diff options
| author | Peter Foley <pefoley2@verizon.net> | 2012-11-29 20:50:15 -0500 |
|---|---|---|
| committer | Peter Foley <pefoley2@verizon.net> | 2012-11-30 11:34:29 -0500 |
| commit | ec6af4194e80f5f0b2e46ca59802ff397a2a4a24 (patch) | |
| tree | 9f0ff42902bdd0a7988cc462571259c873794289 | |
| parent | 694a2c53810dec6d8e069d74baf51e6cdda91faa (diff) | |
convert libxmlsec to gbuild
Change-Id: Id0ad4e1c8e3e1ac03c625fb77b70fe0aa8ddfcdc
26 files changed, 2938 insertions, 5349 deletions
diff --git a/Module_tail_build.mk b/Module_tail_build.mk index f499dcb27bb6..e0664bb39765 100644 --- a/Module_tail_build.mk +++ b/Module_tail_build.mk @@ -107,6 +107,7 @@ $(eval $(call gb_Module_add_moduledirs,tail_end,\ libwpd \ libwpg \ libwps \ + libxmlsec \ lingucomponent \ linguistic \ lotuswordpro \ diff --git a/RepositoryModule_ooo.mk b/RepositoryModule_ooo.mk index 30182fc83860..f860317c2a10 100644 --- a/RepositoryModule_ooo.mk +++ b/RepositoryModule_ooo.mk @@ -116,6 +116,7 @@ $(eval $(call gb_Module_add_moduledirs,ooo,\ libwpd \ libwpg \ libwps \ + libxmlsec \ lingucomponent \ linguistic \ lotuswordpro \ diff --git a/libxmlsec/ExternalPackage_xmlsec.mk b/libxmlsec/ExternalPackage_xmlsec.mk new file mode 100644 index 000000000000..a553159a5e35 --- /dev/null +++ b/libxmlsec/ExternalPackage_xmlsec.mk @@ -0,0 +1,32 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +$(eval $(call gb_ExternalPackage_ExternalPackage,xmlsec,xmlsec)) + +$(eval $(call gb_ExternalPackage_use_external_project,xmlsec,xmlsec)) + +ifeq ($(OS),WNT) +ifeq ($(COM),GCC) +$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.dll.a,src/nss/.libs/libxmlsec1-nss.dll.a)) +$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.dll,src/nss/.libs/libxmlsec1-nss.dll)) +else +$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec-mscrypto.lib,win32/binaries/libxmlsec-mscrypto.lib)) +$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec.lib,win32/binaries/libxmlsec.lib)) +$(eval $(call gb_ExternalPackage_add_file,xmlsec,bin/libxmlsec-mscrypto.dll,win32/binaries/libxmlsec-mscrypto.dll)) +$(eval $(call gb_ExternalPackage_add_file,xmlsec,bin/libxmlsec.dll,win32/binaries/libxmlsec.dll)) +endif +else ifeq ($(OS),ANDROID) +$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.a,src/.libs/libxmlsec1.a)) +$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1-openssl.a,src/openssl/.libs/libxmlsec1-openssl.a)) +else +$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.a,src/.libs/libxmlsec1.a)) +$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1-nss.a,src/nss/.libs/libxmlsec1-nss.a)) +endif + +# vim: set noet sw=4 ts=4: diff --git a/libxmlsec/ExternalProject_xmlsec.mk b/libxmlsec/ExternalProject_xmlsec.mk new file mode 100644 index 000000000000..5b310e620719 --- /dev/null +++ b/libxmlsec/ExternalProject_xmlsec.mk @@ -0,0 +1,63 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +$(eval $(call gb_ExternalProject_ExternalProject,xmlsec)) + +$(eval $(call gb_ExternalProject_use_unpacked,xmlsec,xmlsec)) + +$(eval $(call gb_ExternalProject_register_targets,xmlsec,\ + build \ +)) + +ifeq ($(OS),WNT) + +ifeq ($(COM),GCC) +$(call gb_ExternalProject_get_state_target,xmlsec,build) : + cd $(EXTERNAL_WORKDIR) \ + && autoreconf \ + && ./configure --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) \ + --without-libxslt --without-openssl --without-gnutls --disable-crypto-dl \ + $(if $(filter NO,$(SYSTEM_NSS)),--disable-pkgconfig) \ + CC="$(CC) -mthreads $(if $(filter YES,$(MINGW_SHARED_GCCLIB)),-shared-libgcc)" \ + LDFLAGS="-Wl,--no-undefined $(ILIB:;= -L)" \ + LIBS="$(if $(filter YES,$(MINGW_SHARED_GXXLIB)),$(MINGW_SHARED__LIBSTDCPP))" + $(MAKE) \ + && touch $@ + +else +$(call gb_ExternalProject_get_state_target,xmlsec,build) : + cd $(EXTERNAL_WORKDIR)/win32 \ + && cscript configure.js crypto=mscrypto xslt=no iconv=no static=no \ + $(if $(filter-out full,$(PRODUCT)),debug=yes) \ + && unset MAKEFLAGS \ + && LIB="$(ILIB)" nmake \ + && touch $@ +endif + +else + +$(call gb_ExternalProject_get_state_target,xmlsec,build) : + cd $(EXTERNAL_WORKDIR) \ + && autoreconf \ + && $(if $(filter MACOSX,$(OS)),ACLOCAL="aclocal -I $(EXTERNAL_WORKDIR)/m4/mac") \ + ./configure \ + --with-pic --disable-shared --disable-crypto-dl --without-libxslt --without-gnutls \ + $(if $(filter ANDROID,$(OS)),--with-openssl=$(OUTDIR),--without-openssl) \ + $(if $(filter MACOSX,$(OS)),--prefix=/@.__________________________________________________OOO) \ + $(if $(filter NO,$(SYSTEM_NSS))$(filter MACOSX,$(OS)),--disable-pkgconfig) \ + $(if $(filter YES,$(CROSS_COMPILING)),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \ + $(if $(SYSBASE),CFLAGS="-I$(SYSBASE)/usr/include" \ + LDFLAGS="-L$(SYSBASE)/usr/lib $(if $(filter-out LINUX FREEBSD,$(OS)),,-Wl,-z,origin -Wl,-rpath,'$$$$ORIGIN:$$$$ORIGIN/../ure-link/lib')",\ + $(if $(filter-out MACOSX,$(OS)),,LDFLAGS="-Wl,-dylib_file,@executable_path/libnssutil3.dylib:$(OUTDIR)/lib/libnssutil3.dylib")) \ + && $(MAKE) \ + && touch $@ + +endif + +# vim: set noet sw=4 ts=4: diff --git a/libxmlsec/Makefile b/libxmlsec/Makefile new file mode 100644 index 000000000000..ccb1c85a04da --- /dev/null +++ b/libxmlsec/Makefile @@ -0,0 +1,7 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- + +module_directory:=$(dir $(realpath $(firstword $(MAKEFILE_LIST)))) + +include $(module_directory)/../solenv/gbuild/partial_build.mk + +# vim: set noet sw=4 ts=4: diff --git a/libxmlsec/Module_libxmlsec.mk b/libxmlsec/Module_libxmlsec.mk new file mode 100644 index 000000000000..3e51e4ace55f --- /dev/null +++ b/libxmlsec/Module_libxmlsec.mk @@ -0,0 +1,20 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +$(eval $(call gb_Module_Module,libxmlsec)) + +ifneq ($(filter-out ANDROID IOS,$(OS)),) +$(eval $(call gb_Module_add_targets,libxmlsec,\ + UnpackedTarball_xmlsec \ + ExternalPackage_xmlsec \ + ExternalProject_xmlsec \ +)) +endif + +# vim: set noet sw=4 ts=4: diff --git a/libxmlsec/UnpackedTarball_xmlsec.mk b/libxmlsec/UnpackedTarball_xmlsec.mk new file mode 100644 index 000000000000..6f8e4d021778 --- /dev/null +++ b/libxmlsec/UnpackedTarball_xmlsec.mk @@ -0,0 +1,50 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +$(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec)) + +$(eval $(call gb_UnpackedTarball_set_tarball,xmlsec,$(LIBXMLSEC_TARBALL))) + +$(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\ + libxmlsec/xmlsec1-configure.patch \ + libxmlsec/xmlsec1-configure-libxml-libxslt.patch \ + libxmlsec/xmlsec1-olderlibxml2.patch \ + libxmlsec/xmlsec1-nssdisablecallbacks.patch \ + libxmlsec/xmlsec1-nssmangleciphers.patch \ + libxmlsec/xmlsec1-noverify.patch \ + libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch \ + libxmlsec/xmlsec1-vc.patch \ + libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch \ + libxmlsec/xmlsec1-android.patch \ + libxmlsec/xmlsec1-1.2.14-ansi.patch \ + libxmlsec/xmlsec1-customkeymanage.patch \ +)) + +$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,libxmlsec/include/akmngr_mscrypto.h)) +$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/mscrypto/akmngr.c,libxmlsec/src/akmngr_mscrypto.c)) +$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/akmngr.h,libxmlsec/include/akmngr_nss.h)) +$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/ciphers.h,libxmlsec/include/ciphers.h)) +$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/tokens.h,libxmlsec/include/tokens.h)) +$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/akmngr.c,libxmlsec/src/akmngr_nss.c)) +$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/keywrapers.c,libxmlsec/src/keywrapers.c)) +$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/tokens.c,libxmlsec/src/tokens.c)) + +ifeq ($(OS)$(COM),WNTGCC) +$(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\ + libxmlsec/xmlsec1-mingw32.patch \ +)) +endif + +ifeq ($(OS)$(CPU),MACOSXP) +$(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\ + libxmlsec/xmlsec1-1.2.14_old_automake.patch \ +)) +endif + +# vim: set noet sw=4 ts=4: diff --git a/libxmlsec/include/akmngr_mscrypto.h b/libxmlsec/include/akmngr_mscrypto.h new file mode 100644 index 000000000000..57ba811b3934 --- /dev/null +++ b/libxmlsec/include/akmngr_mscrypto.h @@ -0,0 +1,72 @@ +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright .......................... + */ +#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ +#define __XMLSEC_MSCRYPTO_AKMNGR_H__ + +#include <windows.h> +#include <wincrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr +xmlSecMSCryptoAppliedKeysMngrCreate( + HCERTSTORE keyStore , + HCERTSTORE certStore +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY symKey +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY pubKey +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY priKey +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE keyStore +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE trustedStore +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE untrustedStore +) ; + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ + + + diff --git a/libxmlsec/include/akmngr_nss.h b/libxmlsec/include/akmngr_nss.h new file mode 100644 index 000000000000..a6b88301b405 --- /dev/null +++ b/libxmlsec/include/akmngr_nss.h @@ -0,0 +1,57 @@ +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright .......................... + */ +#ifndef __XMLSEC_NSS_AKMNGR_H__ +#define __XMLSEC_NSS_AKMNGR_H__ + +#include <nss.h> +#include <nspr.h> +#include <pk11func.h> +#include <cert.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr +xmlSecNssAppliedKeysMngrCreate( + PK11SlotInfo** slots, + int cSlots, + CERTCertDBHandle* handler +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssAppliedKeysMngrSymKeyLoad( + xmlSecKeysMngrPtr mngr , + PK11SymKey* symKey +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssAppliedKeysMngrPubKeyLoad( + xmlSecKeysMngrPtr mngr , + SECKEYPublicKey* pubKey +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssAppliedKeysMngrPriKeyLoad( + xmlSecKeysMngrPtr mngr , + SECKEYPrivateKey* priKey +) ; + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __XMLSEC_NSS_AKMNGR_H__ */ + + + diff --git a/libxmlsec/include/ciphers.h b/libxmlsec/include/ciphers.h new file mode 100644 index 000000000000..8088614dee74 --- /dev/null +++ b/libxmlsec/include/ciphers.h @@ -0,0 +1,36 @@ +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright .......................... + */ +#ifndef __XMLSEC_NSS_CIPHERS_H__ +#define __XMLSEC_NSS_CIPHERS_H__ + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> + + +XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, + PK11SymKey* symkey ) ; + +XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; + +XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); + + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __XMLSEC_NSS_CIPHERS_H__ */ + + + diff --git a/libxmlsec/include/tokens.h b/libxmlsec/include/tokens.h new file mode 100644 index 000000000000..c7c0fa1ed500 --- /dev/null +++ b/libxmlsec/include/tokens.h @@ -0,0 +1,183 @@ +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. + * + * Contributor(s): _____________________________ + * + */ +#ifndef __XMLSEC_NSS_TOKENS_H__ +#define __XMLSEC_NSS_TOKENS_H__ + +#include <string.h> + +#include <nss.h> +#include <pk11func.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/list.h> + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/** + * xmlSecNssKeySlotListId + * + * The crypto mechanism list klass + */ +#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() +XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; + +/******************************************* + * KeySlot interfaces + *******************************************/ +/** + * Internal NSS key slot data + * @mechanismList: the mechanisms that the slot bound with. + * @slot: the pkcs slot + * + * This context is located after xmlSecPtrList + */ +typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; +typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; + +struct _xmlSecNssKeySlot { + CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ + PK11SlotInfo* slot ; +} ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotSetMechList( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE_PTR mechanismList +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotEnableMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE mechanism +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotDisableMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE mechanism +) ; + +XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR +xmlSecNssKeySlotGetMechList( + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotSetSlot( + xmlSecNssKeySlotPtr keySlot , + PK11SlotInfo* slot +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotInitialize( + xmlSecNssKeySlotPtr keySlot , + PK11SlotInfo* slot +) ; + +XMLSEC_CRYPTO_EXPORT void +xmlSecNssKeySlotFinalize( + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT PK11SlotInfo* +xmlSecNssKeySlotGetSlot( + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr +xmlSecNssKeySlotCreate() ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotCopy( + xmlSecNssKeySlotPtr newKeySlot , + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr +xmlSecNssKeySlotDuplicate( + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT void +xmlSecNssKeySlotDestroy( + xmlSecNssKeySlotPtr keySlot +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotBindMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE type +) ; + +XMLSEC_CRYPTO_EXPORT int +xmlSecNssKeySlotSupportMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE type +) ; + + +/************************************************************************ + * PKCS#11 crypto token interfaces + * + * A PKCS#11 slot repository will be defined internally. From the + * repository, a user can specify a particular slot for a certain crypto + * mechanism. + * + * In some situation, some cryptographic operation should act in a user + * designated devices. The interfaces defined here provide the way. If + * the user do not initialize the repository distinctly, the interfaces + * use the default functions provided by NSS itself. + * + ************************************************************************/ +/** + * Initialize NSS pkcs#11 slot repository + * + * Returns 0 if success or -1 if an error occurs. + */ +XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; + +/** + * Shutdown and destroy NSS pkcs#11 slot repository + */ +XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; + +/** + * Get PKCS#11 slot handler + * @type the mechanism that the slot must support. + * + * Returns a pointer to PKCS#11 slot or NULL if an error occurs. + * + * Notes: The returned handler must be destroied distinctly. + */ +XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; + +/** + * Adopt a pkcs#11 slot with a mechanism into the repository + * @slot: the pkcs#11 slot. + * @mech: the mechanism. + * + * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with + * this mechanism only can perform on the @slot. + * + * Returns 0 if success or -1 if an error occurs. + */ +XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __XMLSEC_NSS_TOKENS_H__ */ + + diff --git a/libxmlsec/makefile.mk b/libxmlsec/makefile.mk deleted file mode 100644 index c21668af13e8..000000000000 --- a/libxmlsec/makefile.mk +++ /dev/null @@ -1,249 +0,0 @@ -#************************************************************************* -# -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# Copyright 