmlSecAddChild", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(dataId->dataNodeName)); + xmlFreeDoc(doc); + return(-1); -+ } - } - -- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); -+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); - if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssKeyDataX509AdoptCert", -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; ++ } + } + +- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); ++ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); + if (ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssKeyDataX509AdoptCert", ++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ++ "xmlSecKeyInfoCtxInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; + XMLSEC_ERRORS_NO_MESSAGE); + xmlFreeDoc(doc); + return(-1); - } -- cert = NULL; - -- ret = xmlSecKeySetValue(key, data); -- if (ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeySetValue", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); -- goto done; -- } -- data = NULL; + } +- cert = NULL; + +- ret = xmlSecKeySetValue(key, data); +- if (ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeySetValue", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); +- goto done; +- } +- data = NULL; + keyInfoCtx.mode = xmlSecKeyInfoModeWrite; + keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; + keyInfoCtx.keyReq.keyType = type; + keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; -- ret = xmlSecKeyAdoptData(key, x509Data); +- ret = xmlSecKeyAdoptData(key, x509Data); + /* finally write key in the node */ + ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); - if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyAdoptData", + if (ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecKeyAdoptData", + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), + "xmlSecKeyInfoNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; -- } -- x509Data = NULL; + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "data=%s", +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +- goto done; + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecKeyInfoCtxFinalize(&keyInfoCtx); + xmlFreeDoc(doc); + return(-1); -+ } + } +- x509Data = NULL; -- retval = key; -- key = NULL; +- retval = key; +- key = NULL; + xmlSecKeyInfoCtxFinalize(&keyInfoCtx); } -done: - if (cert != NULL) { -- CERT_DestroyCertificate(cert); +- CERT_DestroyCertificate(cert); - } - if (pubkey != NULL) { -- SECKEY_DestroyPublicKey(pubkey); +- SECKEY_DestroyPublicKey(pubkey); - } - if (privkey != NULL) { -- SECKEY_DestroyPrivateKey(privkey); +- SECKEY_DestroyPrivateKey(privkey); - } - if (data != NULL) { -- xmlSecKeyDataDestroy(data); +- xmlSecKeyDataDestroy(data); - } - if (x509Data != NULL) { -- xmlSecKeyDataDestroy(x509Data); +- xmlSecKeyDataDestroy(x509Data); - } - if (key != NULL) { -- xmlSecKeyDestroy(key); +- xmlSecKeyDestroy(key); + /* now write result */ + ret = xmlSaveFormatFile(filename, doc, 1); + if (ret < 0) { @@ -3397,7 +3405,7 @@ index 0000000..ab91f2c +#endif /* XMLSEC_NO_DES */ + diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c -index f854935..2e58afa 100644 +index ae9e29b..9acd317 100644 --- a/src/nss/pkikeys.c +++ b/src/nss/pkikeys.c @@ -24,6 +24,7 @@ @@ -3415,39 +3423,39 @@ index f854935..2e58afa 100644 + ctxDst->privkey = NULL ; + ctxDst->pubkey = NULL ; if (ctxSrc->privkey != NULL) { - ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); - if(ctxDst->privkey == NULL) { + ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); + if(ctxDst->privkey == NULL) { @@ -588,13 +591,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - goto done; + goto done; } - slot = PK11_GetBestSlot(CKM_DSA, NULL); + slot = xmlSecNssSlotGet(CKM_DSA); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "PK11_GetBestSlot", -+ "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - ret = -1; - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "PK11_GetBestSlot", ++ "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + ret = -1; + goto done; } @@ -792,14 +795,14 @@ done: if (slot != NULL) { - PK11_FreeSlot(slot); + PK11_FreeSlot(slot); } - if (ret != 0) { -+ - if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); - } - if (data != NULL) { - xmlSecKeyDataDestroy(data); - } ++ + if (pubkey != NULL) { + SECKEY_DestroyPublicKey(pubkey); + } + if (data != NULL) { + xmlSecKeyDataDestroy(data); + } - } -+ ++ return(ret); } @@ -3456,48 +3464,48 @@ index f854935..2e58afa 100644 ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ ++ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { - /* we can have only private key or public key */ + /* we can have only private key or public key */ @@ -940,7 +943,8 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_ParamGen", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", sizeBits); -+ "size=%d, error code=%d", sizeBits, PORT_GetError()); + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_PQG_ParamGen", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", sizeBits); ++ "size=%d, error code=%d", sizeBits, PORT_GetError()); + ret = -1; - goto done; + goto done; } @@ -950,11 +954,12 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_VerifyParams", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", sizeBits); -+ "size=%d, error code=%d", sizeBits, PORT_GetError()); + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_PQG_VerifyParams", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", sizeBits); ++ "size=%d, error code=%d", sizeBits, PORT_GetError()); + ret = -1; - goto done; + goto done; } - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); + slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, - &pubkey, PR_FALSE, PR_TRUE, NULL); + &pubkey, PR_FALSE, PR_TRUE, NULL); @@ -964,8 +969,9 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - -+ ret = -1; - goto done; + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_GenerateKeyPair", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + ++ ret = -1; + goto done; } @@ -979,6 +985,8 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe - goto done; + goto done; } + privkey = NULL ; @@ -3507,16 +3515,16 @@ index f854935..2e58afa 100644 done: @@ -991,16 +999,13 @@ done: if (pqgVerify != NULL) { - PK11_PQG_DestroyVerify(pqgVerify); + PK11_PQG_DestroyVerify(pqgVerify); } - if (ret == 0) { -- return (0); +- return (0); - } if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); + SECKEY_DestroyPublicKey(pubkey); } if (privkey != NULL) { - SECKEY_DestroyPrivateKey(privkey); + SECKEY_DestroyPrivateKey(privkey); } - return(-1); + return(ret); @@ -3528,25 +3536,25 @@ index f854935..2e58afa 100644 ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ ++ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ if (ctx->privkey != NULL) { - return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); - } else { + } else if( ctx->pubkey != NULL ) { - return(xmlSecKeyDataTypePublic); + return(xmlSecKeyDataTypePublic); } - + @@ -1027,7 +1032,7 @@ xmlSecNssKeyDataDsaGetSize(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ ++ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } @@ -1216,13 +1221,13 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - goto done; + goto done; } - slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); @@ -3567,7 +3575,7 @@ index f854935..2e58afa 100644 ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ ++ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { @@ -3579,18 +3587,18 @@ index f854935..2e58afa 100644 + slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, - &pubkey, PR_FALSE, PR_TRUE, NULL); + &pubkey, PR_FALSE, PR_TRUE, NULL); @@ -1525,7 +1530,7 @@ xmlSecNssKeyDataRsaGetSize(xmlSecKeyDataPtr data) { ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ ++ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c -index fb23f4f..8e5000f 100644 +index 3da7a69..9b4c700 100644 --- a/src/nss/symkeys.c +++ b/src/nss/symkeys.c @@ -15,20 +15,41 @@ @@ -3613,7 +3621,7 @@ index fb23f4f..8e5000f 100644 +#include <xmlsec/nss/tokens.h> /***************************************************************************** - * + * - * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary + * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey * @@ -3633,10 +3641,10 @@ index fb23f4f..8e5000f 100644 +#define xmlSecNssSymKeyDataGetCtx( data ) \ + ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) + - static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); - static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, - xmlSecKeyDataPtr src); -@@ -67,107 +88,743 @@ static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); + static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); + static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +@@ -67,107 +88,743 @@ static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); (xmlSecKeyDataIsValid((data)) && \ xmlSecNssSymKeyDataKlassCheck((data)->id)) @@ -3767,8 +3775,6 @@ index fb23f4f..8e5000f 100644 + xmlSecNssSymKeyDataCtxPtr ctx; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); -- -- return(xmlSecKeyDataBinaryValueInitialize(data)); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); + + ctx = xmlSecNssSymKeyDataGetCtx(data); @@ -3797,7 +3803,8 @@ index fb23f4f..8e5000f 100644 + "Unsupported block cipher" ) ; + return(-1) ; + } -+ + +- return(xmlSecKeyDataBinaryValueInitialize(data)); + return(0); } @@ -3811,9 +3818,8 @@ index fb23f4f..8e5000f 100644 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); xmlSecAssert2(dst->id == src->id, -1); -- + - return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); -+ + ctxDst = xmlSecNssSymKeyDataGetCtx(dst); + xmlSecAssert2(ctxDst != NULL, -1); + @@ -3860,13 +3866,12 @@ index fb23f4f..8e5000f 100644 + xmlSecNssSymKeyDataCtxPtr ctx; + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); -- -- xmlSecKeyDataBinaryValueFinalize(data); + xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); + + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert(ctx != NULL); -+ + +- xmlSecKeyDataBinaryValueFinalize(data); + if( ctx->slot != NULL ) { + PK11_FreeSlot( ctx->slot ) ; + ctx->slot = NULL ; @@ -3882,7 +3887,7 @@ index fb23f4f..8e5000f 100644 static int xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + PK11SymKey* symKey ; + PK11SlotInfo* slot ; @@ -3908,7 +3913,8 @@ index fb23f4f..8e5000f 100644 + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } -+ + +- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + @@ -3999,8 +4005,7 @@ index fb23f4f..8e5000f 100644 + xmlSecKeyDataDestroy( data ) ; + return(0); + } - -- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); ++ + ret = xmlSecKeySetValue(key, data); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, @@ -4015,14 +4020,12 @@ index fb23f4f..8e5000f 100644 + return(0); } - static int + static int xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + PK11SymKey* symKey ; + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -- -- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); @@ -4084,14 +4087,15 @@ index fb23f4f..8e5000f 100644 + xmlSecBufferDestroy(keyBuf); + PK11_FreeSymKey( symKey ) ; + } -+ + +- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); + return 0 ; } static int xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - const xmlSecByte* buf, xmlSecSize bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx) { + const xmlSecByte* buf, xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + PK11SymKey* symKey ; + PK11SlotInfo* slot ; @@ -4131,7 +4135,8 @@ index fb23f4f..8e5000f 100644 + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } -+ + +- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); + /* Wrap the raw key value SECItem */ + keyItem.type = siBuffer ; + keyItem.data = buf ; @@ -4177,8 +4182,7 @@ index fb23f4f..8e5000f 100644 + xmlSecKeyDataDestroy( data ) ; + return(0); + } - -- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); ++ + ret = xmlSecKeySetValue(key, data); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, @@ -4195,8 +4199,8 @@ index fb23f4f..8e5000f 100644 static int xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlSecByte** buf, xmlSecSize* bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecByte** buf, xmlSecSize* bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + PK11SymKey* symKey ; + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); @@ -4248,7 +4252,7 @@ index fb23f4f..8e5000f 100644 + memcpy((*buf), keyItem->data, (*bufSize)); + PK11_FreeSymKey( symKey ) ; + } - + - return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); + return 0 ; } @@ -4266,8 +4270,6 @@ index fb23f4f..8e5000f 100644 - buffer = xmlSecKeyDataBinaryValueGetBuffer(data); - xmlSecAssert2(buffer != NULL, -1); -- -- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + @@ -4311,7 +4313,8 @@ index fb23f4f..8e5000f 100644 + PK11_FreeSlot( slot ) ; + return -1 ; + } -+ + +- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); + if( ctx->slot != NULL ) { + PK11_FreeSlot( ctx->slot ) ; + ctx->slot = NULL ; @@ -4335,9 +4338,7 @@ index fb23f4f..8e5000f 100644 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; - -- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); -- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); ++ + context = xmlSecNssSymKeyDataGetCtx( data ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , @@ -4347,7 +4348,9 @@ index fb23f4f..8e5000f 100644 + XMLSEC_ERRORS_NO_MESSAGE ) ; + return xmlSecKeyDataTypeUnknown ; + } -+ + +- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); +- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); + if( context->symkey != NULL ) { + type |= xmlSecKeyDataTypeSymmetric ; + } else { @@ -4358,7 +4361,7 @@ index fb23f4f..8e5000f 100644 + return type ; } - static xmlSecSize + static xmlSecSize xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { + xmlSecNssSymKeyDataCtxPtr context ; + unsigned int length = 0 ; @@ -4379,16 +4382,16 @@ index fb23f4f..8e5000f 100644 + length = PK11_GetKeyLength( context->symkey ) ; + length *= 8 ; + } - + - return(xmlSecKeyDataBinaryValueGetSize(data)); + return length ; } - static void + static void xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - -- xmlSecKeyDataBinaryValueDebugDump(data, output); + +- xmlSecKeyDataBinaryValueDebugDump(data, output); + /* print only size, everything else is sensitive */ + fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , + xmlSecKeyDataGetSize(data)) ; @@ -4397,15 +4400,14 @@ index fb23f4f..8e5000f 100644 static void xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); -- -- xmlSecKeyDataBinaryValueDebugXmlDump(data, output); -+ + +- xmlSecKeyDataBinaryValueDebugXmlDump(data, output); + /* print only size, everything else is sensitive */ + fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , + xmlSecKeyDataGetSize(data)) ; } - static int + static int @@ -201,7 +858,7 @@ xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { *************************************************************************/ static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { @@ -4988,7 +4990,7 @@ index 0000000..e27d1e4 +} + diff --git a/src/nss/x509.c b/src/nss/x509.c -index aea4012..347c8dd 100644 +index 887c77c..749bbde 100644 --- a/src/nss/x509.c +++ b/src/nss/x509.c @@ -34,7 +34,6 @@ @@ -4999,53 +5001,53 @@ index aea4012..347c8dd 100644 #include <xmlsec/base64.h> #include <xmlsec/errors.h> -@@ -61,33 +60,18 @@ static int xmlSecNssX509DataNodeRead (xmlSecKeyDataPtr data, - static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, - xmlSecKeyPtr key, - xmlSecKeyInfoCtxPtr keyInfoCtx); -@@ -104,9 +88,6 @@ static CERTSignedCrl* xmlSecNssX509CrlBase64DerRead (xmlChar* buf, - xmlSecKeyInfoCtxPtr keyInfoCtx); - static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, - int base64LineWrap); --static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); --static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); --static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); - static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, - FILE* output); - static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, -@@ -752,31 +733,22 @@ static int +@@ -61,33 +60,18 @@ static int xmlSecNssX509DataNodeRead (xmlSecKeyDataPt + static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +-static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, + xmlSecKeyPtr key, + xmlSecKeyInfoCtxPtr keyInfoCtx); +@@ -104,9 +88,6 @@ static CERTSignedCrl* xmlSecNssX509CrlBase64DerRead (xmlChar* buf, + xmlSecKeyInfoCtxPtr keyInfoCtx); + static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, + int base64LineWrap); +-static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); +-static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); +-static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); + static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, + FILE* output); + static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, +@@ -748,31 +729,22 @@ static int xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; + xmlNodePtr cur; + xmlChar* buf; @@ -5054,7 +5056,7 @@ index aea4012..347c8dd 100644 xmlSecSize size, pos; - int content = 0; - int ret; - + xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); @@ -5062,15 +5064,15 @@ index aea4012..347c8dd 100644 - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); - if (content < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecX509DataGetNodeContent", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "content=%d", content); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecX509DataGetNodeContent", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "content=%d", content); +- return(-1); - } else if(content == 0) { -- /* by default we are writing certificates and crls */ -- content = XMLSEC_X509DATA_DEFAULT; +- /* by default we are writing certificates and crls */ +- content = XMLSEC_X509DATA_DEFAULT; + /* todo: flag in ctx remove all existing content */ + if(0) { + xmlNodeSetContent(node, NULL); @@ -5079,121 +5081,120 @@ index aea4012..347c8dd 100644 - /* get x509 data */ data = xmlSecKeyGetData(key, id); if(data == NULL) { - /* no x509 data in the key */ -@@ -796,79 +768,74 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - return(-1); - } - -- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { -- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -+ /* set base64 lines size from context */ -+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); -+ if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509CertificateNodeWrite", -+ "xmlSecNssX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); -- } - } - -- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { -- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); -+ if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509SubjectNameNodeWrite", -+ "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -+ "node=%s", -+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); -+ xmlFree(buf); - return(-1); -- } - } -+ /* todo: add \n around base64 data - from context */ -+ /* todo: add errors check */ -+ xmlNodeSetContent(cur, xmlSecStringCR); -+ xmlNodeSetContent(cur, buf); -+ xmlFree(buf); + /* no x509 data in the key */ +@@ -792,79 +764,74 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + return(-1); + } + +- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { +- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { ++ /* set base64 lines size from context */ ++ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); ++ if(buf == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509CertificateNodeWrite", ++ "xmlSecNssX509CertBase64DerWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); +- } + } + +- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { +- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { ++ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); ++ if(cur == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509SubjectNameNodeWrite", ++ "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); ++ "node=%s", ++ xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); ++ xmlFree(buf); + return(-1); +- } + } ++ /* todo: add \n around base64 data - from context */ ++ /* todo: add errors check */ ++ xmlNodeSetContent(cur, xmlSecStringCR); ++ xmlNodeSetContent(cur, buf); ++ xmlFree(buf); + } -- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { -- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509IssuerSerialNodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } +- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { +- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509IssuerSerialNodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } + /* write crls */ + size = xmlSecNssKeyDataX509GetCrlsSize(data); + for(pos = 0; pos < size; ++pos) { -+ crl = xmlSecNssKeyDataX509GetCrl(data, pos); -+ if(crl == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssKeyDataX509GetCrl", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "pos=%d", pos); -+ return(-1); - } - -- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { -- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509SKINodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -+ /* set base64 lines size from context */ -+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); -+ if(buf == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssX509CrlBase64DerWrite", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); - } -- } ++ crl = xmlSecNssKeyDataX509GetCrl(data, pos); ++ if(crl == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssKeyDataX509GetCrl", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "pos=%d", pos); ++ return(-1); + } +- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { +- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509SKINodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } ++ /* set base64 lines size from context */ ++ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); ++ if(buf == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecNssX509CrlBase64DerWrite", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); + } +- } +- - /* write crls if needed */ - if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { -- size = xmlSecNssKeyDataX509GetCrlsSize(data); -- for(pos = 0; pos < size; ++pos) { -- crl = xmlSecNssKeyDataX509GetCrl(data, pos); -- if(crl == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssKeyDataX509GetCrl", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -- -- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509CRLNodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -- } +- size = xmlSecNssKeyDataX509GetCrlsSize(data); +- for(pos = 0; pos < size; ++pos) { +- crl = xmlSecNssKeyDataX509GetCrl(data, pos); +- if(crl == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssKeyDataX509GetCrl", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } + +- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +- "xmlSecNssX509CRLNodeWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "pos=%d", pos); +- return(-1); +- } + cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); + if(cur == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, @@ -5204,7 +5205,7 @@ index aea4012..347c8dd 100644 + xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlFree(buf); + return(-1); -+ } + } + /* todo: add \n around base64 data - from context */ + /* todo: add errors check */ + xmlNodeSetContent(cur, xmlSecStringCR); @@ -5212,40 +5213,39 @@ index aea4012..347c8dd 100644 } return(0); -@@ -1057,46 +1024,6 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK - return(0); +@@ -1054,46 +1021,6 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK } --static int + static int -xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlChar* buf; - xmlNodePtr cur; -- +- - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); -- +- - /* set base64 lines size from context */ -- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); +- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); - if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509CertBase64DerWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509CertBase64DerWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); - } -- +- - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); - if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); -- xmlFree(buf); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); +- xmlFree(buf); +- return(-1); - } - - /* todo: add \n around base64 data - from context */ @@ -5256,35 +5256,35 @@ index aea4012..347c8dd 100644 - return(0); -} - - static int - xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +-static int + xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; -@@ -1120,19 +1047,13 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK + xmlChar* subject; +@@ -1116,19 +1043,13 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK } subject = xmlNodeGetContent(node); - if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { -- if(subject != NULL) { -- xmlFree(subject); -- } -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +- if(subject != NULL) { +- xmlFree(subject); +- } +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + if(subject == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); -- } -- return(0); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); +- } +- return(0); } cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); -@@ -1169,40 +1090,6 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK - return(0); +@@ -1166,40 +1087,6 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK } --static int + static int -xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlChar* buf = NULL; - xmlNodePtr cur = NULL; @@ -5294,125 +5294,125 @@ index aea4012..347c8dd 100644 - - buf = xmlSecNssX509NameWrite(&(cert->subject)); - if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameWrite(&(cert->subject))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameWrite(&(cert->subject))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); - if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); -- xmlFree(buf); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); +- xmlFree(buf); +- return(-1); - } - xmlSecNodeEncodeAndSetContent(cur, buf); - xmlFree(buf); - return(0); -} - - static int +-static int xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; -@@ -1228,21 +1115,9 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec + xmlNodePtr cur; +@@ -1224,21 +1111,9 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec } cur = xmlSecGetNextElementNode(node->children); - if(cur == NULL) { -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), -- XMLSEC_ERRORS_R_NODE_NOT_FOUND, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); -- return(-1); -- } -- return(0); +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), +- XMLSEC_ERRORS_R_NODE_NOT_FOUND, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); +- return(-1); +- } +- return(0); - } - + /* the first is required node X509IssuerName */ - if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { + if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), -@@ -1336,78 +1211,6 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec - return(0); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), +@@ -1333,78 +1208,6 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec } --static int + static int -xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlNodePtr cur; - xmlNodePtr issuerNameNode; - xmlNodePtr issuerNumberNode; - xmlChar* buf; -- +- - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); - if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); +- return(-1); - } - - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); - if(issuerNameNode == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); +- return(-1); - } - - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); - if(issuerNumberNode == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); +- return(-1); - } - - /* write data */ - buf = xmlSecNssX509NameWrite(&(cert->issuer)); - if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameWrite(&(cert->issuer))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameWrite(&(cert->issuer))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); - } - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); - xmlFree(buf); - - buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); - if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); - } - xmlNodeSetContent(issuerNumberNode, buf); - xmlFree(buf); @@ -5420,36 +5420,36 @@ index aea4012..347c8dd 100644 - return(0); -} - - static int +-static int xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; -@@ -1431,11 +1234,7 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt + xmlChar* ski; +@@ -1427,11 +1230,7 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt } - + ski = xmlNodeGetContent(node); - if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { -- if(ski != NULL) { -- xmlFree(ski); -- } -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +- if(ski != NULL) { +- xmlFree(ski); +- } +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + if(ski == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -@@ -1443,8 +1242,6 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); - return(-1); -- } -- return(0); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +@@ -1439,8 +1238,6 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + return(-1); +- } +- return(0); } cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); -@@ -1479,41 +1276,6 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt - return(0); +@@ -1476,41 +1273,6 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt } --static int + static int -xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlChar *buf = NULL; - xmlNodePtr cur = NULL; @@ -5459,24 +5459,24 @@ index aea4012..347c8dd 100644 - - buf = xmlSecNssX509SKIWrite(cert); - if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509SKIWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509SKIWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); - if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "new_node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); -- xmlFree(buf); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "new_node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); +- xmlFree(buf); +- return(-1); - } - xmlSecNodeEncodeAndSetContent(cur, buf); - xmlFree(buf); @@ -5484,31 +5484,32 @@ index aea4012..347c8dd 100644 - return(0); -} - - static int +-static int xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlChar *content; -@@ -1524,19 +1286,13 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt + CERTSignedCrl* crl; +@@ -1520,19 +1282,13 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); - if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { -- if(content != NULL) { -- xmlFree(content); -- } -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +- if(content != NULL) { +- xmlFree(content); +- } +- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + if(content == NULL){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); -- } -- return(0); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); +- } +- return(0); } crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); -@@ -1556,47 +1312,6 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt +@@ -1552,47 +1308,6 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt } static int @@ -5521,26 +5522,26 @@ index aea4012..347c8dd 100644 - xmlSecAssert2(keyInfoCtx != NULL, -1); - - /* set base64 lines size from context */ -- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); +- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); - if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509CrlBase64DerWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509CrlBase64DerWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); - if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "new_node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509CRL)); -- xmlFree(buf); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "new_node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509CRL)); +- xmlFree(buf); +- return(-1); - } - /* todo: add \n around base64 data - from context */ - /* todo: add errors check */ @@ -5554,55 +5555,54 @@ index aea4012..347c8dd 100644 - -static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, - xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecNssX509DataCtxPtr ctx; -@@ -1604,6 +1319,10 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, - int ret; +@@ -1601,6 +1316,10 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, SECStatus status; PRTime notBefore, notAfter; -+ + + PK11SlotInfo* slot ; + SECKEYPublicKey *pubKey = NULL; + SECKEYPrivateKey *priKey = NULL; - ++ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); xmlSecAssert2(key != NULL, -1); -@@ -1636,10 +1355,14 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } -- -+ + xmlSecAssert2(keyInfoCtx != NULL, -1); +@@ -1632,10 +1351,14 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); ++ "error code=%d", PORT_GetError()); + return(-1); + } + + /*- -+ * Get Public key from cert, which does not always work for sign -+ * action. ++ * Get Public key from cert, which does not always work for sign ++ * action. + * - keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); - if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -1649,6 +1372,54 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -+ */ + keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -1645,6 +1368,54 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } ++ */ + /*- + * I'll search key according to KeyReq. + */ -+ slot = cert->slot ; -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -+ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "PK11_FindPrivateKeyFromCert" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } ++ slot = cert->slot ; ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ++ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "PK11_FindPrivateKeyFromCert" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } + + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { + if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { @@ -5636,10 +5636,10 @@ index aea4012..347c8dd 100644 + return -1 ; + } + /* Modify keyValue get Done */ - - /* verify that the key matches our expectations */ - if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { -@@ -1950,86 +1721,6 @@ xmlSecNssX509CrlBase64DerWrite(CERTSignedCrl* crl, int base64LineWrap) { + + /* verify that the key matches our expectations */ + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { +@@ -1946,108 +1717,6 @@ xmlSecNssX509CrlBase64DerWrite(CERTSignedCrl* crl, int base64LineWrap) { return(res); } @@ -5653,22 +5653,22 @@ index aea4012..347c8dd 100644 - str = CERT_NameToAscii(nm); - if (str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_NameToAscii", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); +- NULL, +- "CERT_NameToAscii", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - - res = xmlStrdup(BAD_CAST str); - if(res == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlStrdup", -- XMLSEC_ERRORS_R_MALLOC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- PORT_Free(str); -- return(NULL); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlStrdup", +- XMLSEC_ERRORS_R_MALLOC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- PORT_Free(str); +- return(NULL); - } - PORT_Free(str); - return(res); @@ -5677,12 +5677,34 @@ index aea4012..347c8dd 100644 -static xmlChar* -xmlSecNssASN1IntegerWrite(SECItem *num) { - xmlChar *res = NULL; -- +- int resLen = 64; /* not more than 64 chars */ +- PRUint64 val = 0; +- unsigned int ii = 0; +- int shift = 0; +- - xmlSecAssert2(num != NULL, NULL); +- xmlSecAssert2(num->type == siBuffer, NULL); +- xmlSecAssert2(num->len <= 9, NULL); +- xmlSecAssert2(num->data != NULL, NULL); - -- /* TODO : to be implemented after -- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed +- /* HACK : to be fixed after +- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed - */ +- for(ii = num->len; ii > 0; --ii, shift += 8) { +- val |= ((PRUint64)num->data[ii - 1]) << shift; +- } +- +- res = (xmlChar*)xmlMalloc(resLen + 1); +- if(res == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlStrdup", +- XMLSEC_ERRORS_R_MALLOC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return (NULL); +- } +- +- PR_snprintf((char*)res, resLen, "%llu", val); - return(res); -} - @@ -5698,36 +5720,36 @@ index aea4012..347c8dd 100644 - - rv = CERT_FindSubjectKeyIDExtension(cert, &ski); - if (rv != SECSuccess) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_FindSubjectKeyIDExtension", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- SECITEM_FreeItem(&ski, PR_FALSE); -- return(NULL); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_FindSubjectKeyIDExtension", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- SECITEM_FreeItem(&ski, PR_FALSE); +- return(NULL); - } - - res = xmlSecBase64Encode(ski.data, ski.len, 0); - if(res == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecBase64Encode", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- SECITEM_FreeItem(&ski, PR_FALSE); -- return(NULL); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecBase64Encode", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- SECITEM_FreeItem(&ski, PR_FALSE); +- return(NULL); - } - SECITEM_FreeItem(&ski, PR_FALSE); -- +- - return(res); -} - - - static void + static void xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { SECItem *sn; diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c -index cfbcaca..63ed439 100644 +index 8a6e97a..d1b2850 100644 --- a/src/nss/x509vfy.c +++ b/src/nss/x509vfy.c @@ -30,6 +30,7 @@ @@ -5738,136 +5760,98 @@ index cfbcaca..63ed439 100644 #include <xmlsec/errors.h> #include <xmlsec/nss/crypto.h> -@@ -61,17 +62,7 @@ struct _xmlSecNssX509StoreCtx { - - static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); - static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); --static int xmlSecNssX509NameStringRead (xmlSecByte **str, -- int *strLen, -- xmlSecByte *res, -- int resLen, -- xmlSecByte delim, -- int ingoreTrailingSpaces); --static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, -- int len); +@@ -70,18 +71,7 @@ struct _xmlSecNssX509StoreCtx { + + static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); + static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); +-static int xmlSecNssX509NameStringRead (xmlSecByte **str, +- int *strLen, +- xmlSecByte *res, +- int resLen, +- xmlSecByte delim, +- int ingoreTrailingSpaces); +-static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, +- int len); - --static void xmlSecNssNumToItem(SECItem *it, unsigned long num); +-static int xmlSecNssNumToItem (SECItem *it, +- PRUint64 num); - -+static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; ++static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { sizeof(xmlSecKeyDataStoreKlass), -@@ -353,40 +344,28 @@ static CERTCertificate* - xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, - xmlChar *issuerSerial, xmlChar *ski) { - CERTCertificate *cert = NULL; -- xmlChar *p = NULL; - CERTName *name = NULL; - SECItem *nameitem = NULL; - PRArenaPool *arena = NULL; - - if (subjectName != NULL) { -- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); -- if (p == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "subject=%s", -- xmlSecErrorsSafeString(subjectName)); -- goto done; -- } -- - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - goto done; - } - -- name = CERT_AsciiToName((char*)p); -+ name = CERT_AsciiToName((char*)subjectName); - if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_AsciiToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - goto done; - } +@@ -362,7 +352,7 @@ xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { + *****************************************************************************/ + static CERTName * + xmlSecNssGetCertName(const xmlChar * name) { +- xmlChar *tmp, *name2; ++ xmlChar *name2; + xmlChar *p; + CERTName *res; -@@ -408,34 +387,23 @@ xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, - if((issuerName != NULL) && (issuerSerial != NULL)) { - CERTIssuerAndSN issuerAndSN; +@@ -387,33 +377,19 @@ xmlSecNssGetCertName(const xmlChar * name) { + memcpy(p, " E=", 13); + } -- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); -- if (p == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "issuer=%s", -- xmlSecErrorsSafeString(issuerName)); -- goto done; -- } +- tmp = xmlSecNssX509NameRead(name2, xmlStrlen(name2)); +- if(tmp == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "name2=\"%s\"", +- xmlSecErrorsSafeString(name2)); +- xmlFree(name2); +- return(NULL); +- } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - goto done; - } +- res = CERT_AsciiToName((char*)tmp); ++ res = CERT_AsciiToName((char*)name2); + if (name == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CERT_AsciiToName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "ascii=\"%s\", error code=%d", +- xmlSecErrorsSafeString((char*)tmp), ++ xmlSecErrorsSafeString((char*)name2), + PORT_GetError()); +- PORT_Free(tmp); + xmlFree(name2); + return(NULL); + } + +- PORT_Free(tmp); + return(res); + } -- name = CERT_AsciiToName((char*)p); -+ name = CERT_AsciiToName((char*)issuerName); - if (name == NULL) { +@@ -511,22 +487,11 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, + issuerAndSN.derIssuer.data = nameitem->data; + issuerAndSN.derIssuer.len = nameitem->len; + +- /* TBD: serial num can be arbitrarily long */ +- if(PR_sscanf((char *)issuerSerial, "%llu", &issuerSN) != 1) { ++ rv = xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ); ++ if(rv < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "CERT_AsciiToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - goto done; - } - -@@ -455,8 +423,15 @@ xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, - issuerAndSN.derIssuer.data = nameitem->data; - issuerAndSN.derIssuer.len = nameitem->len; - -- /* TBD: serial num can be arbitrarily long */ -- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); -+ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, +- "PR_sscanf", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "error code=%d", PR_GetError()); +- SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); +- goto done; +- } +- +- rv = xmlSecNssNumToItem(&issuerAndSN.serialNumber, issuerSN); +- if(rv <= 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssNumToItem", + "xmlSecNssIntegerToItem", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "serial number=%s", -+ xmlSecErrorsSafeString(issuerSerial)); -+ goto done; -+ } - - cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), - &issuerAndSN); -@@ -487,9 +462,6 @@ xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, - } - - done: -- if (p != NULL) { -- PORT_Free(p); -- } - if (arena != NULL) { - PORT_FreeArena(arena, PR_FALSE); - } -@@ -500,176 +472,6 @@ done: + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "error code=%d", PR_GetError()); + SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); +@@ -611,176 +576,6 @@ done: return(cert); } @@ -5880,161 +5864,161 @@ index cfbcaca..63ed439 100644 - int nameLen, valueLen; - - xmlSecAssert2(str != NULL, NULL); -- +- - /* return string should be no longer than input string */ - retval = (xmlSecByte *)PORT_Alloc(len+1); - if(retval == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "PORT_Alloc", -- XMLSEC_ERRORS_R_MALLOC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(NULL); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "PORT_Alloc", +- XMLSEC_ERRORS_R_MALLOC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(NULL); - } - p = retval; -- +- - while(len > 0) { -- /* skip spaces after comma or semicolon */ -- while((len > 0) && isspace(*str)) { -- ++str; --len; -- } +- /* skip spaces after comma or semicolon */ +- while((len > 0) && isspace(*str)) { +- ++str; --len; +- } - -- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); -- if(nameLen < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameStringRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- memcpy(p, name, nameLen); -- p+=nameLen; -- *p++='='; -- if(len > 0) { -- ++str; --len; -- if((*str) == '\"') { -- valueLen = xmlSecNssX509NameStringRead(&str, &len, -- value, sizeof(value), '"', 1); -- if(valueLen < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameStringRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- /* skip spaces before comma or semicolon */ -- while((len > 0) && isspace(*str)) { -- ++str; --len; -- } -- if((len > 0) && ((*str) != ',')) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "comma is expected"); -- goto done; -- } -- if(len > 0) { -- ++str; --len; -- } -- *p++='\"'; -- memcpy(p, value, valueLen); -- p+=valueLen; -- *p++='\"'; -- } else if((*str) == '#') { -- /* TODO: read octect values */ -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "reading octect values is not implemented yet"); -- goto done; -- } else { -- valueLen = xmlSecNssX509NameStringRead(&str, &len, -- value, sizeof(value), ',', 1); -- if(valueLen < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameStringRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- memcpy(p, value, valueLen); -- p+=valueLen; -- if (len > 0) -- *p++=','; -- } -- } else { -- valueLen = 0; -- } -- if(len > 0) { -- ++str; --len; -- } +- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); +- if(nameLen < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameStringRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- memcpy(p, name, nameLen); +- p+=nameLen; +- *p++='='; +- if(len > 0) { +- ++str; --len; +- if((*str) == '\"') { +- valueLen = xmlSecNssX509NameStringRead(&str, &len, +- value, sizeof(value), '"', 1); +- if(valueLen < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameStringRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- /* skip spaces before comma or semicolon */ +- while((len > 0) && isspace(*str)) { +- ++str; --len; +- } +- if((len > 0) && ((*str) != ',')) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "comma is expected"); +- goto done; +- } +- if(len > 0) { +- ++str; --len; +- } +- *p++='\"'; +- memcpy(p, value, valueLen); +- p+=valueLen; +- *p++='\"'; +- } else if((*str) == '#') { +- /* TODO: read octect values */ +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "reading octect values is not implemented yet"); +- goto done; +- } else { +- valueLen = xmlSecNssX509NameStringRead(&str, &len, +- value, sizeof(value), ',', 1); +- if(valueLen < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameStringRead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- goto done; +- } +- memcpy(p, value, valueLen); +- p+=valueLen; +- if (len > 0) +- *p++=','; +- } +- } else { +- valueLen = 0; +- } +- if(len > 0) { +- ++str; --len; +- } - } - - *p = 0; - return(retval); -- +- -done: - PORT_Free(retval); - return (NULL); -} - --static int --xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, -- xmlSecByte *res, int resLen, -- xmlSecByte delim, int ingoreTrailingSpaces) { -- xmlSecByte *p, *q, *nonSpace; +-static int +-xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, +- xmlSecByte *res, int resLen, +- xmlSecByte delim, int ingoreTrailingSpaces) { +- xmlSecByte *p, *q, *nonSpace; - - xmlSecAssert2(str != NULL, -1); - xmlSecAssert2(strLen != NULL, -1); - xmlSecAssert2(res != NULL, -1); -- +- - p = (*str); - nonSpace = q = res; -- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { -- if((*p) != '\\') { -- if(ingoreTrailingSpaces && !isspace(*p)) { -- nonSpace = q; -- } -- *(q++) = *(p++); -- } else { -- ++p; -- nonSpace = q; -- if(xmlSecIsHex((*p))) { -- if((p - (*str) + 1) >= (*strLen)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "two hex digits expected"); -- return(-1); -- } -- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); -- p += 2; -- } else { -- if(((++p) - (*str)) >= (*strLen)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "escaped symbol missed"); -- return(-1); -- } -- *(q++) = *(p++); -- } -- } +- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { +- if((*p) != '\\') { +- if(ingoreTrailingSpaces && !isspace(*p)) { +- nonSpace = q; +- } +- *(q++) = *(p++); +- } else { +- ++p; +- nonSpace = q; +- if(xmlSecIsHex((*p))) { +- if((p - (*str) + 1) >= (*strLen)) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "two hex digits expected"); +- return(-1); +- } +- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); +- p += 2; +- } else { +- if(((++p) - (*str)) >= (*strLen)) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "escaped symbol missed"); +- return(-1); +- } +- *(q++) = *(p++); +- } +- } - } - if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_SIZE, -- "buffer is too small"); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- NULL, +- XMLSEC_ERRORS_R_INVALID_SIZE, +- "buffer is too small"); +- return(-1); - } - (*strLen) -= (p - (*str)); - (*str) = p; @@ -6042,11 +6026,11 @@ index cfbcaca..63ed439 100644 -} - /* code lifted from NSS */ - static void - xmlSecNssNumToItem(SECItem *it, unsigned long ui) -@@ -713,6 +515,77 @@ xmlSecNssNumToItem(SECItem *it, unsigned long ui) - it->len = len; - PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); + static int + xmlSecNssNumToItem(SECItem *it, PRUint64 ui) +@@ -817,6 +612,77 @@ xmlSecNssNumToItem(SECItem *it, PRUint64 ui) + PORT_Memcpy(it->data, bb + (zeros_len - 1), it->len); + return(it->len); } + +static int @@ -6123,10 +6107,10 @@ index cfbcaca..63ed439 100644 diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc -index 9a733d3..c2ab75c 100644 +index 2f4c3e7..601d379 100644 --- a/win32/Makefile.msvc +++ b/win32/Makefile.msvc -@@ -218,6 +218,9 @@ XMLSEC_OPENSSL_OBJS_A = \ +@@ -224,6 +224,9 @@ XMLSEC_OPENSSL_OBJS_A = \ $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj XMLSEC_NSS_OBJS = \ @@ -6136,7 +6120,7 @@ index 9a733d3..c2ab75c 100644 $(XMLSEC_NSS_INTDIR)\app.obj\ $(XMLSEC_NSS_INTDIR)\bignum.obj\ $(XMLSEC_NSS_INTDIR)\ciphers.obj \ -@@ -253,6 +256,7 @@ XMLSEC_NSS_OBJS_A = \ +@@ -259,6 +262,7 @@ XMLSEC_NSS_OBJS_A = \ $(XMLSEC_NSS_INTDIR_A)\strings.obj XMLSEC_MSCRYPTO_OBJS = \ diff --git a/external/libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch b/external/libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch.1 index 8c6349a63c5f..72ba2693f7b7 100644 --- a/external/libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch +++ b/external/libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch.1 @@ -1,26 +1,42 @@ ---- misc/xmlsec1-1.2.14/src/mscrypto/Makefile.am 2009-06-26 05:53:18.000000000 +0900 -+++ misc/build/xmlsec1-1.2.14/src/mscrypto/Makefile.am 2009-09-30 18:53:05.373000000 +0900 -@@ -35,6 +35,7 @@ +From 26f650d3eb4b0c633d1dc44c7180aff836ee13b5 Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:11:52 +0100 +Subject: [PATCH 07/14] xmlsec1-mingw-keymgr-mscrypto.patch + +Conflicts: + src/mscrypto/Makefile.in +--- + src/mscrypto/Makefile.am | 1 + + src/mscrypto/Makefile.in | 15 +++++++++++++-- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/mscrypto/Makefile.am b/src/mscrypto/Makefile.am +index 1099e3f..ccb9715 100644 +--- a/src/mscrypto/Makefile.am ++++ b/src/mscrypto/Makefile.am +@@ -37,6 +37,7 @@ libxmlsec1_mscrypto_la_SOURCES =\ + csp_calg.h \ csp_oid.h \ - globals.h \ xmlsec-mingw.h \ + akmngr.c \ $(NULL) if SHAREDLIB_HACK ---- misc/xmlsec1-1.2.14/src/mscrypto/Makefile.in 2009-06-26 05:53:32.000000000 +0900 -+++ misc/build/xmlsec1-1.2.14/src/mscrypto/Makefile.in 2009-09-30 19:00:50.107375000 +0900 -@@ -72,7 +72,8 @@ - am__libxmlsec1_mscrypto_la_SOURCES_DIST = app.c certkeys.c ciphers.c \ - crypto.c digests.c keysstore.c kt_rsa.c signatures.c symkeys.c \ - x509.c x509vfy.c csp_calg.h csp_oid.h globals.h xmlsec-mingw.h \ -- ../strings.c -+ ../strings.c \ +diff --git a/src/mscrypto/Makefile.in b/src/mscrypto/Makefile.in +index e3d1607..4336fe0 100644 +--- a/src/mscrypto/Makefile.in ++++ b/src/mscrypto/Makefile.in +@@ -72,7 +72,8 @@ am__DEPENDENCIES_1 = + am__libxmlsec1_mscrypto_la_SOURCES_DIST = globals.h private.h app.c \ + certkeys.c ciphers.c crypto.c digests.c hmac.c keysstore.c \ + kt_rsa.c signatures.c symkeys.c x509.c x509vfy.c csp_calg.h \ +- csp_oid.h xmlsec-mingw.h ../strings.c ++ csp_oid.h xmlsec-mingw.h ../strings.c \ + akmngr.c am__objects_1 = @SHAREDLIB_HACK_TRUE@am__objects_2 = \ @SHAREDLIB_HACK_TRUE@ libxmlsec1_mscrypto_la-strings.lo -@@ -86,7 +87,8 @@ +@@ -87,7 +88,8 @@ am_libxmlsec1_mscrypto_la_OBJECTS = libxmlsec1_mscrypto_la-app.lo \ libxmlsec1_mscrypto_la-signatures.lo \ libxmlsec1_mscrypto_la-symkeys.lo \ libxmlsec1_mscrypto_la-x509.lo \ @@ -30,15 +46,15 @@ $(am__objects_2) libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS) libxmlsec1_mscrypto_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -@@ -338,6 +340,7 @@ - libxmlsec1_mscrypto_la_SOURCES = app.c certkeys.c ciphers.c crypto.c \ - digests.c keysstore.c kt_rsa.c signatures.c symkeys.c x509.c \ - x509vfy.c csp_calg.h csp_oid.h globals.h xmlsec-mingw.h \ +@@ -339,6 +341,7 @@ libxmlsec1_mscrypto_la_CPPFLAGS = \ + libxmlsec1_mscrypto_la_SOURCES = globals.h private.h app.c certkeys.c \ + ciphers.c crypto.c digests.c hmac.c keysstore.c kt_rsa.c \ + signatures.c symkeys.c x509.c x509vfy.c csp_calg.h csp_oid.h \ + akmngr.c \ - $(NULL) $(am__append_1) + xmlsec-mingw.h $(NULL) $(am__append_1) libxmlsec1_mscrypto_la_LIBADD = \ ../libxmlsec1.la \ -@@ -441,6 +444,7 @@ +@@ -443,6 +446,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Plo@am__quote@ @@ -46,17 +62,20 @@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@@ -470,6 +474,13 @@ +@@ -472,6 +476,13 @@ libxmlsec1_mscrypto_la-app.lo: app.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c +libxmlsec1_mscrypto_la-akmngr.lo: akmngr.c -+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo" -c -o libxmlsec1_mscrypto_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \ -+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo"; exit 1; fi ++@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-akmngr.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo -c -o libxmlsec1_mscrypto_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c ++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-akmngr.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_mscrypto_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c ++@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c + libxmlsec1_mscrypto_la-certkeys.lo: certkeys.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-certkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo -c -o libxmlsec1_mscrypto_la-certkeys.lo `test -f 'certkeys.c' || echo '$(srcdir)/'`certkeys.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Plo +-- +2.6.2 + diff --git a/external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 b/external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 deleted file mode 100644 index 8855ab12684f..000000000000 --- a/external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 +++ /dev/null @@ -1,388 +0,0 @@ -From 6240557e4429a4bb6be19a0e27479a5a0df9fa34 Mon Sep 17 00:00:00 2001 -From: Miklos Vajna <vmiklos@collabora.co.uk> -Date: Tue, 2 Feb 2016 15:49:10 +0100 -Subject: [PATCH] mscrypto glue layer: add SHA-256 support - ---- - include/xmlsec/mscrypto/crypto.h | 27 ++++++++ - src/mscrypto/certkeys.c | 2 +- - src/mscrypto/crypto.c | 4 ++ - src/mscrypto/digests.c | 70 +++++++++++++++++++++ - src/mscrypto/signatures.c | 130 +++++++++++++++++++++++++++++++++++++++ - 5 files changed, 232 insertions(+), 1 deletion(-) - -diff --git a/include/xmlsec/mscrypto/crypto.h b/include/xmlsec/mscrypto/crypto.h -index 28d792a..96aaa78 100644 ---- a/include/xmlsec/mscrypto/crypto.h -+++ b/include/xmlsec/mscrypto/crypto.h -@@ -133,6 +133,16 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataRsaGetKlass(void); - XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha1GetKlass(void); - - /** -+ * xmlSecMSCryptoTransformRsaSha256Id: -+ * -+ * The RSA-SHA256 signature transform klass. -+ */ -+ -+#define xmlSecMSCryptoTransformRsaSha256Id \ -+ xmlSecMSCryptoTransformRsaSha256GetKlass() -+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha256GetKlass(void); -+ -+/** - * xmlSecMSCryptoTransformRsaPkcs1Id: - * - * The RSA PKCS1 key transport transform klass. -@@ -172,6 +182,23 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha1GetKlass(void) - - /******************************************************************** - * -+ * SHA256 transform -+ * -+ *******************************************************************/ -+#ifndef XMLSEC_NO_SHA256 -+ -+/** -+ * xmlSecMSCryptoTransformSha256Id: -+ * -+ * The SHA256 digest transform klass. -+ */ -+#define xmlSecMSCryptoTransformSha256Id \ -+ xmlSecMSCryptoTransformSha256GetKlass() -+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha256GetKlass(void); -+#endif /* XMLSEC_NO_SHA256 */ -+ -+/******************************************************************** -+ * - * GOSTR3411_94 transform - * - *******************************************************************/ -diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c -index 73a6c26..e0b4f47 100644 ---- a/src/mscrypto/certkeys.c -+++ b/src/mscrypto/certkeys.c -@@ -1009,7 +1009,7 @@ xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data) { - xmlSecAssert2(ctx != NULL, -1); - - ctx->providerName = MS_ENHANCED_PROV; -- ctx->providerType = PROV_RSA_FULL; -+ ctx->providerType = PROV_RSA_AES; - - return(0); - } -diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c -index d60d3c6..b2fde85 100644 ---- a/src/mscrypto/crypto.c -+++ b/src/mscrypto/crypto.c -@@ -105,6 +105,7 @@ xmlSecCryptoGetFunctions_mscrypto(void) { - - #ifndef XMLSEC_NO_RSA - gXmlSecMSCryptoFunctions->transformRsaSha1GetKlass = xmlSecMSCryptoTransformRsaSha1GetKlass; -+ gXmlSecMSCryptoFunctions->transformRsaSha256GetKlass = xmlSecMSCryptoTransformRsaSha256GetKlass; - gXmlSecMSCryptoFunctions->transformRsaPkcs1GetKlass = xmlSecMSCryptoTransformRsaPkcs1GetKlass; - #endif /* XMLSEC_NO_RSA */ - -@@ -119,6 +120,9 @@ xmlSecCryptoGetFunctions_mscrypto(void) { - #ifndef XMLSEC_NO_SHA1 - gXmlSecMSCryptoFunctions->transformSha1GetKlass = xmlSecMSCryptoTransformSha1GetKlass; - #endif /* XMLSEC_NO_SHA1 */ -+#ifndef XMLSEC_NO_SHA256 -+ gXmlSecMSCryptoFunctions->transformSha256GetKlass = xmlSecMSCryptoTransformSha256GetKlass; -+#endif /* XMLSEC_NO_SHA256 */ - - #ifndef XMLSEC_NO_GOST - gXmlSecMSCryptoFunctions->transformGostR3411_94GetKlass = xmlSecMSCryptoTransformGostR3411_94GetKlass; -diff --git a/src/mscrypto/digests.c b/src/mscrypto/digests.c -index 19acc65..2b466b7 100644 ---- a/src/mscrypto/digests.c -+++ b/src/mscrypto/digests.c -@@ -66,6 +66,11 @@ xmlSecMSCryptoDigestCheckId(xmlSecTransformPtr transform) { - return(1); - } - #endif /* XMLSEC_NO_SHA1 */ -+#ifndef XMLSEC_NO_SHA256 -+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) { -+ return(1); -+ } -+#endif /* XMLSEC_NO_SHA256 */ - - #ifndef XMLSEC_NO_GOST - if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) { -@@ -94,6 +99,11 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) { - ctx->alg_id = CALG_SHA; - } else - #endif /* XMLSEC_NO_SHA1 */ -+#ifndef XMLSEC_NO_SHA256 -+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) { -+ ctx->alg_id = CALG_SHA_256; -+ } else -+#endif /* XMLSEC_NO_SHA256 */ - - #ifndef XMLSEC_NO_GOST - if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) { -@@ -124,6 +134,8 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) { - } - - /* TODO: Check what provider is best suited here.... */ -+ if (ctx->alg_id != CALG_SHA_256) -+ { - if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV,PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -134,6 +146,20 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) { - return(-1); - } - } -+ } -+ else -+ { -+ // SHA-256 -+ if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) -+ { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ "CryptAcquireContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ } - - return(0); - } -@@ -367,6 +393,50 @@ xmlSecMSCryptoTransformSha1GetKlass(void) { - } - #endif /* XMLSEC_NO_SHA1 */ - -+#ifndef XMLSEC_NO_SHA256 -+/****************************************************************************** -+ * -+ * SHA256 -+ * -+ *****************************************************************************/ -+static xmlSecTransformKlass xmlSecMSCryptoSha256Klass = { -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* size_t klassSize */ -+ xmlSecMSCryptoDigestSize, /* size_t objSize */ -+ -+ xmlSecNameSha256, /* const xmlChar* name; */ -+ xmlSecHrefSha256, /* const xmlChar* href; */ -+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ -+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ -+ NULL, /* xmlSecTransformSetKeyMethod setKey; */ -+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecMSCryptoTransformSha256GetKlass: -+ * -+ * SHA-256 digest transform klass. -+ * -+ * Returns: pointer to SHA-256 digest transform klass. -+ */ -+xmlSecTransformId -+xmlSecMSCryptoTransformSha256GetKlass(void) { -+ return(&xmlSecMSCryptoSha256Klass); -+} -+#endif /* XMLSEC_NO_SHA256 */ -+ - #ifndef XMLSEC_NO_GOST - /****************************************************************************** - * -diff --git a/src/mscrypto/signatures.c b/src/mscrypto/signatures.c -index a567db7..34c17bb 100644 ---- a/src/mscrypto/signatures.c -+++ b/src/mscrypto/signatures.c -@@ -97,6 +97,9 @@ static int xmlSecMSCryptoSignatureCheckId(xmlSecTransformPtr transform) { - if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) { - return(1); - } -+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) { -+ return(1); -+ } - #endif /* XMLSEC_NO_RSA */ - - return(0); -@@ -118,6 +121,10 @@ static int xmlSecMSCryptoSignatureInitialize(xmlSecTransformPtr transform) { - ctx->digestAlgId = CALG_SHA1; - ctx->keyId = xmlSecMSCryptoKeyDataRsaId; - } else -+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) { -+ ctx->digestAlgId = CALG_SHA_256; -+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId; -+ } else - #endif /* XMLSEC_NO_RSA */ - - #ifndef XMLSEC_NO_GOST -@@ -282,6 +289,12 @@ static int xmlSecMSCryptoSignatureVerify(xmlSecTransformPtr transform, - while (l >= tmpBuf) { - *l-- = *j++; - } -+ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) { -+ j = (BYTE *)data; -+ l = tmpBuf + dataSize - 1; -+ while (l >= tmpBuf) { -+ *l-- = *j++; -+ } - } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -@@ -372,6 +385,68 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra - XMLSEC_ERRORS_NO_MESSAGE); - return (-1); - } -+ -+ if (transform->operation == xmlSecTransformOperationSign && ctx->digestAlgId == CALG_SHA_256) -+ { -+ /* CryptCreateHash() would fail with NTE_BAD_ALGID, as hProv is of -+ * type PROV_RSA_FULL, not PROV_RSA_AES. */ -+ -+ DWORD dwDataLen; -+ xmlSecSize nameSize; -+ xmlSecBuffer nameBuffer; -+ BYTE* nameData; -+ -+ if (!CryptGetProvParam(hProv, PP_CONTAINER, NULL, &dwDataLen, 0)) -+ { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ "CryptGetProvParam", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return -1; -+ } -+ -+ nameSize = (xmlSecSize)dwDataLen; -+ ret = xmlSecBufferInitialize(&nameBuffer, nameSize); -+ if (ret < 0) -+ { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ "mlSecBufferInitialize", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "size=%d", nameSize); -+ return -1; -+ } -+ -+ nameData = xmlSecBufferGetData(&nameBuffer); -+ if (!CryptGetProvParam(hProv, PP_CONTAINER, nameData, &dwDataLen, 0)) -+ { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ "CryptGetProvParam", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecBufferFinalize(&nameBuffer); -+ return -1; -+ } -+ -+ HCRYPTPROV hCryptProv; -+ if (!CryptAcquireContext(&hCryptProv, nameData, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_SILENT)) -+ { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ "CryptAcquireContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecBufferFinalize(&nameBuffer); -+ return -1; -+ } -+ xmlSecBufferFinalize(&nameBuffer); -+ -+ hProv = hCryptProv; -+ } -+ -+ - if (!CryptCreateHash(hProv, ctx->digestAlgId, 0, 0, &(ctx->mscHash))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, -@@ -445,6 +520,10 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra - xmlSecBufferFinalize(&tmp); - return(-1); - } -+ -+ if (ctx->digestAlgId == CALG_SHA_256) -+ CryptReleaseContext(hProv, 0); -+ - outSize = (xmlSecSize)dwSigLen; - - ret = xmlSecBufferSetSize(out, outSize); -@@ -487,6 +566,13 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra - while (j >= outBuf) { - *j-- = *i++; - } -+ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) { -+ i = tmpBuf; -+ j = outBuf + dwSigLen - 1; -+ -+ while (j >= outBuf) { -+ *j-- = *i++; -+ } - } else { - /* We shouldn't get at this place */ - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -563,6 +649,50 @@ xmlSecMSCryptoTransformRsaSha1GetKlass(void) { - return(&xmlSecMSCryptoRsaSha1Klass); - } - -+/**************************************************************************** -+ * -+ * RSA-SHA256 signature transform -+ * -+ ***************************************************************************/ -+static xmlSecTransformKlass xmlSecMSCryptoRsaSha256Klass = { -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameRsaSha256, /* const xmlChar* name; */ -+ xmlSecHrefRsaSha256, /* const xmlChar* href; */ -+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ -+ -+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ -+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecMSCryptoTransformRsaSha256GetKlass: -+ * -+ * The RSA-SHA1 signature transform klass. -+ * -+ * Returns: RSA-SHA1 signature transform klass. -+ */ -+xmlSecTransformId -+xmlSecMSCryptoTransformRsaSha256GetKlass(void) { -+ return(&xmlSecMSCryptoRsaSha256Klass); -+} -+ - #endif /* XMLSEC_NO_RSA */ - - #ifndef XMLSEC_NO_DSA --- -2.4.5 - diff --git a/external/libxmlsec/xmlsec1-noverify.patch b/external/libxmlsec/xmlsec1-noverify.patch.1 index d483cb85bbc7..ddb405e32376 100644 --- a/external/libxmlsec/xmlsec1-noverify.patch +++ b/external/libxmlsec/xmlsec1-noverify.patch.1 @@ -1,7 +1,21 @@ ---- misc/xmlsec1-1.2.14/src/mscrypto/x509vfy.c 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/src/mscrypto/x509vfy.c 2009-09-23 10:01:07.237316078 +0200 -@@ -567,9 +567,16 @@ - CertFreeCertificateContext(nextCert); +From 9a28fa3b996be34b72548456c9877a9e0e0460ab Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:10:16 +0100 +Subject: [PATCH 06/14] xmlsec1-noverify.patch + +Conflicts: + src/nss/x509vfy.c +--- + src/mscrypto/x509vfy.c | 13 ++++++++++--- + src/nss/x509vfy.c | 28 +++++++++++++++++++++------- + 2 files changed, 31 insertions(+), 10 deletions(-) + +diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c +index ab6fe0f..5a91bdf 100644 +--- a/src/mscrypto/x509vfy.c ++++ b/src/mscrypto/x509vfy.c +@@ -564,9 +564,16 @@ xmlSecMSCryptoX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs, + CertFreeCertificateContext(nextCert); } - if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { @@ -20,21 +34,23 @@ } return (NULL); ---- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-23 10:06:52.989793254 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-23 10:05:03.183042205 +0200 -@@ -191,13 +191,27 @@ - continue; - } +diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c +index fdb866f..8a6e97a 100644 +--- a/src/nss/x509vfy.c ++++ b/src/nss/x509vfy.c +@@ -211,13 +211,27 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, + continue; + } -- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), -- cert, PR_FALSE, -- (SECCertificateUsage)0, -- timeboundary , NULL, NULL, NULL); -- if (status == SECSuccess) { -- break; -- } +- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), +- cert, PR_FALSE, +- (SECCertificateUsage)0, +- timeboundary , NULL, NULL, NULL); +- if (status == SECSuccess) { +- break; +- } + -+ /* ++ /* + JL: OpenOffice.org implements its own certificate verification routine. + The goal is to separate validation of the signature + and the certificate. For example, OOo could show that the document signature is valid, @@ -49,11 +65,14 @@ + if (status == SECSuccess) { + break; + } -+ ++ + */ -+ status = SECSuccess; -+ break; ++ status = SECSuccess; ++ break; + } if (status == SECSuccess) { +-- +2.6.2 + diff --git a/external/libxmlsec/xmlsec1-nss-sha256.patch.1 b/external/libxmlsec/xmlsec1-nss-sha256.patch.1 deleted file mode 100644 index 051f0d55a2a0..000000000000 --- a/external/libxmlsec/xmlsec1-nss-sha256.patch.1 +++ /dev/null @@ -1,237 +0,0 @@ -From 04101dc871b13cba28d520fd00caf2d96b2e4c72 Mon Sep 17 00:00:00 2001 -From: Miklos Vajna <vmiklos@collabora.co.uk> -Date: Mon, 25 Jan 2016 11:24:01 +0100 -Subject: [PATCH] NSS glue layer: add SHA-256 support - ---- - include/xmlsec/nss/crypto.h | 25 ++++++++++++++++++++ - src/nss/crypto.c | 4 ++++ - src/nss/digests.c | 57 +++++++++++++++++++++++++++++++++++++++++++++ - src/nss/signatures.c | 51 ++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 137 insertions(+) - -diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h -index 42ba6ca..707f8d9 100644 ---- a/include/xmlsec/nss/crypto.h -+++ b/include/xmlsec/nss/crypto.h -@@ -263,6 +263,15 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecNssKeyDataRsaGetKlass (void); - XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaSha1GetKlass(void); - - /** -+ * xmlSecNssTransformRsaSha256Id: -+ * -+ * The RSA-SHA256 signature transform klass. -+ */ -+#define xmlSecNssTransformRsaSha256Id \ -+ xmlSecNssTransformRsaSha256GetKlass() -+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaSha256GetKlass(void); -+ -+/** - * xmlSecNssTransformRsaPkcs1Id: - * - * The RSA PKCS1 key transport transform klass. -@@ -304,6 +313,22 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void); - XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha1GetKlass (void); - #endif /* XMLSEC_NO_SHA1 */ - -+/******************************************************************** -+ * -+ * SHA256 transform -+ * -+ *******************************************************************/ -+#ifndef XMLSEC_NO_SHA256 -+/** -+ * xmlSecNssTransformSha256Id: -+ * -+ * The SHA256 digest transform klass. -+ */ -+#define xmlSecNssTransformSha256Id \ -+ xmlSecNssTransformSha256GetKlass() -+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha256GetKlass (void); -+#endif /* XMLSEC_NO_SHA256 */ -+ - #ifdef __cplusplus - } - #endif /* __cplusplus */ -diff --git a/src/nss/crypto.c b/src/nss/crypto.c -index 0495165..33f17cc 100644 ---- a/src/nss/crypto.c -+++ b/src/nss/crypto.c -@@ -120,6 +120,7 @@ xmlSecCryptoGetFunctions_nss(void) { - - #ifndef XMLSEC_NO_RSA - gXmlSecNssFunctions->transformRsaSha1GetKlass = xmlSecNssTransformRsaSha1GetKlass; -+ gXmlSecNssFunctions->transformRsaSha256GetKlass = xmlSecNssTransformRsaSha256GetKlass; - gXmlSecNssFunctions->transformRsaPkcs1GetKlass = xmlSecNssTransformRsaPkcs1GetKlass; - - /* RSA OAEP is not supported by NSS yet */ -@@ -132,6 +133,9 @@ xmlSecCryptoGetFunctions_nss(void) { - #ifndef XMLSEC_NO_SHA1 - gXmlSecNssFunctions->transformSha1GetKlass = xmlSecNssTransformSha1GetKlass; - #endif /* XMLSEC_NO_SHA1 */ -+#ifndef XMLSEC_NO_SHA256 -+ gXmlSecNssFunctions->transformSha256GetKlass = xmlSecNssTransformSha256GetKlass; -+#endif /* XMLSEC_NO_SHA256 */ - - /** - * High level routines form xmlsec command line utility -diff --git a/src/nss/digests.c b/src/nss/digests.c -index 5a1db91..0c4657c 100644 ---- a/src/nss/digests.c -+++ b/src/nss/digests.c -@@ -70,6 +70,11 @@ xmlSecNssDigestCheckId(xmlSecTransformPtr transform) { - return(1); - } - #endif /* XMLSEC_NO_SHA1 */ -+#ifndef XMLSEC_NO_SHA256 -+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) { -+ return(1); -+ } -+#endif /* XMLSEC_NO_SHA256 */ - - return(0); - } -@@ -92,6 +97,11 @@ xmlSecNssDigestInitialize(xmlSecTransformPtr transform) { - ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA1); - } else - #endif /* XMLSEC_NO_SHA1 */ -+#ifndef XMLSEC_NO_SHA256 -+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) { -+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA256); -+ } else -+#endif /* XMLSEC_NO_SHA256 */ - - if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -327,5 +337,52 @@ xmlSecNssTransformSha1GetKlass(void) { - } - #endif /* XMLSEC_NO_SHA1 */ - -+#ifndef XMLSEC_NO_SHA256 -+/****************************************************************************** -+ * -+ * SHA256 Digest transforms -+ * -+ *****************************************************************************/ -+static xmlSecTransformKlass xmlSecNssSha256Klass = { -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssDigestSize, /* xmlSecSize objSize */ -+ -+ /* data */ -+ xmlSecNameSha256, /* const xmlChar* name; */ -+ xmlSecHrefSha256, /* const xmlChar* href; */ -+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ -+ -+ /* methods */ -+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ -+ NULL, /* xmlSecTransformSetKeyMethod setKey; */ -+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformSha256GetKlass: -+ * -+ * SHA-256 digest transform klass. -+ * -+ * Returns: pointer to SHA-256 digest transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformSha256GetKlass(void) { -+ return(&xmlSecNssSha256Klass); -+} -+#endif /* XMLSEC_NO_SHA256 */ - - -diff --git a/src/nss/signatures.c b/src/nss/signatures.c -index 3c9639c..fb58403 100644 ---- a/src/nss/signatures.c -+++ b/src/nss/signatures.c -@@ -87,6 +87,9 @@ xmlSecNssSignatureCheckId(xmlSecTransformPtr transform) { - if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha1Id)) { - return(1); - } -+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) { -+ return(1); -+ } - #endif /* XMLSEC_NO_RSA */ - - return(0); -@@ -123,6 +126,10 @@ xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) { - ctx->keyId = xmlSecNssKeyDataRsaId; - ctx->alg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; - } else -+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) { -+ ctx->keyId = xmlSecNssKeyDataRsaId; -+ ctx->alg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; -+ } else - #endif /* XMLSEC_NO_RSA */ - if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -545,6 +552,50 @@ xmlSecNssTransformRsaSha1GetKlass(void) { - return(&xmlSecNssRsaSha1Klass); - } - -+/**************************************************************************** -+ * -+ * RSA-SHA256 signature transform -+ * -+ ***************************************************************************/ -+static xmlSecTransformKlass xmlSecNssRsaSha256Klass = { -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssSignatureSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameRsaSha256, /* const xmlChar* name; */ -+ xmlSecHrefRsaSha256, /* const xmlChar* href; */ -+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ -+ -+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ -+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformRsaSha256GetKlass: -+ * -+ * The RSA-SHA256 signature transform klass. -+ * -+ * Returns: RSA-SHA256 signature transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformRsaSha256GetKlass(void) { -+ return(&xmlSecNssRsaSha256Klass); -+} -+ - #endif /* XMLSEC_NO_DSA */ - - --- -2.6.2 - diff --git a/external/libxmlsec/xmlsec1-nssdisablecallbacks.patch b/external/libxmlsec/xmlsec1-nssdisablecallbacks.patch deleted file mode 100644 index c6ed83a2c54d..000000000000 --- a/external/libxmlsec/xmlsec1-nssdisablecallbacks.