2000, 2010 Oracle and/or its affiliates. -# -# OpenOffice.org - a multi-platform office productivity suite -# -# This file is part of OpenOffice.org. -# -# OpenOffice.org is free software: you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License version 3 -# only, as published by the Free Software Foundation. -# -# OpenOffice.org is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License version 3 for more details -# (a copy is included in the LICENSE file that accompanied this code). -# -# You should have received a copy of the GNU Lesser General Public License -# version 3 along with OpenOffice.org. If not, see -# <http://www.openoffice.org/license.html> -# for a copy of the LGPLv3 License. -# -#************************************************************************* - -PRJ=. - -PRJNAME=xmlsec1 -TARGET=so_xmlsec1 -EXTERNAL_WARNINGS_NOT_ERRORS := TRUE - -# --- Settings ----------------------------------------------------- - -.INCLUDE : settings.mk - -.IF "$(OS)" == "ANDROID" || "$(OS)" == "IOS" -@all: - @echo "FIXME: XMLSec module not buildable yet on this platform" -.ENDIF - -# --- Files -------------------------------------------------------- - -XMLSEC1VERSION=1.2.14 - -TARFILE_NAME=$(PRJNAME)-$(XMLSEC1VERSION) -TARFILE_MD5=1f24ab1d39f4a51faf22244c94a6203f - -#xmlsec1-configure.patch: Set up the build. Straightforward configuration -#xmlsec1-configure-libxml-libxslt.patch: empty "$with_libxml" prepends /bin :-( -#xmlsec1-olderlibxml2.patch: Allow build against older libxml2, for macosx -#xmlsec1-nssdisablecallbacks.patch: Disable use of smime3 so don't need to package it -#xmlsec1-customkeymanage.patch: Could we do this alternatively outside xmlsec -#xmlsec1-nssmangleciphers.patch: Dubious, do we still need this ? -#xmlsec1-noverify.patch: As per readme.txt. -#xmlsec1-mingw32.patch: Mingw32 support. -#xmlsec1-mingw-customkeymanage-addmscrypto.patch: builds the custom keymanager on mingw -#xmlsec1-vc.path: support for Visual C++ 10 -#xmlsec1-1.2.14-ansi.patch: otherwise, at least MacPorts autoreconf (GNU -# Autoconf) 2.69 fails with "configure.in:50: error: automatic de-ANSI-fication -# support has been removed" (cf. upstream <http://git.gnome.org/browse/xmlsec/ -# commit/?id=6a4968bc33f83aaf61efc0a80333350ce9c372f5> "error in macro -# AM_C_PROTOTYPES (Roumen)") -PATCH_FILES=\ - xmlsec1-configure.patch \ - xmlsec1-configure-libxml-libxslt.patch \ - xmlsec1-olderlibxml2.patch \ - xmlsec1-nssdisablecallbacks.patch \ - xmlsec1-customkeymanage.patch \ - xmlsec1-nssmangleciphers.patch \ - xmlsec1-noverify.patch \ - xmlsec1-mingw-keymgr-mscrypto.patch \ - xmlsec1-vc10.patch \ - xmlsec1-1.2.14_fix_extern_c.patch \ - xmlsec1-android.patch \ - xmlsec1-1.2.14-ansi.patch \ - xmlsec1-oldlibtool.patch - -.IF "$(GUI)$(COM)"=="WNTGCC" - PATCH_FILES+=xmlsec1-mingw32.patch -.ENDIF - -.IF "$(OS)$(CPU)"=="MACOSXP" -PATCH_FILES+=xmlsec1-1.2.14_old_automake.patch -EXTRA_LINKFLAGS+=-Wl,-dylib_file,@executable_path/libnssutil3.dylib:$(SOLARLIBDIR)/libnssutil3.dylib -.ENDIF - -ADDITIONAL_FILES= \ - include/xmlsec/mscrypto/akmngr.h \ - src/mscrypto/akmngr.c \ - include/xmlsec/nss/akmngr.h \ - include/xmlsec/nss/ciphers.h \ - include/xmlsec/nss/tokens.h \ - src/nss/akmngr.c \ - src/nss/keywrapers.c \ - src/nss/tokens.c - -.IF "$(GUI)"=="WNT" -CRYPTOLIB=mscrypto -.ELSE -CRYPTOLIB=nss -.ENDIF - -.IF "$(OS)"=="WNT" -.IF "$(COM)"=="GCC" -xmlsec_CC=$(CC) -mthreads -.IF "$(MINGW_SHARED_GCCLIB)"=="YES" -xmlsec_CC+=-shared-libgcc -.ENDIF -xmlsec_LIBS= -.IF "$(MINGW_SHARED_GXXLIB)"=="YES" -xmlsec_LIBS+=$(MINGW_SHARED_LIBSTDCPP) -.ENDIF -CONF_ILIB= -.IF "$(ILIB)" != "" -CONF_ILIB=-L$(ILIB:s/;/ -L/) -.ENDIF - -CONFIGURE_DIR= -CONFIGURE_ACTION=autoreconf; ./configure - -BUILD_AND_HOST=--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) MINGW_SYSROOT=$(MINGW_SYSROOT) OBJDUMP="$(OBJDUMP)" - -CONFIGURE_FLAGS=--with-libxslt=no --with-openssl=no --with-gnutls=no --disable-crypto-dl $(BUILD_AND_HOST) CC="$(xmlsec_CC)" LDFLAGS="-Wl,--no-undefined $(CONF_ILIB)" LIBS="$(xmlsec_LIBS)" LIBXML2LIB="$(LIBXML2LIB)" ZLIB3RDLIB=$(ZLIB3RDLIB) - -.IF "$(SYSTEM_NSS)" != "YES" -CONFIGURE_FLAGS+=--enable-pkgconfig=no -.ENDIF -BUILD_ACTION=$(GNUMAKE) -j$(GMAKE_MODULE_PARALLELISM) -BUILD_DIR=$(CONFIGURE_DIR) - -.ELSE # "$(COM)"!="GCC" - -CONFIGURE_DIR=win32 -CONFIGURE_ACTION=cscript configure.js -.IF "$(product)"!="full" && "$(CCNUMVER)" >= "001399999999" -CONFIGURE_FLAGS=crypto=$(CRYPTOLIB) debug=yes xslt=no iconv=no static=no include=$(BASEINC) lib=$(BASELIB) -.ELSE -CONFIGURE_FLAGS=crypto=$(CRYPTOLIB) xslt=no iconv=no static=no include=$(BASEINC) lib=$(BASELIB) -.ENDIF -BUILD_ACTION=nmake -BUILD_DIR=$(CONFIGURE_DIR) -.ENDIF # "$(COM)"=="GCC" - -.ELSE # "$(OS)"!="WNT" - -.IF "$(GUI)"=="UNX" - -.IF "$(COM)"=="C52" && "$(CPU)"=="U" -xmlsec_CFLAGS+=-m64 -.ENDIF - -.IF "$(SYSBASE)"!="" -xmlsec_CFLAGS+=-I$(SYSBASE)/usr/include -.IF "$(COMNAME)"=="sunpro5" -xmlsec_CFLAGS+=$(C_RESTRICTIONFLAGS) -.ENDIF # "$(COMNAME)"=="sunpro5" -.IF "$(EXTRA_CFLAGS)"!="" -xmlsec_CFLAGS+=$(EXTRA_CFLAGS) -xmlsec_CPPFLAGS+=$(EXTRA_CFLAGS) -.ENDIF # "$(EXTRA_CFLAGS)"!="" -xmlsec_LDFLAGS+=-L$(SYSBASE)/usr/lib -.ELIF "$(OS)"=="MACOSX" # "$(SYSBASE)"!="" -xmlsec_CPPFLAGS+=$(EXTRA_CDEFS) -.ENDIF - -.IF "$(OS)$(COM)"=="LINUXGCC" || "$(OS)$(COM)"=="FREEBSDGCC" -xmlsec_LDFLAGS+=-Wl,-z,origin -Wl,-rpath,'$$$$ORIGIN:$$$$ORIGIN/../ure-link/lib' -.ENDIF # "$(OS)$(COM)"=="LINUXGCC" || "$(OS)$(COM)"=="FREEBSDGCC" -.IF "$(OS)$(COM)"=="SOLARISC52" -xmlsec_LDFLAGS+=-Wl,-R'$$$$ORIGIN:$$$$ORIGIN/../ure-link/lib' -.ENDIF # "$(OS)$(COM)"=="SOLARISC52" - -LDFLAGS:=$(xmlsec_LDFLAGS) -.EXPORT: LDFLAGS - -.ENDIF -CONFIGURE_DIR= -CONFIGURE_ACTION=autoreconf; ./configure ADDCFLAGS="$(xmlsec_CFLAGS)" CPPFLAGS="$(xmlsec_CPPFLAGS)" - -.IF "$(OS)" == "MACOSX" -.IF "$(ACLOCAL)" == "" -ACLOCAL=aclocal -.ENDIF -CONFIGURE_ACTION:=ACLOCAL="$(ACLOCAL) -I $(SRCDIR)/m4/mac" $(CONFIGURE_ACTION) -.ENDIF - -CONFIGURE_FLAGS=--with-pic --disable-shared --disable-crypto-dl --with-libxslt=no --with-gnutls=no LIBXML2LIB="$(LIBXML2LIB)" - -.IF "$(CROSS_COMPILING)"=="YES" -CONFIGURE_FLAGS+= --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) -.ENDIF - -.IF "$(OS)" == "ANDROID" -CONFIGURE_FLAGS+=--with-openssl=$(SOLARVER)/$(INPATH) -.ELSE -CONFIGURE_FLAGS+=--with-openssl=no -.ENDIF - -.IF "$(OS)" == "MACOSX" -CONFIGURE_FLAGS += \ - --prefix=/@.__________________________________________________$(EXTRPATH) -.END - -# system-mozilla needs pkgconfig to get the information about nss -# FIXME: This also will enable pkg-config usage for libxml2. It *seems* -# that the internal headers still are used when they are there but.... -# (and that pkg-config is allowed to fail...) -# I have no real good idea how to get mozilla (nss) pkg-config'ed and libxml2 -# not... We need mozilla-nss pkg-config'ed since we can *not* just use -# --with-nss or parse -pkg-config --libs / cflags mozilla-nss since -# the lib may a) be in /usr/lib (Debian) and be not in $with_nss/include -# $with_nss/lib. -.IF "$(SYSTEM_NSS)" != "YES" || "$(OS)" == "MACOSX" -CONFIGURE_FLAGS+=--enable-pkgconfig=no -.ENDIF -BUILD_ACTION=$(GNUMAKE) -j$(EXTMAXPROCESS) -BUILD_DIR=$(CONFIGURE_DIR) -.ENDIF - - -OUTDIR2INC=include/xmlsec - -.IF "$(OS)"=="WNT" -.IF "$(COM)"=="GCC" -OUT2LIB+=src/.libs/libxmlsec1.dll.a src/nss/.libs/libxmlsec1-nss.dll.a -OUT2BIN+=src/.libs/libxmlsec1.dll src/nss/.libs/libxmlsec1-nss.dll -.IF "$(CROSS_COMPILING)" != "YES" -OUT2LIB+=src/mscrypto/.libs/libxmlsec1-mscrypto.dll.a -OUT2BIN+=src/mscrypto/.libs/libxmlsec1-mscrypto.dll -.ENDIF -.ELSE -OUT2LIB+=win32/binaries/*.lib -OUT2BIN+=win32/binaries/*.dll -.ENDIF -.ELIF "$(OS)" == "ANDROID" -OUT2LIB+=src/.libs/libxmlsec1.a src/openssl/.libs/libxmlsec1-openssl.a -.ELSE -OUT2LIB+=src/.libs/libxmlsec1.a src/nss/.libs/libxmlsec1-nss.a -.ENDIF - -# --- Targets ------------------------------------------------------ - -.INCLUDE : set_ext.mk -.INCLUDE : target.mk -.INCLUDE : tg_ext.mk - - diff --git a/libxmlsec/prj/d.lst b/libxmlsec/prj/d.lst index 21896b57657b..e69de29bb2d1 100644 --- a/libxmlsec/prj/d.lst +++ b/libxmlsec/prj/d.lst @@ -1,9 +0,0 @@ -mkdir: %_DEST%\inc\external\xmlsec -mkdir: %_DEST%\inc\external\xmlsec\nss -mkdir: %_DEST%\inc\external\xmlsec\mscrypto -..\%__SRC%\inc\xmlsec\*.h %_DEST%\inc\external\xmlsec\*.h -..\%__SRC%\inc\xmlsec\nss\*.h %_DEST%\inc\external\xmlsec\nss\*.h -..\%__SRC%\inc\xmlsec\mscrypto\*.h %_DEST%\inc\external\xmlsec\mscrypto\*.h -..\%__SRC%\lib\lib*.a %_DEST%\lib -..\%__SRC%\lib\*.lib %_DEST%\lib -..\%__SRC%\bin\*.dll %_DEST%\bin diff --git a/libxmlsec/prj/dmake b/libxmlsec/prj/dmake deleted file mode 100644 index e69de29bb2d1..000000000000 --- a/libxmlsec/prj/dmake +++ /dev/null diff --git a/libxmlsec/src/akmngr_mscrypto.c b/libxmlsec/src/akmngr_mscrypto.c new file mode 100644 index 000000000000..af9eef4ecfb6 --- /dev/null +++ b/libxmlsec/src/akmngr_mscrypto.c @@ -0,0 +1,237 @@ +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright......................... + */ +#include "globals.h" + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/keysmngr.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> + +#include <xmlsec/mscrypto/crypto.h> +#include <xmlsec/mscrypto/keysstore.h> +#include <xmlsec/mscrypto/akmngr.h> +#include <xmlsec/mscrypto/x509.h> + +/** + * xmlSecMSCryptoAppliedKeysMngrCreate: + * @hKeyStore: the pointer to key store. + * @hCertStore: the pointer to certificate database. + * + * Create and load key store and certificate database into keys manager + * + * Returns keys manager pointer on success or NULL otherwise. + */ +xmlSecKeysMngrPtr +xmlSecMSCryptoAppliedKeysMngrCreate( + HCERTSTORE hKeyStore , + HCERTSTORE hCertStore +) { + xmlSecKeyDataStorePtr certStore = NULL ; + xmlSecKeysMngrPtr keyMngr = NULL ; + xmlSecKeyStorePtr keyStore = NULL ; + + keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyStoreCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return NULL ; + } + + /*- + * At present, MS Crypto engine do not provide a way to setup a key store. + */ + if( keyStore != NULL ) { + /*TODO: binding key store.*/ + } + + keyMngr = xmlSecKeysMngrCreate() ; + if( keyMngr == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + return NULL ; + } + + /*- + * Add key store to manager, from now on keys manager destroys the store if + * needed + */ + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecKeysMngrAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + /*- + * Initialize crypto library specific data in keys manager + */ + if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecMSCryptoKeysMngrInit" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + /*- + * Set certificate databse to X509 key data store + */ + /*- + * At present, MS Crypto engine do not provide a way to setup a cert store. + */ + + /*- + * Set the getKey callback + */ + keyMngr->getKey = xmlSecKeysMngrGetKey ; + + return keyMngr ; +} + +int +xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY symKey +) { + /*TODO: import the key into keys manager.*/ + return(0) ; +} + +int +xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY pubKey +) { + /*TODO: import the key into keys manager.*/ + return(0) ; +} + +int +xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( + xmlSecKeysMngrPtr mngr , + HCRYPTKEY priKey +) { + /*TODO: import the key into keys manager.*/ + return(0) ; +} + +int +xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE keyStore +) { + xmlSecKeyDataStorePtr x509Store ; + + xmlSecAssert2( mngr != NULL, -1 ) ; + xmlSecAssert2( keyStore != NULL, -1 ) ; + + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; + if( x509Store == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetDataStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , + "xmlSecMSCryptoX509StoreAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + return( 0 ) ; +} + +int +xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE trustedStore +) { + xmlSecKeyDataStorePtr x509Store ; + + xmlSecAssert2( mngr != NULL, -1 ) ; + xmlSecAssert2( trustedStore != NULL, -1 ) ; + + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; + if( x509Store == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetDataStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , + "xmlSecMSCryptoX509StoreAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + return( 0 ) ; +} + +int +xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( + xmlSecKeysMngrPtr mngr , + HCERTSTORE untrustedStore +) { + xmlSecKeyDataStorePtr x509Store ; + + xmlSecAssert2( mngr != NULL, -1 ) ; + xmlSecAssert2( untrustedStore != NULL, -1 ) ; + + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; + if( x509Store == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetDataStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , + "xmlSecMSCryptoX509StoreAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ) ; + } + + return( 0 ) ; +} + + diff --git a/libxmlsec/src/akmngr_nss.c b/libxmlsec/src/akmngr_nss.c new file mode 100644 index 000000000000..0eddf86ef931 --- /dev/null +++ b/libxmlsec/src/akmngr_nss.c @@ -0,0 +1,384 @@ +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright......................... + */ +#include "globals.h" + +#include <nspr.h> +#include <nss.h> +#include <pk11func.h> +#include <cert.h> +#include <keyhi.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> + +#include <xmlsec/nss/crypto.h> +#include <xmlsec/nss/tokens.h> +#include <xmlsec/nss/akmngr.h> +#include <xmlsec/nss/pkikeys.h> +#include <xmlsec/nss/ciphers.h> +#include <xmlsec/nss/keysstore.h> + +/** + * xmlSecNssAppliedKeysMngrCreate: + * @slot: array of pointers to NSS PKCS#11 slot information. + * @cSlots: number of slots in the array + * @handler: the pointer to NSS certificate database. + * + * Create and load NSS crypto slot and certificate database into keys manager + * + * Returns keys manager pointer on success or NULL otherwise. + */ +xmlSecKeysMngrPtr +xmlSecNssAppliedKeysMngrCreate( + PK11SlotInfo** slots, + int cSlots, + CERTCertDBHandle* handler +) { + xmlSecKeyDataStorePtr certStore = NULL ; + xmlSecKeysMngrPtr keyMngr = NULL ; + xmlSecKeyStorePtr keyStore = NULL ; + int islot = 0; + keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyStoreCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return NULL ; + } + + for (islot = 0; islot < cSlots; islot++) + { + xmlSecNssKeySlotPtr keySlot ; + + /* Create a key slot */ + keySlot = xmlSecNssKeySlotCreate() ; + if( keySlot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeySlotCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + return NULL ; + } + + /* Set slot */ + if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeySlotSetSlot" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return NULL ; + } + + /* Adopt keySlot */ + if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeysStoreAdoptKeySlot" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return NULL ; + } + } + + keyMngr = xmlSecKeysMngrCreate() ; + if( keyMngr == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + return NULL ; + } + + /*- + * Add key store to manager, from now on keys manager destroys the store if + * needed + */ + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecKeysMngrAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + /*- + * Initialize crypto library specific data in keys manager + */ + if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + /*- + * Set certificate databse to X509 key data store + */ + /** + * Because Tej's implementation of certDB use the default DB, so I ignore + * the certDB handler at present. I'll modify the cert store sources to + * accept particular certDB instead of default ones. + certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; + if( certStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecKeysMngrGetDataStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeyDataStoreX509SetCertDb" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + */ + + /*- + * Set the getKey callback + */ + keyMngr->getKey = xmlSecKeysMngrGetKey ; + + return keyMngr ; +} + +int +xmlSecNssAppliedKeysMngrSymKeyLoad( + xmlSecKeysMngrPtr mngr , + PK11SymKey* symKey +) { + xmlSecKeyPtr key ; + xmlSecKeyDataPtr data ; + xmlSecKeyStorePtr keyStore ; + + xmlSecAssert2( mngr != NULL , -1 ) ; + xmlSecAssert2( symKey != NULL , -1 ) ; + + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetKeysStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; + + data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + + key = xmlSecKeyCreate() ; + if( key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecKeySetValue( key , data ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDestroy( key ) ; + return(-1) ; + } + + return(0) ; +} + +int +xmlSecNssAppliedKeysMngrPubKeyLoad( + xmlSecKeysMngrPtr mngr , + SECKEYPublicKey* pubKey +) { + xmlSecKeyPtr key ; + xmlSecKeyDataPtr data ; + xmlSecKeyStorePtr keyStore ; + + xmlSecAssert2( mngr != NULL , -1 ) ; + xmlSecAssert2( pubKey != NULL , -1 ) ; + + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetKeysStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; + + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssPKIAdoptKey" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + + key = xmlSecKeyCreate() ; + if( key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecKeySetValue( key , data ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDestroy( key ) ; + return(-1) ; + } + + return(0) ; +} + +int +xmlSecNssAppliedKeysMngrPriKeyLoad( + xmlSecKeysMngrPtr mngr , + SECKEYPrivateKey* priKey +) { + xmlSecKeyPtr key ; + xmlSecKeyDataPtr data ; + xmlSecKeyStorePtr keyStore ; + + xmlSecAssert2( mngr != NULL , -1 ) ; + xmlSecAssert2( priKey != NULL , -1 ) ; + + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetKeysStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; + + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssPKIAdoptKey" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + + key = xmlSecKeyCreate() ; + if( key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecKeySetValue( key , data ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDestroy( key ) ; + return(-1) ; + } + + return(0) ; +} + diff --git a/libxmlsec/src/keywrapers.c b/libxmlsec/src/keywrapers.c new file mode 100644 index 000000000000..6066724c874b --- /dev/null +++ b/libxmlsec/src/keywrapers.c @@ -0,0 +1,1213 @@ +/** + * + * XMLSec library + * + * AES Algorithm support + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright ................................. + */ +#include "globals.h" + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> + +#include <nss.h> +#include <pk11func.h> +#include <hasht.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> + +#include <xmlsec/nss/crypto.h> +#include <xmlsec/nss/ciphers.h> + +#define XMLSEC_NSS_AES128_KEY_SIZE 16 +#define XMLSEC_NSS_AES192_KEY_SIZE 24 +#define XMLSEC_NSS_AES256_KEY_SIZE 32 +#define XMLSEC_NSS_DES3_KEY_SIZE 24 +#define XMLSEC_NSS_DES3_KEY_LENGTH 24 +#define XMLSEC_NSS_DES3_IV_LENGTH 8 +#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 + +static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { + 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 +}; + +/********************************************************************* + * + * key wrap transforms + * + ********************************************************************/ +typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; +typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; + +#define xmlSecNssKeyWrapSize \ + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) + +#define xmlSecNssKeyWrapGetCtx( transform ) \ + ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) + +struct _xmlSecNssKeyWrapCtx { + CK_MECHANISM_TYPE cipher ; + PK11SymKey* symkey ; + xmlSecKeyDataId keyId ; + xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ +} ; + +static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); +static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); +static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, + xmlSecKeyReqPtr keyReq); +static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, + xmlSecKeyPtr key); +static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, + int last, + xmlSecTransformCtxPtr transformCtx); +static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); + +static int +xmlSecNssKeyWrapCheckId( + xmlSecTransformPtr transform +) { + #ifndef XMLSEC_NO_DES + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { + return(1); + } + #endif /* XMLSEC_NO_DES */ + + #ifndef XMLSEC_NO_AES + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || + xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || + xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { + + return(1); + } + #endif /* XMLSEC_NO_AES */ + + return(0); +} + +static xmlSecSize +xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { +#ifndef XMLSEC_NO_DES + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { + return(XMLSEC_NSS_DES3_KEY_SIZE); + } else +#endif /* XMLSEC_NO_DES */ + +#ifndef XMLSEC_NO_AES + if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { + return(XMLSEC_NSS_AES128_KEY_SIZE); + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { + return(XMLSEC_NSS_AES192_KEY_SIZE); + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { + return(XMLSEC_NSS_AES256_KEY_SIZE); + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { + return(XMLSEC_NSS_AES256_KEY_SIZE); + } else +#endif /* XMLSEC_NO_AES */ + + if(1) + return(0); +} + + +static int +xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { + xmlSecNssKeyWrapCtxPtr context ; + int ret; + + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); + + context = xmlSecNssKeyWrapGetCtx( transform ) ; + xmlSecAssert2( context != NULL , -1 ) ; + + #ifndef XMLSEC_NO_DES + if( transform->id == xmlSecNssTransformKWDes3Id ) { + context->cipher = CKM_DES3_CBC ; + context->keyId = xmlSecNssKeyDataDesId ; + } else + #endif /* XMLSEC_NO_DES */ + + #ifndef XMLSEC_NO_AES + if( transform->id == xmlSecNssTransformKWAes128Id ) { + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ + context->cipher = CKM_AES_CBC ; + context->keyId = xmlSecNssKeyDataAesId ; + } else + if( transform->id == xmlSecNssTransformKWAes192Id ) { + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ + context->cipher = CKM_AES_CBC ; + context->keyId = xmlSecNssKeyDataAesId ; + } else + if( transform->id == xmlSecNssTransformKWAes256Id ) { + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ + context->cipher = CKM_AES_CBC ; + context->keyId = xmlSecNssKeyDataAesId ; + } else + #endif /* XMLSEC_NO_AES */ + + + if( 1 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + context->symkey = NULL ; + context->material = NULL ; + + return(0); +} + +static void +xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { + xmlSecNssKeyWrapCtxPtr context ; + + xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); + + context = xmlSecNssKeyWrapGetCtx( transform ) ; + xmlSecAssert( context != NULL ) ; + + if( context->symkey != NULL ) { + PK11_FreeSymKey( context->symkey ) ; + context->symkey = NULL ; + } + + if( context->material != NULL ) { + xmlSecBufferDestroy(context->material); + context->material = NULL ; + } +} + +static int +xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecNssKeyWrapCtxPtr context ; + xmlSecSize cipherSize = 0 ; + + + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(keyReq != NULL, -1); + + context = xmlSecNssKeyWrapGetCtx( transform ) ; + xmlSecAssert2( context != NULL , -1 ) ; + + keyReq->keyId = context->keyId; + keyReq->keyType = xmlSecKeyDataTypeSymmetric; + if(transform->operation == xmlSecTransformOperationEncrypt) { + keyReq->keyUsage = xmlSecKeyUsageEncrypt; + } else { + keyReq->keyUsage = xmlSecKeyUsageDecrypt; + } + + keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; + + return(0); +} + +static int +xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecNssKeyWrapCtxPtr context = NULL ; + xmlSecKeyDataPtr keyData = NULL ; + PK11SymKey* symkey = NULL ; + + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(key != NULL, -1); + + context = xmlSecNssKeyWrapGetCtx( transform ) ; + if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyWrapGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; + + keyData = xmlSecKeyGetValue( key ) ; + if( keyData == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , + "xmlSecKeyGetValue" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , + "xmlSecNssSymKeyDataGetKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + context->symkey = symkey ; + + return(0) ; +} + +/** + * key wrap transform + */ +static int +xmlSecNssKeyWrapCtxInit( + xmlSecNssKeyWrapCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx +) { + xmlSecSize blockSize ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + if( ctx->material != NULL ) { + xmlSecBufferDestroy( ctx->material ) ; + ctx->material = NULL ; + } + + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetBlockSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + ctx->material = xmlSecBufferCreate( blockSize ) ; + if( ctx->material == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* read raw key material into context */ + if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetData" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + return(0); +} + +/** + * key wrap transform update + */ +static int +xmlSecNssKeyWrapCtxUpdate( + xmlSecNssKeyWrapCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx +) { + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + /* read raw key material and append into context */ + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + return(0); +} + +static int +xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { + xmlSecSize s; + xmlSecSize i; + xmlSecByte c; + + xmlSecAssert2(buf != NULL, -1); + + s = size / 2; + --size; + for(i = 0; i < s; ++i) { + c = buf[i]; + buf[i] = buf[size - i]; + buf[size - i] = c; + } + return(0); +} + +static xmlSecByte * +xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, + xmlSecByte *out, xmlSecSize outSize) +{ + PK11Context *context = NULL; + SECStatus s; + xmlSecByte *digest = NULL; + unsigned int len; + + xmlSecAssert2(in != NULL, NULL); + xmlSecAssert2(out != NULL, NULL); + xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); + + /* Create a context for hashing (digesting) */ + context = PK11_CreateDigestContext(SEC_OID_SHA1); + if (context == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_CreateDigestContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code = %d", PORT_GetError()); + goto done; + } + + s = PK11_DigestBegin(context); + if (s != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_DigestBegin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code = %d", PORT_GetError()); + goto done; + } + + s = PK11_DigestOp(context, in, inSize); + if (s != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_DigestOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code = %d", PORT_GetError()); + goto done; + } + + s = PK11_DigestFinal(context, out, &len, outSize); + if (s != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code = %d", PORT_GetError()); + goto done; + } + xmlSecAssert2(len == SHA1_LENGTH, NULL); + + digest = out; + +done: + if (context != NULL) { + PK11_DestroyContext(context, PR_TRUE); + } + return (digest); +} + +static int +xmlSecNssKWDes3Encrypt( + PK11SymKey* symKey , + CK_MECHANISM_TYPE cipherMech , + const xmlSecByte* iv , + xmlSecSize ivSize , + const xmlSecByte* in , + xmlSecSize inSize , + xmlSecByte* out , + xmlSecSize outSize , + int enc +) { + PK11Context* EncContext = NULL; + SECItem ivItem ; + SECItem* secParam = NULL ; + int tmp1_outlen; + unsigned int tmp2_outlen; + int result_len = -1; + SECStatus rv; + + xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( symKey != NULL , -1 ) ; + xmlSecAssert2(iv != NULL, -1); + xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(inSize > 0, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(outSize >= inSize, -1); + + /* Prepare IV */ + ivItem.data = ( unsigned char* )iv ; + ivItem.len = ivSize ; + + secParam = PK11_ParamFromIV(cipherMech, &ivItem); + if (secParam == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_ParamFromIV", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "Error code = %d", PORT_GetError()); + goto done; + } + + EncContext = PK11_CreateContextBySymKey(cipherMech, + enc ? CKA_ENCRYPT : CKA_DECRYPT, + symKey, secParam); + if (EncContext == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_CreateContextBySymKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "Error code = %d", PORT_GetError()); + goto done; + } + + tmp1_outlen = tmp2_outlen = 0; + rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, + (unsigned char *)in, inSize); + if (rv != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_CipherOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "Error code = %d", PORT_GetError()); + goto done; + } + + rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, + &tmp2_outlen, outSize-tmp1_outlen); + if (rv != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "Error code = %d", PORT_GetError()); + goto done; + } + + result_len = tmp1_outlen + tmp2_outlen; + +done: + if (secParam) { + SECITEM_FreeItem(secParam, PR_TRUE); + } + if (EncContext) { + PK11_DestroyContext(EncContext, PR_TRUE); + } + + return(result_len); +} + +static int +xmlSecNssKeyWrapDesOp( + xmlSecNssKeyWrapCtxPtr ctx , + int encrypt , + xmlSecBufferPtr result +) { + xmlSecByte sha1[SHA1_LENGTH]; + xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; + xmlSecByte* in; + xmlSecSize inSize; + xmlSecByte* out; + xmlSecSize outSize; + xmlSecSize s; + int ret; + SECStatus status; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( result != NULL , -1 ) ; + + in = xmlSecBufferGetData(ctx->material); + inSize = xmlSecBufferGetSize(ctx->material) ; + out = xmlSecBufferGetData(result); + outSize = xmlSecBufferGetMaxSize(result) ; + if( encrypt ) { + /* step 2: calculate sha1 and CMS */ + if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssComputeSHA1", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* step 3: construct WKCKS */ + memcpy(out, in, inSize); + memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); + + /* step 4: generate random iv */ + status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); + if(status != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "PK11_GenerateRandom", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "error code = %d", PORT_GetError()); + return(-1); + } + + /* step 5: first encryption, result is TEMP1 */ + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, + iv, XMLSEC_NSS_DES3_IV_LENGTH, + out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, + out, outSize, 1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3Encrypt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* step 6: construct TEMP2=IV || TEMP1 */ + memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, + inSize + XMLSEC_NSS_DES3_IV_LENGTH); + memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); + s = ret + XMLSEC_NSS_DES3_IV_LENGTH; + + /* step 7: reverse octets order, result is TEMP3 */ + ret = xmlSecNssKWDes3BufferReverse(out, s); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3BufferReverse", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* step 8: second encryption with static IV */ + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, + xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, + out, s, + out, outSize, 1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3Encrypt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + s = ret; + + if( xmlSecBufferSetSize( result , s ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else { + /* step 2: first decryption with static IV, result is TEMP3 */ + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, + xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, + in, inSize, + out, outSize, 0); + if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3Encrypt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + s = ret; + + /* step 3: reverse octets order in TEMP3, result is TEMP2 */ + ret = xmlSecNssKWDes3BufferReverse(out, s); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3BufferReverse", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, + out, XMLSEC_NSS_DES3_IV_LENGTH, + out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, + out, outSize, 0); + if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssKWDes3Encrypt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + s = ret - XMLSEC_NSS_DES3_IV_LENGTH; + + /* steps 6 and 7: calculate SHA1 and validate it */ + if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssComputeSHA1", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "SHA1 does not match"); + return(-1); + } + + if( xmlSecBufferSetSize( result , s ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + return(0); +} + +static int +xmlSecNssKeyWrapAesOp( + xmlSecNssKeyWrapCtxPtr ctx , + int encrypt , + xmlSecBufferPtr result +) { + PK11Context* cipherCtx = NULL; + SECItem ivItem ; + SECItem* secParam = NULL ; + xmlSecSize inSize ; + xmlSecSize inBlocks ; + int blockSize ; + int midSize ; + int finSize ; + xmlSecByte* out ; + xmlSecSize outSize; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( result != NULL , -1 ) ; + + /* Do not set any IV */ + memset(&ivItem, 0, sizeof(ivItem)); + + /* Get block size */ + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetBlockSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + inSize = xmlSecBufferGetSize( ctx->material ) ; + if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetMaxSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* Get Param for context initialization */ + if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_ParamFromIV" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; + if( cipherCtx == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_CreateContextBySymKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + SECITEM_FreeItem( secParam , PR_TRUE ) ; + return(-1); + } + + out = xmlSecBufferGetData(result) ; + outSize = xmlSecBufferGetMaxSize(result) ; + if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_CipherOp" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_DigestFinal" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + return 0 ; +} + +/** + * Block cipher transform final + */ +static int +xmlSecNssKeyWrapCtxFinal( + xmlSecNssKeyWrapCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx +) { + PK11SymKey* targetKey ; + xmlSecSize blockSize ; + xmlSecBufferPtr result ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + /* read raw key material and append into context */ + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* Now we get all of the key materail */ + /* from now on we will wrap or unwrap the key */ + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetBlockSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + result = xmlSecBufferCreate( blockSize ) ; + if( result == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + switch( ctx->cipher ) { + case CKM_DES3_CBC : + if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssKeyWrapDesOp" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + break ; + /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ + case CKM_AES_CBC : + if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssKeyWrapAesOp" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + break ; + } + + /* Write output */ + if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + xmlSecBufferDestroy(result); + + return(0); +} + +static int +xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecNssKeyWrapCtxPtr context = NULL ; + xmlSecBufferPtr inBuf, outBuf ; + int operation ; + int rtv ; + + xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + context = xmlSecNssKeyWrapGetCtx( transform ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyWrapGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + inBuf = &( transform->inBuf ) ; + outBuf = &( transform->outBuf ) ; + + if( transform->status == xmlSecTransformStatusNone ) { + transform->status = xmlSecTransformStatusWorking ; + } + + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; + if( transform->status == xmlSecTransformStatusWorking ) { + if( context->material == NULL ) { + rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyWrapCtxInit" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + } + + if( context->material == NULL && last != 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "No enough data to intialize transform" ) ; + return(-1); + } + + if( context->material != NULL ) { + rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyWrapCtxUpdate" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + } + + if( last ) { + rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyWrapCtxFinal" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + transform->status = xmlSecTransformStatusFinished ; + } + } else if( transform->status == xmlSecTransformStatusFinished ) { + if( xmlSecBufferGetSize( inBuf ) != 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "status=%d", transform->status ) ; + return(-1); + } + } else { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "status=%d", transform->status ) ; + return(-1); + } + + return(0); +} + +#ifndef XMLSEC_NO_AES + + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { +#else +static xmlSecTransformKlass xmlSecNssKWAes128Klass = { +#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ + + xmlSecNameKWAes128, /* const xmlChar* name; */ + xmlSecHrefKWAes128, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { +#else +static xmlSecTransformKlass xmlSecNssKWAes192Klass = { +#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ + + xmlSecNameKWAes192, /* const xmlChar* name; */ + xmlSecHrefKWAes192, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { +#else +static xmlSecTransformKlass xmlSecNssKWAes256Klass = { +#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ + + xmlSecNameKWAes256, /* const xmlChar* name; */ + xmlSecHrefKWAes256, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformKWAes128GetKlass: + * + * The AES-128 key wrapper transform klass. + * + * Returns AES-128 key wrapper transform klass. + */ +xmlSecTransformId +xmlSecNssTransformKWAes128GetKlass(void) { + return(&xmlSecNssKWAes128Klass); +} + +/** + * xmlSecNssTransformKWAes192GetKlass: + * + * The AES-192 key wrapper transform klass. + * + * Returns AES-192 key wrapper transform klass. + */ +xmlSecTransformId +xmlSecNssTransformKWAes192GetKlass(void) { + return(&xmlSecNssKWAes192Klass); +} + +/** + * + * The AES-256 key wrapper transform klass. + * + * Returns AES-256 key wrapper transform klass. + */ +xmlSecTransformId +xmlSecNssTransformKWAes256GetKlass(void) { + return(&xmlSecNssKWAes256Klass); +} + +#endif /* XMLSEC_NO_AES */ + + +#ifndef XMLSEC_NO_DES + +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { +#else +static xmlSecTransformKlass xmlSecNssKWDes3Klass = { +#endif + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ + + xmlSecNameKWDes3, /* const xmlChar* name; */ + xmlSecHrefKWDes3, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformKWDes3GetKlass: + * + * The Triple DES key wrapper transform klass. + * + * Returns Triple DES key wrapper transform klass. + */ +xmlSecTransformId +xmlSecNssTransformKWDes3GetKlass(void) { + return(&xmlSecNssKWDes3Klass); +} + +#endif /* XMLSEC_NO_DES */ + diff --git a/libxmlsec/src/tokens.c b/libxmlsec/src/tokens.c new file mode 100644 index 000000000000..8f2a4f890339 --- /dev/null +++ b/libxmlsec/src/tokens.c @@ -0,0 +1,548 @@ +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright.................................. + * + * Contributor(s): _____________________________ + * + */ + +/** + * In order to ensure that particular crypto operation is performed on + * particular crypto device, a subclass of xmlSecList is used to store slot and + * mechanism information. + * + * In the list, a slot is bound with a mechanism. If the mechanism is available, + * this mechanism only can perform on the slot; otherwise, it can perform on + * every eligibl slot in the list. + * + * When try to find a slot for a particular mechanism, the slot bound with + * avaliable mechanism will be looked up firstly. + */ +#include "globals.h" +#include <string.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/errors.h> +#include <xmlsec/list.h> + +#include <xmlsec/nss/tokens.h> + +int +xmlSecNssKeySlotSetMechList( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE_PTR mechanismList +) { + int counter ; + + xmlSecAssert2( keySlot != NULL , -1 ) ; + + if( keySlot->mechanismList != CK_NULL_PTR ) { + xmlFree( keySlot->mechanismList ) ; + + for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; + keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; + if( keySlot->mechanismList == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ); + } + for( ; counter >= 0 ; counter -- ) + *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; + } + + return( 0 ); +} + +int +xmlSecNssKeySlotEnableMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE mechanism +) { + int counter ; + CK_MECHANISM_TYPE_PTR newList ; + + xmlSecAssert2( keySlot != NULL , -1 ) ; + + if( mechanism != CKM_INVALID_MECHANISM ) { + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; + newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; + if( newList == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ); + } + *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; + *( newList + counter ) = mechanism ; + for( counter -= 1 ; counter >= 0 ; counter -- ) + *( newList + counter ) = *( keySlot->mechanismList + counter ) ; + + xmlFree( keySlot->mechanismList ) ; + keySlot->mechanismList = newList ; + } + + return(0); +} + +int +xmlSecNssKeySlotDisableMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE mechanism +) { + int counter ; + + xmlSecAssert2( keySlot != NULL , -1 ) ; + + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { + if( *( keySlot->mechanismList + counter ) == mechanism ) { + for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { + *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; + } + + break ; + } + } + + return(0); +} + +CK_MECHANISM_TYPE_PTR +xmlSecNssKeySlotGetMechList( + xmlSecNssKeySlotPtr keySlot +) { + if( keySlot != NULL ) + return keySlot->mechanismList ; + else + return NULL ; +} + +int +xmlSecNssKeySlotSetSlot( + xmlSecNssKeySlotPtr keySlot , + PK11SlotInfo* slot +) { + xmlSecAssert2( keySlot != NULL , -1 ) ; + + if( slot != NULL && keySlot->slot != slot ) { + if( keySlot->slot != NULL ) + PK11_FreeSlot( keySlot->slot ) ; + + if( keySlot->mechanismList != NULL ) { + xmlFree( keySlot->mechanismList ) ; + keySlot->mechanismList = NULL ; + } + + keySlot->slot = PK11_ReferenceSlot( slot ) ; + } + + return(0); +} + +int +xmlSecNssKeySlotInitialize( + xmlSecNssKeySlotPtr keySlot , + PK11SlotInfo* slot +) { + xmlSecAssert2( keySlot != NULL , -1 ) ; + xmlSecAssert2( keySlot->slot == NULL , -1 ) ; + xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; + + if( slot != NULL ) { + keySlot->slot = PK11_ReferenceSlot( slot ) ; + } + + return(0); +} + +void +xmlSecNssKeySlotFinalize( + xmlSecNssKeySlotPtr keySlot +) { + xmlSecAssert( keySlot != NULL ) ; + + if( keySlot->mechanismList != NULL ) { + xmlFree( keySlot->mechanismList ) ; + keySlot->mechanismList = NULL ; + } + + if( keySlot->slot != NULL ) { + PK11_FreeSlot( keySlot->slot ) ; + keySlot->slot = NULL ; + } + +} + +PK11SlotInfo* +xmlSecNssKeySlotGetSlot( + xmlSecNssKeySlotPtr keySlot +) { + if( keySlot != NULL ) + return keySlot->slot ; + else + return NULL ; +} + +xmlSecNssKeySlotPtr +xmlSecNssKeySlotCreate() { + xmlSecNssKeySlotPtr keySlot ; + + /* Allocates a new xmlSecNssKeySlot and fill the fields */ + keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; + if( keySlot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( NULL ); + } + memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; + + return( keySlot ) ; +} + +int +xmlSecNssKeySlotCopy( + xmlSecNssKeySlotPtr newKeySlot , + xmlSecNssKeySlotPtr keySlot +) { + CK_MECHANISM_TYPE_PTR mech ; + int counter ; + + xmlSecAssert2( newKeySlot != NULL , -1 ) ; + xmlSecAssert2( keySlot != NULL , -1 ) ; + + if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { + if( newKeySlot->slot != NULL ) + PK11_FreeSlot( newKeySlot->slot ) ; + + newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; + } + + if( keySlot->mechanismList != CK_NULL_PTR ) { + xmlFree( newKeySlot->mechanismList ) ; + + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; + newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; + if( newKeySlot->mechanismList == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ); + } + for( ; counter >= 0 ; counter -- ) + *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; + } + + return( 0 ); +} + +xmlSecNssKeySlotPtr +xmlSecNssKeySlotDuplicate( + xmlSecNssKeySlotPtr keySlot +) { + xmlSecNssKeySlotPtr newKeySlot ; + int ret ; + + xmlSecAssert2( keySlot != NULL , NULL ) ; + + newKeySlot = xmlSecNssKeySlotCreate() ; + if( newKeySlot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( NULL ); + } + + if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( NULL ); + } + + return( newKeySlot ); +} + +void +xmlSecNssKeySlotDestroy( + xmlSecNssKeySlotPtr keySlot +) { + xmlSecAssert( keySlot != NULL ) ; + + if( keySlot->mechanismList != NULL ) + xmlFree( keySlot->mechanismList ) ; + + if( keySlot->slot != NULL ) + PK11_FreeSlot( keySlot->slot ) ; + + xmlFree( keySlot ) ; +} + +int +xmlSecNssKeySlotBindMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE type +) { + int counter ; + + xmlSecAssert2( keySlot != NULL , 0 ) ; + xmlSecAssert2( keySlot->slot != NULL , 0 ) ; + xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; + + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { + if( *( keySlot->mechanismList + counter ) == type ) + return(1) ; + } + + return( 0 ) ; +} + +int +xmlSecNssKeySlotSupportMech( + xmlSecNssKeySlotPtr keySlot , + CK_MECHANISM_TYPE type +) { + xmlSecAssert2( keySlot != NULL , 0 ) ; + xmlSecAssert2( keySlot->slot != NULL , 0 ) ; + xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; + + if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { + return(1); + } else + return(0); +} + +void +xmlSecNssKeySlotDebugDump( + xmlSecNssKeySlotPtr keySlot , + FILE* output +) { + xmlSecAssert( keySlot != NULL ) ; + xmlSecAssert( output != NULL ) ; + + fprintf( output, "== KEY SLOT\n" ); +} + +void +xmlSecNssKeySlotDebugXmlDump( + xmlSecNssKeySlotPtr keySlot , + FILE* output +) { +} + +/** + * Key Slot List + */ +#ifdef __MINGW32__ // for runtime-pseudo-reloc +static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { +#else +static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { +#endif + BAD_CAST "mechanism-list", + (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, + (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, + (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, + (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, +}; + +xmlSecPtrListId +xmlSecNssKeySlotListGetKlass(void) { + return(&xmlSecNssKeySlotPtrListKlass); +} + + +/*- + * Global PKCS#11 crypto token repository -- Key slot list + */ +static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; + +PK11SlotInfo* +xmlSecNssSlotGet( + CK_MECHANISM_TYPE type +) { + PK11SlotInfo* slot = NULL ; + xmlSecNssKeySlotPtr keySlot ; + xmlSecSize ksSize ; + xmlSecSize ksPos ; + char flag ; + + if( _xmlSecNssKeySlotList == NULL ) { + slot = PK11_GetBestSlot( type , NULL ) ; + } else { + ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; + + /*- + * Firstly, checking whether the mechanism is bound with a special slot. + * If no bound slot, we try to find the first eligible slot in the list. + */ + for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; + if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { + slot = xmlSecNssKeySlotGetSlot( keySlot ) ; + flag = 2 ; + } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { + slot = xmlSecNssKeySlotGetSlot( keySlot ) ; + flag = 1 ; + } + + if( flag == 2 ) + break ; + } + if( slot != NULL ) + slot = PK11_ReferenceSlot( slot ) ; + } + + if( slot != NULL && PK11_NeedLogin( slot ) ) { + if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSlot( slot ) ; + return( NULL ); + } + } + + return slot ; +} + +int +xmlSecNssSlotInitialize( + void +) { + if( _xmlSecNssKeySlotList != NULL ) { + xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; + _xmlSecNssKeySlotList = NULL ; + } + + _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; + if( _xmlSecNssKeySlotList == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return( -1 ); + } + + return(0); +} + +void +xmlSecNssSlotShutdown( + void +) { + if( _xmlSecNssKeySlotList != NULL ) { + xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; + _xmlSecNssKeySlotList = NULL ; + } +} + +int +xmlSecNssSlotAdopt( + PK11SlotInfo* slot, + CK_MECHANISM_TYPE type +) { + xmlSecNssKeySlotPtr keySlot ; + xmlSecSize ksSize ; + xmlSecSize ksPos ; + char flag ; + + xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; + xmlSecAssert2( slot != NULL, -1 ) ; + + ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; + + /*- + * Firstly, checking whether the slot is in the repository already. + */ + flag = 0 ; + for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; + /* If find the slot in the list */ + if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { + /* If mechnism type is valid, bind the slot with the mechanism */ + if( type != CKM_INVALID_MECHANISM ) { + if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + } + + flag = 1 ; + } + } + + /* If the slot do not in the list, add a new item to the list */ + if( flag == 0 ) { + /* Create a new KeySlot */ + keySlot = xmlSecNssKeySlotCreate() ; + if( keySlot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* Initialize the keySlot with a slot */ + if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return(-1); + } + + /* If mechnism type is valid, bind the slot with the mechanism */ + if( type != CKM_INVALID_MECHANISM ) { + if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return(-1); + } + } + + /* Add keySlot into the list */ + if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return(-1); + } + } + + return(0); +} + diff --git a/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch b/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch index f5bbf5ed9c46..4d9764549429 100644 --- a/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch +++ b/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch @@ -1,5 +1,5 @@ ---- misc/build/xmlsec1-1.2.14/include/xmlsec/xmlsec.h.ORIGINAL 2009-12-05 15:19:18.000000000 -0600 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/xmlsec.h 2011-02-13 03:09:42.917240245 -0600 +--- build/xmlsec1-1.2.14/include/xmlsec/xmlsec.h.ORIGINAL 2009-12-05 15:19:18.000000000 -0600 ++++ build/xmlsec1-1.2.14/include/xmlsec/xmlsec.h 2011-02-13 03:09:42.917240245 -0600 @@ -11,16 +11,16 @@ #ifndef __XMLSEC_H__ #define __XMLSEC_H__ diff --git a/libxmlsec/xmlsec1-android.patch b/libxmlsec/xmlsec1-android.patch index 4a7d4e0e5f45..4b81b7c9803c 100644 --- a/libxmlsec/xmlsec1-android.patch +++ b/libxmlsec/xmlsec1-android.patch @@ -1,5 +1,5 @@ ---- misc/build/xmlsec1-1.2.14/config.sub -+++ misc/build/xmlsec1-1.2.14/config.sub +--- build/xmlsec1-1.2.14/config.sub ++++ build/xmlsec1-1.2.14/config.sub @@ -120,7 +120,7 @@ # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` diff --git a/libxmlsec/xmlsec1-customkeymanage.patch b/libxmlsec/xmlsec1-customkeymanage.patch index 8a9336881a98..1881ea923495 100644 --- a/libxmlsec/xmlsec1-customkeymanage.patch +++ b/libxmlsec/xmlsec1-customkeymanage.patch @@ -18,81 +18,6 @@ app.h \ certkeys.h \ crypto.h \ ---- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200 -@@ -1 +1,71 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright .......................... -+ */ -+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ -+#define __XMLSEC_MSCRYPTO_AKMNGR_H__ -+ -+#include <windows.h> -+#include <wincrypt.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr -+xmlSecMSCryptoAppliedKeysMngrCreate( -+ HCERTSTORE keyStore , -+ HCERTSTORE certStore -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY symKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY pubKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY priKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE keyStore -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE trustedStore -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE untrustedStore -+) ; -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ -+ -+ --- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200 @@ -10,6 +10,9 @@ @@ -117,66 +42,6 @@ $(NULL) all: all-am ---- misc/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200 -@@ -1 +1,56 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright .......................... -+ */ -+#ifndef __XMLSEC_NSS_AKMNGR_H__ -+#define __XMLSEC_NSS_AKMNGR_H__ -+ -+#include <nss.h> -+#include <nspr.h> -+#include <pk11func.h> -+#include <cert.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr -+xmlSecNssAppliedKeysMngrCreate( -+ PK11SlotInfo** slots, -+ int cSlots, -+ CERTCertDBHandle* handler -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ PK11SymKey* symKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPublicKey* pubKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPrivateKey* priKey -+) ; -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_NSS_AKMNGR_H__ */ -+ -+ --- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200 @@ -22,6 +22,9 @@ @@ -198,45 +63,6 @@ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type); ---- misc/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200 -@@ -1 +1,35 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright .......................... -+ */ -+#ifndef __XMLSEC_NSS_CIPHERS_H__ -+#define __XMLSEC_NSS_CIPHERS_H__ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+ -+ -+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, -+ PK11SymKey* symkey ) ; -+ -+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; -+ -+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); -+ -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_NSS_CIPHERS_H__ */ -+ -+ --- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200 @@ -16,6 +16,8 @@ @@ -257,432 +83,6 @@ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, const char *uri, xmlSecKeysMngrPtr keysMngr); ---- misc/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200 -@@ -1 +1,182 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. -+ * -+ * Contributor(s): _____________________________ -+ * -+ */ -+#ifndef __XMLSEC_NSS_TOKENS_H__ -+#define __XMLSEC_NSS_TOKENS_H__ -+ -+#include <string.h> -+ -+#include <nss.h> -+#include <pk11func.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/list.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+/** -+ * xmlSecNssKeySlotListId -+ * -+ * The crypto mechanism list klass -+ */ -+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() -+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; -+ -+/******************************************* -+ * KeySlot interfaces -+ *******************************************/ -+/** -+ * Internal NSS key slot data -+ * @mechanismList: the mechanisms that the slot bound with. -+ * @slot: the pkcs slot -+ * -+ * This context is located after xmlSecPtrList -+ */ -+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; -+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; -+ -+struct _xmlSecNssKeySlot { -+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ -+ PK11SlotInfo* slot ; -+} ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotSetMechList( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE_PTR mechanismList -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotEnableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotDisableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) ; -+ -+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR -+xmlSecNssKeySlotGetMechList( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotSetSlot( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotInitialize( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT void -+xmlSecNssKeySlotFinalize( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* -+xmlSecNssKeySlotGetSlot( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr -+xmlSecNssKeySlotCreate() ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotCopy( -+ xmlSecNssKeySlotPtr newKeySlot , -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr -+xmlSecNssKeySlotDuplicate( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT void -+xmlSecNssKeySlotDestroy( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotBindMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotSupportMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) ; -+ -+ -+/************************************************************************ -+ * PKCS#11 crypto token interfaces -+ * -+ * A PKCS#11 slot repository will be defined internally. From the -+ * repository, a user can specify a particular slot for a certain crypto -+ * mechanism. -+ * -+ * In some situation, some cryptographic operation should act in a user -+ * designated devices. The interfaces defined here provide the way. If -+ * the user do not initialize the repository distinctly, the interfaces -+ * use the default functions provided by NSS itself. -+ * -+ ************************************************************************/ -+/** -+ * Initialize NSS pkcs#11 slot repository -+ * -+ * Returns 0 if success or -1 if an error occurs. -+ */ -+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; -+ -+/** -+ * Shutdown and destroy NSS pkcs#11 slot repository -+ */ -+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; -+ -+/** -+ * Get PKCS#11 slot handler -+ * @type the mechanism that the slot must support. -+ * -+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs. -+ * -+ * Notes: The returned handler must be destroied distinctly. -+ */ -+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; -+ -+/** -+ * Adopt a pkcs#11 slot with a mechanism into the repository -+ * @slot: the pkcs#11 slot. -+ * @mech: the mechanism. -+ * -+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with -+ * this mechanism only can perform on the @slot. -+ * -+ * Returns 0 if success or -1 if an error occurs. -+ */ -+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_NSS_TOKENS_H__ */ -+ ---- misc/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200 -+++ misc/build/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200 -@@ -1 +1,236 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright......................... -+ */ -+#include "globals.h" -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/keysmngr.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/mscrypto/crypto.h> -+#include <xmlsec/mscrypto/keysstore.h> -+#include <xmlsec/mscrypto/akmngr.h> -+#include <xmlsec/mscrypto/x509.h> -+ -+/** -+ * xmlSecMSCryptoAppliedKeysMngrCreate: -+ * @hKeyStore: the pointer to key store. -+ * @hCertStore: the pointer to certificate database. -+ * -+ * Create and load key store and certificate database into keys manager -+ * -+ * Returns keys manager pointer on success or NULL otherwise. -+ */ -+xmlSecKeysMngrPtr -+xmlSecMSCryptoAppliedKeysMngrCreate( -+ HCERTSTORE hKeyStore , -+ HCERTSTORE hCertStore -+) { -+ xmlSecKeyDataStorePtr certStore = NULL ; -+ xmlSecKeysMngrPtr keyMngr = NULL ; -+ xmlSecKeyStorePtr keyStore = NULL ; -+ -+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyStoreCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * At present, MS Crypto engine do not provide a way to setup a key store. -+ */ -+ if( keyStore != NULL ) { -+ /*TODO: binding key store.*/ -+ } -+ -+ keyMngr = xmlSecKeysMngrCreate() ; -+ if( keyMngr == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Add key store to manager, from now on keys manager destroys the store if -+ * needed -+ */ -+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecKeysMngrAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Initialize crypto library specific data in keys manager -+ */ -+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecMSCryptoKeysMngrInit" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Set certificate databse to X509 key data store -+ */ -+ /*- -+ * At present, MS Crypto engine do not provide a way to setup a cert store. -+ */ -+ -+ /*- -+ * Set the getKey callback -+ */ -+ keyMngr->getKey = xmlSecKeysMngrGetKey ; -+ -+ return keyMngr ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY symKey -+) { -+ /*TODO: import the key into keys manager.*/ -+ return(0) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY pubKey -+) { -+ /*TODO: import the key into keys manager.*/ -+ return(0) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY priKey -+) { -+ /*TODO: import the key into keys manager.