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- misc/xmlsec1-1.2.14.orig/src/nss/crypto.c 2009-09-10 07:06:17.000000000 -0400 -+++ misc/build/xmlsec1-1.2.14/src/nss/crypto.c 2009-09-10 07:08:24.000000000 -0400 -@@ -136,6 +136,7 @@ - /** - * High level routines form xmlsec command line utility - */ -+#if 0 - gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit; - gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown; - gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit; -@@ -153,6 +154,25 @@ - gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; - gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; - gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback(); -+#else -+ gXmlSecNssFunctions->cryptoAppInit = NULL ; -+ gXmlSecNssFunctions->cryptoAppShutdown = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ; -+#ifndef XMLSEC_NO_X509 -+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ; -+ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ; -+ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ; -+#endif /* XMLSEC_NO_X509 */ -+ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ; -+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ; -+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ; -+#endif - - return(gXmlSecNssFunctions); - } diff --git a/external/libxmlsec/xmlsec1-nssdisablecallbacks.patch.1 b/external/libxmlsec/xmlsec1-nssdisablecallbacks.patch.1 new file mode 100644 index 000000000000..f13030474b61 --- /dev/null +++ b/external/libxmlsec/xmlsec1-nssdisablecallbacks.patch.1 @@ -0,0 +1,52 @@ +From 8b86c6ee388008ab5ab9afd8807e869db0e420e4 Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:09:10 +0100 +Subject: [PATCH 04/14] xmlsec1-nssdisablecallbacks.patch + +Conflicts: + src/nss/crypto.c +--- + src/nss/crypto.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/src/nss/crypto.c b/src/nss/crypto.c +index 7137f1c..7a59575 100644 +--- a/src/nss/crypto.c ++++ b/src/nss/crypto.c +@@ -214,6 +214,7 @@ xmlSecCryptoGetFunctions_nss(void) { + * High level routines form xmlsec command line utility + * + ********************************************************************/ ++#if 0 + gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit; + gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit; +@@ -231,6 +232,25 @@ xmlSecCryptoGetFunctions_nss(void) { + gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; + gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; + gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback(); ++#else ++ gXmlSecNssFunctions->cryptoAppInit = NULL; ++ gXmlSecNssFunctions->cryptoAppShutdown = NULL; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL; ++#ifndef XMLSEC_NO_X509 ++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL; ++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL; ++ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL; ++ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL; ++ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL; ++ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL; ++#endif /* XMLSEC_NO_X509 */ ++ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL; ++ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL; ++ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL; ++#endif + + return(gXmlSecNssFunctions); + } +-- +2.6.2 + diff --git a/external/libxmlsec/xmlsec1-nssmangleciphers.patch b/external/libxmlsec/xmlsec1-nssmangleciphers.patch.1 index 96f5049f68ae..a0527c00abf3 100644 --- a/external/libxmlsec/xmlsec1-nssmangleciphers.patch +++ b/external/libxmlsec/xmlsec1-nssmangleciphers.patch.1 @@ -1,6 +1,19 @@ ---- misc/xmlsec1-1.2.14/src/nss/ciphers.c 2009-09-10 05:16:27.000000000 -0400 -+++ misc/build/xmlsec1-1.2.14/src/nss/ciphers.c 2009-09-10 06:59:39.000000000 -0400 -@@ -11,180 +11,421 @@ +From 1b6be1b87bd39af0aacca5be048134715fb5c8e1 Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:09:39 +0100 +Subject: [PATCH 05/14] xmlsec1-nssmangleciphers.patch + +Conflicts: + src/nss/ciphers.c +--- + src/nss/ciphers.c | 859 ++++++++++++++++++++++++++++++------------------------ + 1 file changed, 480 insertions(+), 379 deletions(-) + +diff --git a/src/nss/ciphers.c b/src/nss/ciphers.c +index 54bd2af..03af759 100644 +--- a/src/nss/ciphers.c ++++ b/src/nss/ciphers.c +@@ -11,180 +11,422 @@ #include <string.h> @@ -17,10 +30,10 @@ #include <xmlsec/errors.h> #include <xmlsec/nss/crypto.h> -- --#define XMLSEC_NSS_MAX_KEY_SIZE 32 --#define XMLSEC_NSS_MAX_IV_SIZE 32 --#define XMLSEC_NSS_MAX_BLOCK_SIZE 32 + +-#define XMLSEC_NSS_MAX_KEY_SIZE 32 +-#define XMLSEC_NSS_MAX_IV_SIZE 32 +-#define XMLSEC_NSS_MAX_BLOCK_SIZE 32 +#include <xmlsec/nss/ciphers.h> /************************************************************************** @@ -30,41 +43,41 @@ + * This context is designed for repositing a block cipher for transform * *****************************************************************************/ --typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, -- *xmlSecNssBlockCipherCtxPtr; +-typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, +- *xmlSecNssBlockCipherCtxPtr; +typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; +typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; + struct _xmlSecNssBlockCipherCtx { - CK_MECHANISM_TYPE cipher; + CK_MECHANISM_TYPE cipher; + PK11SymKey* symkey ; - PK11Context* cipherCtx; - xmlSecKeyDataId keyId; -- int keyInitialized; -- int ctxInitialized; -- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; -- xmlSecSize keySize; -- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; -- xmlSecSize ivSize; + PK11Context* cipherCtx; + xmlSecKeyDataId keyId; +- int keyInitialized; +- int ctxInitialized; +- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; +- xmlSecSize keySize; +- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; +- xmlSecSize ivSize; }; --static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, -- xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx); --static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, -- xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx); --static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, -- xmlSecBufferPtr in, -- xmlSecBufferPtr out, -- int encrypt, -- const xmlChar* cipherName, -- xmlSecTransformCtxPtr transformCtx); +-static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, +- xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx); +-static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, +- xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx); +-static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, +- xmlSecBufferPtr in, +- xmlSecBufferPtr out, +- int encrypt, +- const xmlChar* cipherName, +- xmlSecTransformCtxPtr transformCtx); + +#define xmlSecNssBlockCipherSize \ + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) @@ -327,12 +340,12 @@ + return 0 ; +} + - static int + static int xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, xmlSecBufferPtr out, - int encrypt, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { + xmlSecBufferPtr in, xmlSecBufferPtr out, + int encrypt, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) { - SECItem keyItem; SECItem ivItem; - PK11SlotInfo* slot; @@ -375,21 +388,21 @@ + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } - + if(encrypt) { - /* generate random iv */ - rv = PK11_GenerateRandom(ctx->iv, ivLen); -- if(rv != SECSuccess) { -+ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", ivLen); -+ XMLSEC_ERRORS_NO_MESSAGE); +- if(rv != SECSuccess) { ++ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "PK11_GenerateRandom", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", ivLen); ++ XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBufferDestroy( ivBuf ) ; - return(-1); - } + return(-1); + } + if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , @@ -399,103 +412,103 @@ + xmlSecBufferDestroy( ivBuf ) ; + return -1 ; + } - -- /* write iv to the output */ -- ret = xmlSecBufferAppend(out, ctx->iv, ivLen); -- if(ret < 0) { -+ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferAppend", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", ivLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); + +- /* write iv to the output */ +- ret = xmlSecBufferAppend(out, ctx->iv, ivLen); +- if(ret < 0) { ++ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferAppend", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", ivLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBufferDestroy( ivBuf ) ; - return(-1); - } - + return(-1); + } + } else { -- /* if we don't have enough data, exit and hope that -- * we'll have iv next time */ -- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { -- return(0); -- } -- -- /* copy iv to our buffer*/ -- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); -- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); -- -- /* and remove from input */ -- ret = xmlSecBufferRemoveHead(in, ivLen); -- if(ret < 0) { -+ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferRemoveHead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", ivLen); -+ "xmlSecBufferSetData", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); +- /* if we don't have enough data, exit and hope that +- * we'll have iv next time */ +- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { +- return(0); +- } +- +- /* copy iv to our buffer*/ +- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); +- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); +- +- /* and remove from input */ +- ret = xmlSecBufferRemoveHead(in, ivLen); +- if(ret < 0) { ++ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferRemoveHead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", ivLen); ++ "xmlSecBufferSetData", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBufferDestroy( ivBuf ) ; - return(-1); - } + return(-1); + } } - memset(&keyItem, 0, sizeof(keyItem)); - keyItem.data = ctx->key; -- keyItem.len = ctx->keySize; +- keyItem.len = ctx->keySize; - memset(&ivItem, 0, sizeof(ivItem)); - ivItem.data = ctx->iv; -- ivItem.len = ctx->ivSize; +- ivItem.len = ctx->ivSize; - - slot = PK11_GetBestSlot(ctx->cipher, NULL); - if(slot == NULL) { + if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), -- "PK11_GetBestSlot", -+ "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), +- "PK11_GetBestSlot", ++ "xmlSecBufferRemoveHead", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBufferDestroy( ivBuf ) ; - return(-1); + return(-1); } - -- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, -- CKA_SIGN, &keyItem, NULL); + +- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, +- CKA_SIGN, &keyItem, NULL); - if(symKey == NULL) { + ivItem.data = xmlSecBufferGetData( ivBuf ) ; + ivItem.len = xmlSecBufferGetSize( ivBuf ) ; + if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), -- "PK11_ImportSymKey", -+ "PK11_ParamFromIV", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), +- "PK11_ImportSymKey", ++ "PK11_ParamFromIV", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); - PK11_FreeSlot(slot); -+ xmlSecBufferDestroy( ivBuf ) ; - return(-1); ++ xmlSecBufferDestroy( ivBuf ) ; + return(-1); } - ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, - (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, -- symKey, &ivItem); -+ ctx->symkey, secParam); + ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, + (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, +- symKey, &ivItem); ++ ctx->symkey, secParam); if(ctx->cipherCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), -- "PK11_CreateContextBySymKey", -+ "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); -- PK11_FreeSymKey(symKey); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), +- "PK11_CreateContextBySymKey", ++ "xmlSecBufferRemoveHead", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +- PK11_FreeSymKey(symKey); - PK11_FreeSlot(slot); + SECITEM_FreeItem( secParam , PR_TRUE ) ; -+ xmlSecBufferDestroy( ivBuf ) ; - return(-1); ++ xmlSecBufferDestroy( ivBuf ) ; + return(-1); } - ctx->ctxInitialized = 1; @@ -509,12 +522,12 @@ +/** + * Block cipher transform update + */ - static int + static int xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, xmlSecBufferPtr out, -@@ -192,54 +433,49 @@ - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { + xmlSecBufferPtr in, xmlSecBufferPtr out, +@@ -192,54 +434,49 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) { xmlSecSize inSize, inBlocks, outSize; - int blockLen; + int blockSize; @@ -522,7 +535,7 @@ xmlSecByte* outBuf; - SECStatus rv; - int ret; - + xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->cipher != 0, -1); + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; @@ -547,85 +560,84 @@ inSize = xmlSecBufferGetSize(in); outSize = xmlSecBufferGetSize(out); -- -- if(inSize < (xmlSecSize)blockLen) { -- return(0); -+ ++ + inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; + inSize = inBlocks * blockSize ; -+ -+ if( inSize < blockSize ) { -+ return 0 ; - } +- if(inSize < (xmlSecSize)blockLen) { +- return(0); +- } +- - if(encrypt) { - inBlocks = inSize / ((xmlSecSize)blockLen); - } else { -- /* we want to have the last block in the input buffer -- * for padding check */ +- /* we want to have the last block in the input buffer +- * for padding check */ - inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); -- } ++ if( inSize < blockSize ) { ++ return 0 ; + } - inSize = inBlocks * ((xmlSecSize)blockLen); -- + - /* we write out the input size plus may be one block */ - ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); - if(ret < 0) { + if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + inSize + blockLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferSetMaxSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + inSize + blockLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } outBuf = xmlSecBufferGetData(out) + outSize; - + - rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, -- xmlSecBufferGetData(in), inSize); +- xmlSecBufferGetData(in), inSize); - if(rv != SECSuccess) { + if(PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CipherOp", -@@ -247,27 +483,22 @@ - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "PK11_CipherOp", +@@ -247,27 +484,22 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } - xmlSecAssert2((xmlSecSize)outLen == inSize, -1); - + - /* set correct output buffer size */ - ret = xmlSecBufferSetSize(out, outSize + outLen); - if(ret < 0) { + if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + outLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferSetSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + outLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } - + - /* remove the processed block from input */ - ret = xmlSecBufferRemoveHead(in, inSize); - if(ret < 0) { + if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", inSize); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferRemoveHead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", inSize); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } return(0); -@@ -281,81 +512,82 @@ - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { +@@ -281,81 +513,82 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) { xmlSecSize inSize, outSize; - int blockLen, outLen = 0; + int blockSize, outLen = 0; @@ -633,7 +645,7 @@ xmlSecByte* outBuf; - SECStatus rv; - int ret; - + xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->cipher != 0, -1); + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; @@ -661,114 +673,114 @@ + /******************************************************************/ if(encrypt != 0) { -- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); +- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); + xmlSecAssert2( inSize < blockSize, -1 ) ; - - /* create padding */ + + /* create padding */ - ret = xmlSecBufferSetMaxSize(in, blockLen); -- if(ret < 0) { +- if(ret < 0) { + if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", blockLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - inBuf = xmlSecBufferGetData(in); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferSetMaxSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", blockLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + inBuf = xmlSecBufferGetData(in); - /* generate random padding */ -- if((xmlSecSize)blockLen > (inSize + 1)) { -- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); -- if(rv != SECSuccess) { -+ /* generate random */ +- if((xmlSecSize)blockLen > (inSize + 1)) { +- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); +- if(rv != SECSuccess) { ++ /* generate random */ + if( blockSize > ( inSize + 1 ) ) { + if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", blockLen - inSize - 1); -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } -- inBuf[blockLen - 1] = blockLen - inSize; -- inSize = blockLen; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "PK11_GenerateRandom", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +- "size=%d", blockLen - inSize - 1); ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } +- inBuf[blockLen - 1] = blockLen - inSize; +- inSize = blockLen; + inBuf[blockSize-1] = blockSize - inSize ; + inSize = blockSize ; } else { -- if(inSize != (xmlSecSize)blockLen) { -+ if( inSize != blockSize ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "data=%d;block=%d", inSize, blockLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } +- if(inSize != (xmlSecSize)blockLen) { ++ if( inSize != blockSize ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "data=%d;block=%d", inSize, blockLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } } - + - /* process last block */ - ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); - if(ret < 0) { + /* process the last block */ + if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + 2 * blockLen); -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferSetMaxSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + 2 * blockLen); ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } outBuf = xmlSecBufferGetData(out) + outSize; - rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, -- xmlSecBufferGetData(in), inSize); +- xmlSecBufferGetData(in), inSize); - if(rv != SECSuccess) { + if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CipherOp", -@@ -363,300 +595,169 @@ - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "PK11_CipherOp", +@@ -363,300 +596,168 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } - xmlSecAssert2((xmlSecSize)outLen == inSize, -1); - + if(encrypt == 0) { - /* check padding */ -- if(outLen < outBuf[blockLen - 1]) { + /* check padding */ +- if(outLen < outBuf[blockLen - 1]) { + if( outLen < outBuf[blockSize-1] ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "padding=%d;buffer=%d", -- outBuf[blockLen - 1], outLen); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, +- "padding=%d;buffer=%d", +- outBuf[blockLen - 1], outLen); + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -- outLen -= outBuf[blockLen - 1]; + return(-1); + } +- outLen -= outBuf[blockLen - 1]; + outLen -= outBuf[blockSize-1] ; - } + } - /* set correct output buffer size */ - ret = xmlSecBufferSetSize(out, outSize + outLen); - if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferSetSize", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", outSize + outLen); -- return(-1); +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferSetSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + outLen); +- return(-1); - } + /******************************************************************/ @@ -777,14 +789,17 @@ - if(ret < 0) { + /****************************************************************** + if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), -- "xmlSecBufferRemoveHead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "size=%d", inSize); -- return(-1); -- } -- + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferRemoveHead", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", inSize); ++ "xmlSecBufferSetMaxSize", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + - return(0); -} - @@ -794,31 +809,31 @@ - * EVP Block Cipher transforms - * - * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure -- * +- * - *****************************************************************************/ --#define xmlSecNssBlockCipherSize \ +-#define xmlSecNssBlockCipherSize \ - (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) -#define xmlSecNssBlockCipherGetCtx(transform) \ - ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) - --static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); --static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); --static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, -- xmlSecKeyReqPtr keyReq); --static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, -- xmlSecKeyPtr key); --static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, -- int last, -- xmlSecTransformCtxPtr transformCtx); --static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); -- +-static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); +-static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); +-static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, +- xmlSecKeyReqPtr keyReq); +-static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, +- xmlSecKeyPtr key); +-static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, +- int last, +- xmlSecTransformCtxPtr transformCtx); +-static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); +- - - -static int -xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { -#ifndef XMLSEC_NO_DES - if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { -- return(1); +- return(1); - } -#endif /* XMLSEC_NO_DES */ - @@ -826,65 +841,80 @@ - if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || - xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || - xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { -- +- - return(1); -- } ++ outBuf = xmlSecBufferGetData( out ) + outSize ; ++ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "PK11_DigestFinal" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; + } -#endif /* XMLSEC_NO_AES */ -- +- - return(0); -} - --static int +-static int -xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { - xmlSecNssBlockCipherCtxPtr ctx; -- +- - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); - - ctx = xmlSecNssBlockCipherGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); -- +- - memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); - -#ifndef XMLSEC_NO_DES - if(transform->id == xmlSecNssTransformDes3CbcId) { -- ctx->cipher = CKM_DES3_CBC; -- ctx->keyId = xmlSecNssKeyDataDesId; -- ctx->keySize = 24; -- } else +- ctx->cipher = CKM_DES3_CBC; +- ctx->keyId = xmlSecNssKeyDataDesId; +- ctx->keySize = 24; +- } else -#endif /* XMLSEC_NO_DES */ - -#ifndef XMLSEC_NO_AES - if(transform->id == xmlSecNssTransformAes128CbcId) { -- ctx->cipher = CKM_AES_CBC; -- ctx->keyId = xmlSecNssKeyDataAesId; -- ctx->keySize = 16; +- ctx->cipher = CKM_AES_CBC; +- ctx->keyId = xmlSecNssKeyDataAesId; +- ctx->keySize = 16; - } else if(transform->id == xmlSecNssTransformAes192CbcId) { -- ctx->cipher = CKM_AES_CBC; -- ctx->keyId = xmlSecNssKeyDataAesId; -- ctx->keySize = 24; +- ctx->cipher = CKM_AES_CBC; +- ctx->keyId = xmlSecNssKeyDataAesId; +- ctx->keySize = 24; - } else if(transform->id == xmlSecNssTransformAes256CbcId) { -- ctx->cipher = CKM_AES_CBC; -- ctx->keyId = xmlSecNssKeyDataAesId; -- ctx->keySize = 32; -- } else +- ctx->cipher = CKM_AES_CBC; +- ctx->keyId = xmlSecNssKeyDataAesId; +- ctx->keySize = 32; +- } else -#endif /* XMLSEC_NO_AES */ - - if(1) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- NULL, -- XMLSEC_ERRORS_R_INVALID_TRANSFORM, -+ "xmlSecBufferSetMaxSize", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); -- } -- +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- NULL, +- XMLSEC_ERRORS_R_INVALID_TRANSFORM, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); ++ ******************************************************************/ ++ ++ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferSetSize" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; + } +- - return(0); -} - --static void +-static void -xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { - xmlSecNssBlockCipherCtxPtr ctx; - @@ -896,12 +926,22 @@ - - if(ctx->cipherCtx != NULL) { - PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); ++ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( cipherName ) , ++ "xmlSecBufferRemoveHead" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; } -- ++/* PK11_Finalize( ctx->cipherCtx ) ;*/ ++ PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); ++ ctx->cipherCtx = NULL ; + - memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); -} - --static int +- +-static int -xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { - xmlSecNssBlockCipherCtxPtr ctx; - @@ -913,45 +953,13 @@ - ctx = xmlSecNssBlockCipherGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->keyId != NULL, -1); -+ outBuf = xmlSecBufferGetData( out ) + outSize ; -+ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "PK11_DigestFinal" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ ******************************************************************/ -+ -+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( cipherName ) , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+/* PK11_Finalize( ctx->cipherCtx ) ;*/ -+ PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); -+ ctx->cipherCtx = NULL ; - -- keyReq->keyId = ctx->keyId; -- keyReq->keyType = xmlSecKeyDataTypeSymmetric; +- +- keyReq->keyId = ctx->keyId; +- keyReq->keyType = xmlSecKeyDataTypeSymmetric; - if(transform->operation == xmlSecTransformOperationEncrypt) { -- keyReq->keyUsage = xmlSecKeyUsageEncrypt; +- keyReq->keyUsage = xmlSecKeyUsageEncrypt; - } else { -- keyReq->keyUsage = xmlSecKeyUsageDecrypt; +- keyReq->keyUsage = xmlSecKeyUsageDecrypt; - } - keyReq->keyBitsSize = 8 * ctx->keySize; return(0); @@ -982,7 +990,7 @@ + const xmlChar* cipherName ; + int operation ; + int rtv ; - + xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); @@ -994,48 +1002,48 @@ - xmlSecAssert2(ctx->keyInitialized == 0, -1); - xmlSecAssert2(ctx->keyId != NULL, -1); - xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); -- + - xmlSecAssert2(ctx->keySize > 0, -1); - xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); - -- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); -- xmlSecAssert2(buffer != NULL, -1); + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; +- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); +- xmlSecAssert2(buffer != NULL, -1); +- - if(xmlSecBufferGetSize(buffer) < ctx->keySize) { + context = xmlSecNssBlockCipherGetCtx( transform ) ; + if( context == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- NULL, -- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, -- "keySize=%d;expected=%d", -- xmlSecBufferGetSize(buffer), ctx->keySize); -- return(-1); -+ "xmlSecNssBlockCipherGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +- NULL, +- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, +- "keySize=%d;expected=%d", +- xmlSecBufferGetSize(buffer), ctx->keySize); +- return(-1); ++ "xmlSecNssBlockCipherGetCtx" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); } -- + - xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); - memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); -- + - ctx->keyInitialized = 1; - return(0); -} - --static int +-static int -xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { - xmlSecNssBlockCipherCtxPtr ctx; - xmlSecBufferPtr in, out; - int ret; -- +- - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); - xmlSecAssert2(transformCtx != NULL, -1); - +- - in = &(transform->inBuf); - out = &(transform->outBuf); - @@ -1045,82 +1053,82 @@ + outBuf = &( transform->outBuf ) ; if(transform->status == xmlSecTransformStatusNone) { - transform->status = xmlSecTransformStatusWorking; + transform->status = xmlSecTransformStatusWorking; } + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; + cipherName = xmlSecTransformGetName( transform ) ; + if(transform->status == xmlSecTransformStatusWorking) { -- if(ctx->ctxInitialized == 0) { -- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, -- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -- xmlSecTransformGetName(transform), transformCtx); -- if(ret < 0) { -+ if( context->cipherCtx == NULL ) { +- if(ctx->ctxInitialized == 0) { +- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, +- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +- xmlSecTransformGetName(transform), transformCtx); +- if(ret < 0) { ++ if( context->cipherCtx == NULL ) { + rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; + if( rtv < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxInit", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_R_INVALID_STATUS, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } -- if((ctx->ctxInitialized == 0) && (last != 0)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecNssBlockCipherCtxInit", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_R_INVALID_STATUS, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } +- if((ctx->ctxInitialized == 0) && (last != 0)) { + if( context->cipherCtx == NULL && last != 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_R_INVALID_STATUS, - "not enough data to initialize transform"); - return(-1); - } + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, +- XMLSEC_ERRORS_R_INVALID_DATA, ++ XMLSEC_ERRORS_R_INVALID_STATUS, + "not enough data to initialize transform"); + return(-1); + } -- if(ctx->ctxInitialized != 0) { -- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, -- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -- xmlSecTransformGetName(transform), transformCtx); -- if(ret < 0) { +- if(ctx->ctxInitialized != 0) { +- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, +- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +- xmlSecTransformGetName(transform), transformCtx); +- if(ret < 0) { + if( context->cipherCtx != NULL ) { + rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; + if( rtv < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxUpdate", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_R_INVALID_STATUS, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - - if(last) { -- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, -- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, -- xmlSecTransformGetName(transform), transformCtx); -- if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecNssBlockCipherCtxUpdate", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_R_INVALID_STATUS, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + if(last) { +- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, +- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +- xmlSecTransformGetName(transform), transformCtx); +- if(ret < 0) { + rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; + if( rtv < 0 ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxFinal", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_R_INVALID_STATUS, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - transform->status = xmlSecTransformStatusFinished; - } + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecNssBlockCipherCtxFinal", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_R_INVALID_STATUS, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + transform->status = xmlSecTransformStatusFinished; + } } else if(transform->status == xmlSecTransformStatusFinished) { -- /* the only way we can get here is if there is no input */ -- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); +- /* the only way we can get here is if there is no input */ +- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); - } else if(transform->status == xmlSecTransformStatusNone) { -- /* the only way we can get here is if there is no enough data in the input */ -- xmlSecAssert2(last == 0, -1); +- /* the only way we can get here is if there is no enough data in the input */ +- xmlSecAssert2(last == 0, -1); + if( xmlSecBufferGetSize( inBuf ) != 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , @@ -1130,5 +1138,8 @@ + return -1 ; + } } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +-- +2.6.2 + diff --git a/external/libxmlsec/xmlsec1-oldlibtool.patch b/external/libxmlsec/xmlsec1-oldlibtool.patch.1 index 7d59ce101cce..c487ac616160 100644 --- a/external/libxmlsec/xmlsec1-oldlibtool.patch +++ b/external/libxmlsec/xmlsec1-oldlibtool.patch.1 @@ -1,5 +1,18 @@ ---- /dev/null 2012-11-27 15:14:41.892226008 +0100 -+++ misc/xmlsec1-1.2.14/compile 2012-11-29 12:27:14.000000000 +0100 +From 68c5e703a5db9b58eb7b90c0e6a42323cd7c3d47 Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:08:09 +0100 +Subject: [PATCH 03/14] xmlsec1-oldlibtool.patch + +--- + compile | 142 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 142 insertions(+) + create mode 100644 compile + +diff --git a/compile b/compile +new file mode 100644 +index 0000000..1b1d232 +--- /dev/null ++++ b/compile @@ -0,0 +1,142 @@ +#! /bin/sh +# Wrapper for compilers which do not understand `-c -o'. @@ -143,3 +156,6 @@ +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: +-- +2.6.2 + diff --git a/external/libxmlsec/xmlsec1-ooxml.patch.1 b/external/libxmlsec/xmlsec1-ooxml.patch.1 index a0878a5222d3..c2967d7ef99b 100644 --- a/external/libxmlsec/xmlsec1-ooxml.patch.1 +++ b/external/libxmlsec/xmlsec1-ooxml.patch.1 @@ -1,8 +1,10 @@ -From 24c1395c547f8a2f0c78a8618c766ecd55909c66 Mon Sep 17 00:00:00 2001 +From 236d595dec5e4df1036ba797ebebcd2bb3b29234 Mon Sep 17 00:00:00 2001 From: Miklos Vajna <vmiklos@collabora.co.uk> Date: Mon, 25 Jan 2016 09:50:03 +0100 -Subject: [PATCH] OOXML Relationship Transform +Subject: [PATCH 14/14] OOXML Relationship Transform +Conflicts: + include/xmlsec/transforms.h --- include/xmlsec/strings.h | 3 + include/xmlsec/transforms.h | 4 + @@ -12,7 +14,7 @@ Subject: [PATCH] OOXML Relationship Transform 5 files changed, 563 insertions(+) diff --git a/include/xmlsec/strings.h b/include/xmlsec/strings.h -index 07afb9d..9c72d1b 100644 +index 98650bf..d9fa3df 100644 --- a/include/xmlsec/strings.h +++ b/include/xmlsec/strings.h @@ -551,6 +551,9 @@ XMLSEC_EXPORT_VAR const xmlChar xmlSecXPath2FilterUnion[]; @@ -26,13 +28,13 @@ index 07afb9d..9c72d1b 100644 * * Xslt strings diff --git a/include/xmlsec/transforms.h b/include/xmlsec/transforms.h -index 4008cae..b0e31e4 100644 +index aec8bb5..0bbd7ec 100644 --- a/include/xmlsec/transforms.h +++ b/include/xmlsec/transforms.h -@@ -961,6 +961,10 @@ XMLSEC_EXPORT int xmlSecTransformXPointerSetExpr (xmlSecTransformPtr transform - const xmlChar* expr, - xmlSecNodeSetType nodeSetType, - xmlNodePtr hereNode); +@@ -961,6 +961,10 @@ XMLSEC_EXPORT int xmlSecTransformXPointerSetExpr (xmlSecT + const xmlChar* expr, + xmlSecNodeSetType nodeSetType, + xmlNodePtr hereNode); + +#define xmlSecTransformRelationshipId xmlSecTransformRelationshipGetKlass() +XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRelationshipGetKlass (void); @@ -41,12 +43,12 @@ index 4008cae..b0e31e4 100644 /** * xmlSecTransformXsltId: diff --git a/src/strings.c b/src/strings.c -index 9897198..546e993 100644 +index 99ee316..d318d16 100644 --- a/src/strings.c +++ b/src/strings.c -@@ -543,6 +543,9 @@ const xmlChar xmlSecXPath2FilterUnion[] = "union"; - const xmlChar xmlSecNameXPointer[] = "xpointer"; - const xmlChar xmlSecNodeXPointer[] = "XPointer"; +@@ -543,6 +543,9 @@ const xmlChar xmlSecXPath2FilterUnion[] = "union"; + const xmlChar xmlSecNameXPointer[] = "xpointer"; + const xmlChar xmlSecNodeXPointer[] = "XPointer"; +const xmlChar xmlSecNameRelationship[] = "relationship"; +const xmlChar xmlSecHrefRelationship[] = "http://schemas.openxmlformats.org/package/2006/RelationshipTransform"; @@ -55,11 +57,11 @@ index 9897198..546e993 100644 * * Xslt strings diff --git a/src/transforms.c b/src/transforms.c -index 2ed3fe8..9e5ad27 100644 +index e8e0050..a966f0b 100644 --- a/src/transforms.c +++ b/src/transforms.c @@ -271,6 +271,17 @@ xmlSecTransformIdsRegisterDefault(void) { - return(-1); + return(-1); } + if (xmlSecTransformIdsRegister(xmlSecTransformRelationshipId) < 0) @@ -75,9 +77,9 @@ index 2ed3fe8..9e5ad27 100644 + #ifndef XMLSEC_NO_XSLT if(xmlSecTransformIdsRegister(xmlSecTransformXsltId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecError(XMLSEC_ERRORS_HERE, diff --git a/src/xpath.c b/src/xpath.c -index 8b0b4f8..b9a03e5 100644 +index afa7c52..92a2337 100644 --- a/src/xpath.c +++ b/src/xpath.c @@ -17,6 +17,7 @@ @@ -383,14 +385,14 @@ index 8b0b4f8..b9a03e5 100644 + { + int size; + int i; - ++ + xmlListSort(list); + size = xmlListSize(list); + for (i = 0; i < size; ++i) + { + xmlLinkPtr link = xmlListFront(list); + xmlNodePtr node = (xmlNodePtr)xmlLinkGetData(link); - ++ + ret = xmlSecTransformRelationshipProcessNode(transform, buf, node); + if (ret < 0) + { @@ -484,7 +486,7 @@ index 8b0b4f8..b9a03e5 100644 + return(-1); + } + } -+ + + ret = xmlSecTransformRelationshipExecute(transform, buf, nodes->doc); + if (ret < 0) + { @@ -496,7 +498,7 @@ index 8b0b4f8..b9a03e5 100644 + xmlOutputBufferClose(buf); + return(-1); + } -+ + + ret = xmlOutputBufferClose(buf); + if (ret < 0) + { diff --git a/external/libxmlsec/xmlsec1-update-config.guess.patch.1 b/external/libxmlsec/xmlsec1-update-config.guess.patch.1 index 1b8ea4050dee..b59045f6bead 100644 --- a/external/libxmlsec/xmlsec1-update-config.guess.patch.1 +++ b/external/libxmlsec/xmlsec1-update-config.guess.patch.1 @@ -1,7 +1,7 @@ -From dd15aae9ce221198be486a6e75d5a42f75ff9de6 Mon Sep 17 00:00:00 2001 +From 23a37fb61ca6eaa5b5cdb98b5ed559896012dc7c Mon Sep 17 00:00:00 2001 From: David Tardon <dtardon@redhat.com> Date: Tue, 13 May 2014 16:35:04 +0200 -Subject: [PATCH] update config.* to support ppc64le +Subject: [PATCH 13/14] update config.* to support ppc64le --- config.guess | 541 +++++++++++++++++++++++++++++------------------------------ @@ -1626,5 +1626,5 @@ index 45bad78..d2a9613 100755 ;; -beos*) -- -1.9.0 +2.6.2 diff --git a/external/libxmlsec/xmlsec1-vc.patch b/external/libxmlsec/xmlsec1-vc.patch.1 index cd7914e5e6c4..36e93cae7fec 100644 --- a/external/libxmlsec/xmlsec1-vc.patch +++ b/external/libxmlsec/xmlsec1-vc.patch.1 @@ -1,34 +1,19 @@ ---- build/xmlsec1-1.2.14/win32/Makefile.msvc.old 2010-10-20 00:49:04.671875000 +0200 -+++ build/xmlsec1-1.2.14/win32/Makefile.msvc 2010-10-20 00:49:23.406250000 +0200 -@@ -351,7 +351,11 @@ - !if "$(DEBUG)" == "1" - LDFLAGS = $(LDFLAGS) /DEBUG - !else --LDFLAGS = $(LDFLAGS) /OPT:NOWIN98 -+!if "$(_NMAKE_VER)" >= "10.00.30319.01" -+LDFLAGS = $(LDFLAGS) -+!else -+LDFLAGS = $(LDFLAGS) /OPT:NOWIN98 -+!endif - !endif - - SOLIBS = $(LIBS) libxml2.lib ---- build/xmlsec/win32/Makefile.msvc.old 2012-11-30 11:09:23.130479800 -0500 -+++ build/xmlsec/win32/Makefile.msvc 2012-11-30 11:11:06.037550700 -0500 -@@ -301,6 +301,10 @@ - CFLAGS = $(CFLAGS) /D "HAVE_STDIO_H" /D "HAVE_STDLIB_H" - CFLAGS = $(CFLAGS) /D "HAVE_STRING_H" /D "HAVE_CTYPE_H" - CFLAGS = $(CFLAGS) /D "HAVE_MALLOC_H" /D "HAVE_MEMORY_H" -+CFLAGS = $(CFLAGS) -arch:SSE $(SOLARINC) -I$(WORKDIR)\UnpackedTarball\xml2\include -I$(WORKDIR)/UnpackedTarball/icu/source/i18n -I$(WORKDIR)/UnpackedTarball/icu/source/common -+!if "$(MSVC_USE_DEBUG_RUNTIME)" != "" -+CFLAGS = $(CFLAGS) /MDd -+!endif - - # Optimisation and debug symbols. - !if "$(DEBUG)" == "1" -diff -ru xmlsec.orig/apps/cmdline.c xmlsec/apps/cmdline.c ---- build/xmlsec.orig/apps/cmdline.c 2009-12-05 22:19:17.000000000 +0100 -+++ build/xmlsec/apps/cmdline.c 2015-09-03 23:05:01.003150300 +0200 +From de1c40ec9621c4100bc4153a947f2e67be0c42e5 Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <vmiklos@collabora.co.uk> +Date: Fri, 4 Mar 2016 16:12:29 +0100 +Subject: [PATCH 08/14] xmlsec1-vc.patch + +--- + apps/cmdline.c | 2 +- + apps/crypto.c | 2 +- + apps/xmlsec.c | 2 +- + win32/Makefile.msvc | 10 +++++++++- + 4 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/apps/cmdline.c b/apps/cmdline.c +index b9ecafb..4425eaf 100644 +--- a/apps/cmdline.c ++++ b/apps/cmdline.c @@ -7,7 +7,7 @@ * * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> @@ -38,9 +23,10 @@ diff -ru xmlsec.orig/apps/cmdline.c xmlsec/apps/cmdline.c #define snprintf _snprintf #endif -diff -ru xmlsec.orig/apps/crypto.c xmlsec/apps/crypto.c ---- build/xmlsec.orig/apps/crypto.c 2009-12-05 22:19:17.000000000 +0100 -+++ build/xmlsec/apps/crypto.c 2015-09-03 23:04:36.928472100 +0200 +diff --git a/apps/crypto.c b/apps/crypto.c +index 49dd127..f46eeee 100644 +--- a/apps/crypto.c ++++ b/apps/crypto.c @@ -7,7 +7,7 @@ * * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> @@ -50,9 +36,10 @@ diff -ru xmlsec.orig/apps/crypto.c xmlsec/apps/crypto.c #define snprintf _snprintf #endif -diff -ru xmlsec.orig/apps/xmlsec.c xmlsec/apps/xmlsec.c ---- build/xmlsec.orig/apps/xmlsec.c 2009-12-05 22:19:17.000000000 +0100 -+++ build/xmlsec/apps/xmlsec.c 2015-09-03 23:05:08.057636300 +0200 +diff --git a/apps/xmlsec.c b/apps/xmlsec.c +index 72d68fa..364ed5e 100644 +--- a/apps/xmlsec.c ++++ b/apps/xmlsec.c @@ -9,7 +9,7 @@ #include <string.h> #include <time.h> @@ -62,3 +49,34 @@ diff -ru xmlsec.orig/apps/xmlsec.c xmlsec/apps/xmlsec.c #define snprintf _snprintf #endif +diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc +index cfa0a46..2f4c3e7 100644 +--- a/win32/Makefile.msvc ++++ b/win32/Makefile.msvc +@@ -305,6 +305,10 @@ CFLAGS = $(CFLAGS) /D PACKAGE=\"$(XMLSEC_NAME)\" + CFLAGS = $(CFLAGS) /D "HAVE_STDIO_H" /D "HAVE_STDLIB_H" + CFLAGS = $(CFLAGS) /D "HAVE_STRING_H" /D "HAVE_CTYPE_H" + CFLAGS = $(CFLAGS) /D "HAVE_MALLOC_H" /D "HAVE_MEMORY_H" ++CFLAGS = $(CFLAGS) -arch:SSE $(SOLARINC) -I$(WORKDIR)\UnpackedTarball\xml2\include -I$(WORKDIR)/UnpackedTarball/icu/source/i18n -I$(WORKDIR)/UnpackedTarball/icu/source/common ++!if "$(MSVC_USE_DEBUG_RUNTIME)" != "" ++CFLAGS = $(CFLAGS) /MDd ++!endif + + !if "$(UNICODE)" == "1" + CFLAGS = $(CFLAGS) /D "UNICODE" /D "_UNICODE" +@@ -359,7 +363,11 @@ LIBS = + !if "$(DEBUG)" == "1" + LDFLAGS = $(LDFLAGS) /DEBUG + !else +-LDFLAGS = $(LDFLAGS) /OPT:NOWIN98 ++!if "$(_NMAKE_VER)" >= "10.00.30319.01" ++LDFLAGS = $(LDFLAGS) ++!else ++LDFLAGS = $(LDFLAGS) /OPT:NOWIN98 ++!endif + !endif + + SOLIBS = $(LIBS) libxml2.lib +-- +2.6.2 + |