*/ -+ return(0) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE keyStore -+) { -+ xmlSecKeyDataStorePtr x509Store ; -+ -+ xmlSecAssert2( mngr != NULL, -1 ) ; -+ xmlSecAssert2( keyStore != NULL, -1 ) ; -+ -+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -+ if( x509Store == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ return( 0 ) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE trustedStore -+) { -+ xmlSecKeyDataStorePtr x509Store ; -+ -+ xmlSecAssert2( mngr != NULL, -1 ) ; -+ xmlSecAssert2( trustedStore != NULL, -1 ) ; -+ -+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -+ if( x509Store == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ return( 0 ) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE untrustedStore -+) { -+ xmlSecKeyDataStorePtr x509Store ; -+ -+ xmlSecAssert2( mngr != NULL, -1 ) ; -+ xmlSecAssert2( untrustedStore != NULL, -1 ) ; -+ -+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -+ if( x509Store == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ return( 0 ) ; -+} -+ --- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 +++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200 @@ -35,6 +35,9 @@ @@ -762,394 +162,6 @@ libxmlsec1_nss_la-bignum.lo: bignum.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo ---- misc/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200 -@@ -1 +1,384 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright......................... -+ */ -+#include "globals.h" -+ -+#include <nspr.h> -+#include <nss.h> -+#include <pk11func.h> -+#include <cert.h> -+#include <keyhi.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/tokens.h> -+#include <xmlsec/nss/akmngr.h> -+#include <xmlsec/nss/pkikeys.h> -+#include <xmlsec/nss/ciphers.h> -+#include <xmlsec/nss/keysstore.h> -+ -+/** -+ * xmlSecNssAppliedKeysMngrCreate: -+ * @slot: array of pointers to NSS PKCS#11 slot information. -+ * @cSlots: number of slots in the array -+ * @handler: the pointer to NSS certificate database. -+ * -+ * Create and load NSS crypto slot and certificate database into keys manager -+ * -+ * Returns keys manager pointer on success or NULL otherwise. -+ */ -+xmlSecKeysMngrPtr -+xmlSecNssAppliedKeysMngrCreate( -+ PK11SlotInfo** slots, -+ int cSlots, -+ CERTCertDBHandle* handler -+) { -+ xmlSecKeyDataStorePtr certStore = NULL ; -+ xmlSecKeysMngrPtr keyMngr = NULL ; -+ xmlSecKeyStorePtr keyStore = NULL ; -+ int islot = 0; -+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyStoreCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return NULL ; -+ } -+ -+ for (islot = 0; islot < cSlots; islot++) -+ { -+ xmlSecNssKeySlotPtr keySlot ; -+ -+ /* Create a key slot */ -+ keySlot = xmlSecNssKeySlotCreate() ; -+ if( keySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeySlotCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ return NULL ; -+ } -+ -+ /* Set slot */ -+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeySlotSetSlot" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return NULL ; -+ } -+ -+ /* Adopt keySlot */ -+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeysStoreAdoptKeySlot" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return NULL ; -+ } -+ } -+ -+ keyMngr = xmlSecKeysMngrCreate() ; -+ if( keyMngr == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Add key store to manager, from now on keys manager destroys the store if -+ * needed -+ */ -+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecKeysMngrAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Initialize crypto library specific data in keys manager -+ */ -+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Set certificate databse to X509 key data store -+ */ -+ /** -+ * Because Tej's implementation of certDB use the default DB, so I ignore -+ * the certDB handler at present. I'll modify the cert store sources to -+ * accept particular certDB instead of default ones. -+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; -+ if( certStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeyDataStoreX509SetCertDb" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ */ -+ -+ /*- -+ * Set the getKey callback -+ */ -+ keyMngr->getKey = xmlSecKeysMngrGetKey ; -+ -+ return keyMngr ; -+} -+ -+int -+xmlSecNssAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ PK11SymKey* symKey -+) { -+ xmlSecKeyPtr key ; -+ xmlSecKeyDataPtr data ; -+ xmlSecKeyStorePtr keyStore ; -+ -+ xmlSecAssert2( mngr != NULL , -1 ) ; -+ xmlSecAssert2( symKey != NULL , -1 ) ; -+ -+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetKeysStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -+ -+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ key = xmlSecKeyCreate() ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDestroy( key ) ; -+ return(-1) ; -+ } -+ -+ return(0) ; -+} -+ -+int -+xmlSecNssAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPublicKey* pubKey -+) { -+ xmlSecKeyPtr key ; -+ xmlSecKeyDataPtr data ; -+ xmlSecKeyStorePtr keyStore ; -+ -+ xmlSecAssert2( mngr != NULL , -1 ) ; -+ xmlSecAssert2( pubKey != NULL , -1 ) ; -+ -+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetKeysStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -+ -+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssPKIAdoptKey" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ key = xmlSecKeyCreate() ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDestroy( key ) ; -+ return(-1) ; -+ } -+ -+ return(0) ; -+} -+ -+int -+xmlSecNssAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPrivateKey* priKey -+) { -+ xmlSecKeyPtr key ; -+ xmlSecKeyDataPtr data ; -+ xmlSecKeyStorePtr keyStore ; -+ -+ xmlSecAssert2( mngr != NULL , -1 ) ; -+ xmlSecAssert2( priKey != NULL , -1 ) ; -+ -+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetKeysStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -+ -+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssPKIAdoptKey" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ key = xmlSecKeyCreate() ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDestroy( key ) ; -+ return(-1) ; -+ } -+ -+ return(0) ; -+} -+ --- misc/xmlsec1-1.2.14/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200 +++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200 @@ -23,8 +23,8 @@ @@ -2110,1223 +1122,6 @@ + xmlFreeDoc(doc); + return(0); } ---- misc/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200 -@@ -1 +1,1213 @@ --dummy -+/** -+ * -+ * XMLSec library -+ * -+ * AES Algorithm support -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright ................................. -+ */ -+#include "globals.h" -+ -+#include <stdlib.h> -+#include <stdio.h> -+#include <string.h> -+ -+#include <nss.h> -+#include <pk11func.h> -+#include <hasht.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/xmltree.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/ciphers.h> -+ -+#define XMLSEC_NSS_AES128_KEY_SIZE 16 -+#define XMLSEC_NSS_AES192_KEY_SIZE 24 -+#define XMLSEC_NSS_AES256_KEY_SIZE 32 -+#define XMLSEC_NSS_DES3_KEY_SIZE 24 -+#define XMLSEC_NSS_DES3_KEY_LENGTH 24 -+#define XMLSEC_NSS_DES3_IV_LENGTH 8 -+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 -+ -+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { -+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 -+}; -+ -+/********************************************************************* -+ * -+ * key wrap transforms -+ * -+ ********************************************************************/ -+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; -+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; -+ -+#define xmlSecNssKeyWrapSize \ -+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) -+ -+#define xmlSecNssKeyWrapGetCtx( transform ) \ -+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) -+ -+struct _xmlSecNssKeyWrapCtx { -+ CK_MECHANISM_TYPE cipher ; -+ PK11SymKey* symkey ; -+ xmlSecKeyDataId keyId ; -+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ -+} ; -+ -+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); -+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); -+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, -+ xmlSecKeyReqPtr keyReq); -+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, -+ xmlSecKeyPtr key); -+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, -+ int last, -+ xmlSecTransformCtxPtr transformCtx); -+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); -+ -+static int -+xmlSecNssKeyWrapCheckId( -+ xmlSecTransformPtr transform -+) { -+ #ifndef XMLSEC_NO_DES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { -+ return(1); -+ } -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { -+ -+ return(1); -+ } -+ #endif /* XMLSEC_NO_AES */ -+ -+ return(0); -+} -+ -+static xmlSecSize -+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { -+#ifndef XMLSEC_NO_DES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { -+ return(XMLSEC_NSS_DES3_KEY_SIZE); -+ } else -+#endif /* XMLSEC_NO_DES */ -+ -+#ifndef XMLSEC_NO_AES -+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { -+ return(XMLSEC_NSS_AES128_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { -+ return(XMLSEC_NSS_AES192_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { -+ return(XMLSEC_NSS_AES256_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { -+ return(XMLSEC_NSS_AES256_KEY_SIZE); -+ } else -+#endif /* XMLSEC_NO_AES */ -+ -+ if(1) -+ return(0); -+} -+ -+ -+static int -+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ int ret; -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert2( context != NULL , -1 ) ; -+ -+ #ifndef XMLSEC_NO_DES -+ if( transform->id == xmlSecNssTransformKWDes3Id ) { -+ context->cipher = CKM_DES3_CBC ; -+ context->keyId = xmlSecNssKeyDataDesId ; -+ } else -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( transform->id == xmlSecNssTransformKWAes128Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( transform->id == xmlSecNssTransformKWAes192Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( transform->id == xmlSecNssTransformKWAes256Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ #endif /* XMLSEC_NO_AES */ -+ -+ -+ if( 1 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->symkey = NULL ; -+ context->material = NULL ; -+ -+ return(0); -+} -+ -+static void -+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ -+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); -+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert( context != NULL ) ; -+ -+ if( context->symkey != NULL ) { -+ PK11_FreeSymKey( context->symkey ) ; -+ context->symkey = NULL ; -+ } -+ -+ if( context->material != NULL ) { -+ xmlSecBufferDestroy(context->material); -+ context->material = NULL ; -+ } -+} -+ -+static int -+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ xmlSecSize cipherSize = 0 ; -+ -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -+ xmlSecAssert2(keyReq != NULL, -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert2( context != NULL , -1 ) ; -+ -+ keyReq->keyId = context->keyId; -+ keyReq->keyType = xmlSecKeyDataTypeSymmetric; -+ if(transform->operation == xmlSecTransformOperationEncrypt) { -+ keyReq->keyUsage = xmlSecKeyUsageEncrypt; -+ } else { -+ keyReq->keyUsage = xmlSecKeyUsageDecrypt; -+ } -+ -+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { -+ xmlSecNssKeyWrapCtxPtr context = NULL ; -+ xmlSecKeyDataPtr keyData = NULL ; -+ PK11SymKey* symkey = NULL ; -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -+ xmlSecAssert2(key != NULL, -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; -+ -+ keyData = xmlSecKeyGetValue( key ) ; -+ if( keyData == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , -+ "xmlSecKeyGetValue" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -+ "xmlSecNssSymKeyDataGetKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->symkey = symkey ; -+ -+ return(0) ; -+} -+ -+/** -+ * key wrap transform -+ */ -+static int -+xmlSecNssKeyWrapCtxInit( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecSize blockSize ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ if( ctx->material != NULL ) { -+ xmlSecBufferDestroy( ctx->material ) ; -+ ctx->material = NULL ; -+ } -+ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ ctx->material = xmlSecBufferCreate( blockSize ) ; -+ if( ctx->material == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* read raw key material into context */ -+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetData" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+/** -+ * key wrap transform update -+ */ -+static int -+xmlSecNssKeyWrapCtxUpdate( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ /* read raw key material and append into context */ -+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { -+ xmlSecSize s; -+ xmlSecSize i; -+ xmlSecByte c; -+ -+ xmlSecAssert2(buf != NULL, -1); -+ -+ s = size / 2; -+ --size; -+ for(i = 0; i < s; ++i) { -+ c = buf[i]; -+ buf[i] = buf[size - i]; -+ buf[size - i] = c; -+ } -+ return(0); -+} -+ -+static xmlSecByte * -+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, -+ xmlSecByte *out, xmlSecSize outSize) -+{ -+ PK11Context *context = NULL; -+ SECStatus s; -+ xmlSecByte *digest = NULL; -+ unsigned int len; -+ -+ xmlSecAssert2(in != NULL, NULL); -+ xmlSecAssert2(out != NULL, NULL); -+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); -+ -+ /* Create a context for hashing (digesting) */ -+ context = PK11_CreateDigestContext(SEC_OID_SHA1); -+ if (context == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CreateDigestContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestBegin(context); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestBegin", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestOp(context, in, inSize); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestOp", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestFinal(context, out, &len, outSize); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestFinal", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ xmlSecAssert2(len == SHA1_LENGTH, NULL); -+ -+ digest = out; -+ -+done: -+ if (context != NULL) { -+ PK11_DestroyContext(context, PR_TRUE); -+ } -+ return (digest); -+} -+ -+static int -+xmlSecNssKWDes3Encrypt( -+ PK11SymKey* symKey , -+ CK_MECHANISM_TYPE cipherMech , -+ const xmlSecByte* iv , -+ xmlSecSize ivSize , -+ const xmlSecByte* in , -+ xmlSecSize inSize , -+ xmlSecByte* out , -+ xmlSecSize outSize , -+ int enc -+) { -+ PK11Context* EncContext = NULL; -+ SECItem ivItem ; -+ SECItem* secParam = NULL ; -+ int tmp1_outlen; -+ unsigned int tmp2_outlen; -+ int result_len = -1; -+ SECStatus rv; -+ -+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( symKey != NULL , -1 ) ; -+ xmlSecAssert2(iv != NULL, -1); -+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); -+ xmlSecAssert2(in != NULL, -1); -+ xmlSecAssert2(inSize > 0, -1); -+ xmlSecAssert2(out != NULL, -1); -+ xmlSecAssert2(outSize >= inSize, -1); -+ -+ /* Prepare IV */ -+ ivItem.data = ( unsigned char* )iv ; -+ ivItem.len = ivSize ; -+ -+ secParam = PK11_ParamFromIV(cipherMech, &ivItem); -+ if (secParam == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_ParamFromIV", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ EncContext = PK11_CreateContextBySymKey(cipherMech, -+ enc ? CKA_ENCRYPT : CKA_DECRYPT, -+ symKey, secParam); -+ if (EncContext == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CreateContextBySymKey", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ tmp1_outlen = tmp2_outlen = 0; -+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, -+ (unsigned char *)in, inSize); -+ if (rv != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CipherOp", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, -+ &tmp2_outlen, outSize-tmp1_outlen); -+ if (rv != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestFinal", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ result_len = tmp1_outlen + tmp2_outlen; -+ -+done: -+ if (secParam) { -+ SECITEM_FreeItem(secParam, PR_TRUE); -+ } -+ if (EncContext) { -+ PK11_DestroyContext(EncContext, PR_TRUE); -+ } -+ -+ return(result_len); -+} -+ -+static int -+xmlSecNssKeyWrapDesOp( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ int encrypt , -+ xmlSecBufferPtr result -+) { -+ xmlSecByte sha1[SHA1_LENGTH]; -+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; -+ xmlSecByte* in; -+ xmlSecSize inSize; -+ xmlSecByte* out; -+ xmlSecSize outSize; -+ xmlSecSize s; -+ int ret; -+ SECStatus status; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( result != NULL , -1 ) ; -+ -+ in = xmlSecBufferGetData(ctx->material); -+ inSize = xmlSecBufferGetSize(ctx->material) ; -+ out = xmlSecBufferGetData(result); -+ outSize = xmlSecBufferGetMaxSize(result) ; -+ if( encrypt ) { -+ /* step 2: calculate sha1 and CMS */ -+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssComputeSHA1", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 3: construct WKCKS */ -+ memcpy(out, in, inSize); -+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); -+ -+ /* step 4: generate random iv */ -+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); -+ if(status != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_GenerateRandom", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ return(-1); -+ } -+ -+ /* step 5: first encryption, result is TEMP1 */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, -+ out, outSize, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 6: construct TEMP2=IV || TEMP1 */ -+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, -+ inSize + XMLSEC_NSS_DES3_IV_LENGTH); -+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); -+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH; -+ -+ /* step 7: reverse octets order, result is TEMP3 */ -+ ret = xmlSecNssKWDes3BufferReverse(out, s); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3BufferReverse", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 8: second encryption with static IV */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ out, s, -+ out, outSize, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret; -+ -+ if( xmlSecBufferSetSize( result , s ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBufferSetSize", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ } else { -+ /* step 2: first decryption with static IV, result is TEMP3 */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ in, inSize, -+ out, outSize, 0); -+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret; -+ -+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */ -+ ret = xmlSecNssKWDes3BufferReverse(out, s); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3BufferReverse", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ out, XMLSEC_NSS_DES3_IV_LENGTH, -+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, -+ out, outSize, 0); -+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH; -+ -+ /* steps 6 and 7: calculate SHA1 and validate it */ -+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssComputeSHA1", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ NULL, -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ "SHA1 does not match"); -+ return(-1); -+ } -+ -+ if( xmlSecBufferSetSize( result , s ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBufferSetSize", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ } -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapAesOp( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ int encrypt , -+ xmlSecBufferPtr result -+) { -+ PK11Context* cipherCtx = NULL; -+ SECItem ivItem ; -+ SECItem* secParam = NULL ; -+ xmlSecSize inSize ; -+ xmlSecSize inBlocks ; -+ int blockSize ; -+ int midSize ; -+ int finSize ; -+ xmlSecByte* out ; -+ xmlSecSize outSize; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( result != NULL , -1 ) ; -+ -+ /* Do not set any IV */ -+ memset(&ivItem, 0, sizeof(ivItem)); -+ -+ /* Get block size */ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ inSize = xmlSecBufferGetSize( ctx->material ) ; -+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetMaxSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Get Param for context initialization */ -+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_ParamFromIV" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; -+ if( cipherCtx == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_CreateContextBySymKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ SECITEM_FreeItem( secParam , PR_TRUE ) ; -+ return(-1); -+ } -+ -+ out = xmlSecBufferGetData(result) ; -+ outSize = xmlSecBufferGetMaxSize(result) ; -+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_CipherOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_DigestFinal" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return 0 ; -+} -+ -+/** -+ * Block cipher transform final -+ */ -+static int -+xmlSecNssKeyWrapCtxFinal( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ PK11SymKey* targetKey ; -+ xmlSecSize blockSize ; -+ xmlSecBufferPtr result ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ /* read raw key material and append into context */ -+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Now we get all of the key materail */ -+ /* from now on we will wrap or unwrap the key */ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ result = xmlSecBufferCreate( blockSize ) ; -+ if( result == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ switch( ctx->cipher ) { -+ case CKM_DES3_CBC : -+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssKeyWrapDesOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ break ; -+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ -+ case CKM_AES_CBC : -+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssKeyWrapAesOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ break ; -+ } -+ -+ /* Write output */ -+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ xmlSecBufferDestroy(result); -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { -+ xmlSecNssKeyWrapCtxPtr context = NULL ; -+ xmlSecBufferPtr inBuf, outBuf ; -+ int operation ; -+ int rtv ; -+ -+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ inBuf = &( transform->inBuf ) ; -+ outBuf = &( transform->outBuf ) ; -+ -+ if( transform->status == xmlSecTransformStatusNone ) { -+ transform->status = xmlSecTransformStatusWorking ; -+ } -+ -+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; -+ if( transform->status == xmlSecTransformStatusWorking ) { -+ if( context->material == NULL ) { -+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxInit" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ if( context->material == NULL && last != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "No enough data to intialize transform" ) ; -+ return(-1); -+ } -+ -+ if( context->material != NULL ) { -+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxUpdate" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ if( last ) { -+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxFinal" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ transform->status = xmlSecTransformStatusFinished ; -+ } -+ } else if( transform->status == xmlSecTransformStatusFinished ) { -+ if( xmlSecBufferGetSize( inBuf ) != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return(-1); -+ } -+ } else { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+#ifndef XMLSEC_NO_AES -+ -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes128Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes128, /* const xmlChar* name; */ -+ xmlSecHrefKWAes128, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes192Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes192, /* const xmlChar* name; */ -+ xmlSecHrefKWAes192, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes256Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes256, /* const xmlChar* name; */ -+ xmlSecHrefKWAes256, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformKWAes128GetKlass: -+ * -+ * The AES-128 key wrapper transform klass. -+ * -+ * Returns AES-128 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes128GetKlass(void) { -+ return(&xmlSecNssKWAes128Klass); -+} -+ -+/** -+ * xmlSecNssTransformKWAes192GetKlass: -+ * -+ * The AES-192 key wrapper transform klass. -+ * -+ * Returns AES-192 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes192GetKlass(void) { -+ return(&xmlSecNssKWAes192Klass); -+} -+ -+/** -+ * -+ * The AES-256 key wrapper transform klass. -+ * -+ * Returns AES-256 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes256GetKlass(void) { -+ return(&xmlSecNssKWAes256Klass); -+} -+ -+#endif /* XMLSEC_NO_AES */ -+ -+ -+#ifndef XMLSEC_NO_DES -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWDes3Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWDes3, /* const xmlChar* name; */ -+ xmlSecHrefKWDes3, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformKWDes3GetKlass: -+ * -+ * The Triple DES key wrapper transform klass. -+ * -+ * Returns Triple DES key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWDes3GetKlass(void) { -+ return(&xmlSecNssKWDes3Klass); -+} -+ -+#endif /* XMLSEC_NO_DES */ -+ --- misc/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200 +++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200 @@ -24,6 +24,7 @@ @@ -4360,558 +2155,6 @@ /* data */ xmlSecNameHMACKeyValue, ---- misc/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200 -@@ -1 +1,548 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright.................................. -+ * -+ * Contributor(s): _____________________________ -+ * -+ */ -+ -+/** -+ * In order to ensure that particular crypto operation is performed on -+ * particular crypto device, a subclass of xmlSecList is used to store slot and -+ * mechanism information. -+ * -+ * In the list, a slot is bound with a mechanism. If the mechanism is available, -+ * this mechanism only can perform on the slot; otherwise, it can perform on -+ * every eligibl slot in the list. -+ * -+ * When try to find a slot for a particular mechanism, the slot bound with -+ * avaliable mechanism will be looked up firstly. -+ */ -+#include "globals.h" -+#include <string.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/errors.h> -+#include <xmlsec/list.h> -+ -+#include <xmlsec/nss/tokens.h> -+ -+int -+xmlSecNssKeySlotSetMechList( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE_PTR mechanismList -+) { -+ int counter ; -+ -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( keySlot->mechanismList != CK_NULL_PTR ) { -+ xmlFree( keySlot->mechanismList ) ; -+ -+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -+ if( keySlot->mechanismList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ for( ; counter >= 0 ; counter -- ) -+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; -+ } -+ -+ return( 0 ); -+} -+ -+int -+xmlSecNssKeySlotEnableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) { -+ int counter ; -+ CK_MECHANISM_TYPE_PTR newList ; -+ -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( mechanism != CKM_INVALID_MECHANISM ) { -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -+ if( newList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; -+ *( newList + counter ) = mechanism ; -+ for( counter -= 1 ; counter >= 0 ; counter -- ) -+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ; -+ -+ xmlFree( keySlot->mechanismList ) ; -+ keySlot->mechanismList = newList ; -+ } -+ -+ return(0); -+} -+ -+int -+xmlSecNssKeySlotDisableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) { -+ int counter ; -+ -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -+ if( *( keySlot->mechanismList + counter ) == mechanism ) { -+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; -+ } -+ -+ break ; -+ } -+ } -+ -+ return(0); -+} -+ -+CK_MECHANISM_TYPE_PTR -+xmlSecNssKeySlotGetMechList( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ if( keySlot != NULL ) -+ return keySlot->mechanismList ; -+ else -+ return NULL ; -+} -+ -+int -+xmlSecNssKeySlotSetSlot( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) { -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( slot != NULL && keySlot->slot != slot ) { -+ if( keySlot->slot != NULL ) -+ PK11_FreeSlot( keySlot->slot ) ; -+ -+ if( keySlot->mechanismList != NULL ) { -+ xmlFree( keySlot->mechanismList ) ; -+ keySlot->mechanismList = NULL ; -+ } -+ -+ keySlot->slot = PK11_ReferenceSlot( slot ) ; -+ } -+ -+ return(0); -+} -+ -+int -+xmlSecNssKeySlotInitialize( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) { -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ; -+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; -+ -+ if( slot != NULL ) { -+ keySlot->slot = PK11_ReferenceSlot( slot ) ; -+ } -+ -+ return(0); -+} -+ -+void -+xmlSecNssKeySlotFinalize( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecAssert( keySlot != NULL ) ; -+ -+ if( keySlot->mechanismList != NULL ) { -+ xmlFree( keySlot->mechanismList ) ; -+ keySlot->mechanismList = NULL ; -+ } -+ -+ if( keySlot->slot != NULL ) { -+ PK11_FreeSlot( keySlot->slot ) ; -+ keySlot->slot = NULL ; -+ } -+ -+} -+ -+PK11SlotInfo* -+xmlSecNssKeySlotGetSlot( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ if( keySlot != NULL ) -+ return keySlot->slot ; -+ else -+ return NULL ; -+} -+ -+xmlSecNssKeySlotPtr -+xmlSecNssKeySlotCreate() { -+ xmlSecNssKeySlotPtr keySlot ; -+ -+ /* Allocates a new xmlSecNssKeySlot and fill the fields */ -+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; -+ if( keySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( NULL ); -+ } -+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; -+ -+ return( keySlot ) ; -+} -+ -+int -+xmlSecNssKeySlotCopy( -+ xmlSecNssKeySlotPtr newKeySlot , -+ xmlSecNssKeySlotPtr keySlot -+) { -+ CK_MECHANISM_TYPE_PTR mech ; -+ int counter ; -+ -+ xmlSecAssert2( newKeySlot != NULL , -1 ) ; -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { -+ if( newKeySlot->slot != NULL ) -+ PK11_FreeSlot( newKeySlot->slot ) ; -+ -+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; -+ } -+ -+ if( keySlot->mechanismList != CK_NULL_PTR ) { -+ xmlFree( newKeySlot->mechanismList ) ; -+ -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -+ if( newKeySlot->mechanismList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ for( ; counter >= 0 ; counter -- ) -+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; -+ } -+ -+ return( 0 ); -+} -+ -+xmlSecNssKeySlotPtr -+xmlSecNssKeySlotDuplicate( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecNssKeySlotPtr newKeySlot ; -+ int ret ; -+ -+ xmlSecAssert2( keySlot != NULL , NULL ) ; -+ -+ newKeySlot = xmlSecNssKeySlotCreate() ; -+ if( newKeySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( NULL ); -+ } -+ -+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( NULL ); -+ } -+ -+ return( newKeySlot ); -+} -+ -+void -+xmlSecNssKeySlotDestroy( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecAssert( keySlot != NULL ) ; -+ -+ if( keySlot->mechanismList != NULL ) -+ xmlFree( keySlot->mechanismList ) ; -+ -+ if( keySlot->slot != NULL ) -+ PK11_FreeSlot( keySlot->slot ) ; -+ -+ xmlFree( keySlot ) ; -+} -+ -+int -+xmlSecNssKeySlotBindMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) { -+ int counter ; -+ -+ xmlSecAssert2( keySlot != NULL , 0 ) ; -+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; -+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; -+ -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -+ if( *( keySlot->mechanismList + counter ) == type ) -+ return(1) ; -+ } -+ -+ return( 0 ) ; -+} -+ -+int -+xmlSecNssKeySlotSupportMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) { -+ xmlSecAssert2( keySlot != NULL , 0 ) ; -+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; -+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; -+ -+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { -+ return(1); -+ } else -+ return(0); -+} -+ -+void -+xmlSecNssKeySlotDebugDump( -+ xmlSecNssKeySlotPtr keySlot , -+ FILE* output -+) { -+ xmlSecAssert( keySlot != NULL ) ; -+ xmlSecAssert( output != NULL ) ; -+ -+ fprintf( output, "== KEY SLOT\n" ); -+} -+ -+void -+xmlSecNssKeySlotDebugXmlDump( -+ xmlSecNssKeySlotPtr keySlot , -+ FILE* output -+) { -+} -+ -+/** -+ * Key Slot List -+ */ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { -+#else -+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { -+#endif -+ BAD_CAST "mechanism-list", -+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, -+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, -+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, -+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, -+}; -+ -+xmlSecPtrListId -+xmlSecNssKeySlotListGetKlass(void) { -+ return(&xmlSecNssKeySlotPtrListKlass); -+} -+ -+ -+/*- -+ * Global PKCS#11 crypto token repository -- Key slot list -+ */ -+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; -+ -+PK11SlotInfo* -+xmlSecNssSlotGet( -+ CK_MECHANISM_TYPE type -+) { -+ PK11SlotInfo* slot = NULL ; -+ xmlSecNssKeySlotPtr keySlot ; -+ xmlSecSize ksSize ; -+ xmlSecSize ksPos ; -+ char flag ; -+ -+ if( _xmlSecNssKeySlotList == NULL ) { -+ slot = PK11_GetBestSlot( type , NULL ) ; -+ } else { -+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; -+ -+ /*- -+ * Firstly, checking whether the mechanism is bound with a special slot. -+ * If no bound slot, we try to find the first eligible slot in the list. -+ */ -+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { -+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; -+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { -+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -+ flag = 2 ; -+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { -+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -+ flag = 1 ; -+ } -+ -+ if( flag == 2 ) -+ break ; -+ } -+ if( slot != NULL ) -+ slot = PK11_ReferenceSlot( slot ) ; -+ } -+ -+ if( slot != NULL && PK11_NeedLogin( slot ) ) { -+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSlot( slot ) ; -+ return( NULL ); -+ } -+ } -+ -+ return slot ; -+} -+ -+int -+xmlSecNssSlotInitialize( -+ void -+) { -+ if( _xmlSecNssKeySlotList != NULL ) { -+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; -+ _xmlSecNssKeySlotList = NULL ; -+ } -+ -+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; -+ if( _xmlSecNssKeySlotList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ -+ return(0); -+} -+ -+void -+xmlSecNssSlotShutdown( -+ void -+) { -+ if( _xmlSecNssKeySlotList != NULL ) { -+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; -+ _xmlSecNssKeySlotList = NULL ; -+ } -+} -+ -+int -+xmlSecNssSlotAdopt( -+ PK11SlotInfo* slot, -+ CK_MECHANISM_TYPE type -+) { -+ xmlSecNssKeySlotPtr keySlot ; -+ xmlSecSize ksSize ; -+ xmlSecSize ksPos ; -+ char flag ; -+ -+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; -+ xmlSecAssert2( slot != NULL, -1 ) ; -+ -+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; -+ -+ /*- -+ * Firstly, checking whether the slot is in the repository already. -+ */ -+ flag = 0 ; -+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { -+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; -+ /* If find the slot in the list */ -+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { -+ /* If mechnism type is valid, bind the slot with the mechanism */ -+ if( type != CKM_INVALID_MECHANISM ) { -+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ flag = 1 ; -+ } -+ } -+ -+ /* If the slot do not in the list, add a new item to the list */ -+ if( flag == 0 ) { -+ /* Create a new KeySlot */ -+ keySlot = xmlSecNssKeySlotCreate() ; -+ if( keySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Initialize the keySlot with a slot */ -+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return(-1); -+ } -+ -+ /* If mechnism type is valid, bind the slot with the mechanism */ -+ if( type != CKM_INVALID_MECHANISM ) { -+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return(-1); -+ } -+ } -+ -+ /* Add keySlot into the list */ -+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return(-1); -+ } -+ } -+ -+ return(0); -+} -+ --- misc/xmlsec1-1.2.14/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200 +++ misc/build/xmlsec1-1.2.14/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200 @@ -34,7 +34,6 @@ diff --git a/libxmlsec/xmlsec1-update-config-sub-and-guess.patch b/libxmlsec/xmlsec1-update-config-sub-and-guess.patch deleted file mode 100644 index a0caf352c99b..000000000000 --- a/libxmlsec/xmlsec1-update-config-sub-and-guess.patch +++ /dev/null @@ -1,2314 +0,0 @@ ---- misc/xmlsec1-1.2.12/config.guess 2010-04-15 09:29:35.000000000 +0000 -+++ misc/build/xmlsec1-1.2.12/config.guess 2010-04-15 09:29:46.000000000 +0000 -@@ -1,9 +1,10 @@ - #! /bin/sh - # Attempt to guess a canonical system name. - # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, --# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. -+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 -+# Free Software Foundation, Inc. - --timestamp='2003-06-17' -+timestamp='2009-12-30' - - # This file is free software; you can redistribute it and/or modify it - # under the terms of the GNU General Public License as published by -@@ -17,23 +18,25 @@ - # - # You should have received a copy of the GNU General Public License - # along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -+# 02110-1301, USA. - # - # As a special exception to the GNU General Public License, if you - # distribute this file as part of a program that contains a - # configuration script generated by Autoconf, you may include it under - # the same distribution terms that you use for the rest of that program. - --# Originally written by Per Bothner <per@bothner.com>. --# Please send patches to <config-patches@gnu.org>. Submit a context --# diff and a properly formatted ChangeLog entry. -+ -+# Originally written by Per Bothner. Please send patches (context -+# diff format) to <config-patches@gnu.org> and include a ChangeLog -+# entry. - # - # This script attempts to guess a canonical system name similar to - # config.sub. If it succeeds, it prints the system name on stdout, and - # exits with 0. Otherwise, it exits with 1. - # --# The plan is that this can be called by configure scripts if you --# don't specify an explicit build system type. -+# You can get the latest version of this script from: -+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD - - me=`echo "$0" | sed -e 's,.*/,,'` - -@@ -53,8 +56,9 @@ - GNU config.guess ($timestamp) - - Originally written by Per Bothner. --Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 --Free Software Foundation, Inc. -+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free -+Software Foundation, Inc. - - This is free software; see the source for copying conditions. There is NO - warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." -@@ -66,11 +70,11 @@ - while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) -- echo "$timestamp" ; exit 0 ;; -+ echo "$timestamp" ; exit ;; - --version | -v ) -- echo "$version" ; exit 0 ;; -+ echo "$version" ; exit ;; - --help | --h* | -h ) -- echo "$usage"; exit 0 ;; -+ echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. -@@ -104,7 +108,7 @@ - trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; - trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; - : ${TMPDIR=/tmp} ; -- { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || -+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -@@ -123,7 +127,7 @@ - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; --esac ;' -+esac ; set_cc_for_build= ;' - - # This is needed to find uname on a Pyramid OSx when run in the BSD universe. - # (ghazi@noc.rutgers.edu 1994-08-24) -@@ -136,13 +140,6 @@ - UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown - UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown - --## for Red Hat Linux --if test -f /etc/redhat-release ; then -- VENDOR=redhat ; --else -- VENDOR= ; --fi -- - # Note: order is significant - the case branches are not exclusive. - - case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in -@@ -165,6 +162,7 @@ - arm*) machine=arm-unknown ;; - sh3el) machine=shl-unknown ;; - sh3eb) machine=sh-unknown ;; -+ sh5el) machine=sh5le-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; - esac - # The Operating System including object format, if it has switched -@@ -173,7 +171,7 @@ - arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build - if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ -- | grep __ELF__ >/dev/null -+ | grep -q __ELF__ - then - # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). - # Return netbsd for either. FIX? -@@ -203,50 +201,32 @@ - # contains redundant information, the shorter form: - # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" -- exit 0 ;; -- amiga:OpenBSD:*:*) -- echo m68k-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- arc:OpenBSD:*:*) -- echo mipsel-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- hp300:OpenBSD:*:*) -- echo m68k-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- mac68k:OpenBSD:*:*) -- echo m68k-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- macppc:OpenBSD:*:*) -- echo powerpc-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- mvme68k:OpenBSD:*:*) -- echo m68k-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- mvme88k:OpenBSD:*:*) -- echo m88k-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- mvmeppc:OpenBSD:*:*) -- echo powerpc-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- pmax:OpenBSD:*:*) -- echo mipsel-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- sgi:OpenBSD:*:*) -- echo mipseb-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- sun3:OpenBSD:*:*) -- echo m68k-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -- wgrisc:OpenBSD:*:*) -- echo mipsel-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:OpenBSD:*:*) -- echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} -- exit 0 ;; -+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` -+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} -+ exit ;; -+ *:ekkoBSD:*:*) -+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} -+ exit ;; -+ *:SolidBSD:*:*) -+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} -+ exit ;; -+ macppc:MirBSD:*:*) -+ echo powerpc-unknown-mirbsd${UNAME_RELEASE} -+ exit ;; -+ *:MirBSD:*:*) -+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} -+ exit ;; - alpha:OSF1:*:*) -- if test $UNAME_RELEASE = "V4.0"; then -+ case $UNAME_RELEASE in -+ *4.0) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` -- fi -+ ;; -+ *5.*) -+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` -+ ;; -+ esac - # According to Compaq, /usr/sbin/psrinfo has been available on - # OSF/1 and Tru64 systems produced since 1995. I hope that - # covers most systems running today. This code pipes the CPU -@@ -284,42 +264,49 @@ - "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; - esac -+ # A Pn.n version is a patched version. - # A Vn.n version is a released version. - # A Tn.n version is a released field test version. - # A Xn.n version is an unreleased experimental baselevel. - # 1.2 uses "1.2" for uname -r. -- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` -- exit 0 ;; -- Alpha*:OpenVMS:*:*) -- echo alpha-hp-vms -- exit 0 ;; -+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` -+ exit ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix -- exit 0 ;; -+ exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 -- exit 0 ;; -+ exit ;; - Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 -- exit 0;; -+ exit ;; - *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos -- exit 0 ;; -+ exit ;; - *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos -- exit 0 ;; -+ exit ;; - *:OS/390:*:*) - echo i370-ibm-openedition -- exit 0 ;; -+ exit ;; -+ *:z/VM:*:*) -+ echo s390-ibm-zvmoe -+ exit ;; -+ *:OS400:*:*) -+ echo powerpc-ibm-os400 -+ exit ;; - arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} -- exit 0;; -+ exit ;; -+ arm:riscos:*:*|arm:RISCOS:*:*) -+ echo arm-unknown-riscos -+ exit ;; - SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp -- exit 0;; -+ exit ;; - Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) - # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then -@@ -327,32 +314,51 @@ - else - echo pyramid-pyramid-bsd - fi -- exit 0 ;; -+ exit ;; - NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 -- exit 0 ;; -+ exit ;; - DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 -- exit 0 ;; -- DRS?6000:UNIX_SV:4.2*:7*) -+ exit ;; -+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) - case `/usr/bin/uname -p` in -- sparc) echo sparc-icl-nx7 && exit 0 ;; -+ sparc) echo sparc-icl-nx7; exit ;; - esac ;; -+ s390x:SunOS:*:*) -+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -+ exit ;; - sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -- exit 0 ;; -+ exit ;; - sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -- exit 0 ;; -- i86pc:SunOS:5.*:*) -- echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -- exit 0 ;; -+ exit ;; -+ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) -+ echo i386-pc-auroraux${UNAME_RELEASE} -+ exit ;; -+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) -+ eval $set_cc_for_build -+ SUN_ARCH="i386" -+ # If there is a compiler, see if it is configured for 64-bit objects. -+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. -+ # This test works for both compilers. -+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then -+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ -+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ -+ grep IS_64BIT_ARCH >/dev/null -+ then -+ SUN_ARCH="x86_64" -+ fi -+ fi -+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -+ exit ;; - sun4*:SunOS:6*:*) - # According to config.sub, this is the proper way to canonicalize - # SunOS6. Hard to guess exactly what SunOS6 will be like, but - # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -- exit 0 ;; -+ exit ;; - sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in - Series*|S4*) -@@ -361,10 +367,10 @@ - esac - # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` -- exit 0 ;; -+ exit ;; - sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - sun*:*:4.2BSD:*) - UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 -@@ -376,10 +382,10 @@ - echo sparc-sun-sunos${UNAME_RELEASE} - ;; - esac -- exit 0 ;; -+ exit ;; - aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - # The situation for MiNT is a little confusing. The machine name - # can be virtually everything (everything which is not - # "atarist" or "atariste" at least should have a processor -@@ -390,37 +396,40 @@ - # be no problem. - atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; -+ m68k:machten:*:*) -+ echo m68k-apple-machten${UNAME_RELEASE} -+ exit ;; - powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 -- exit 0 ;; -+ exit ;; - RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -@@ -444,32 +453,33 @@ - exit (-1); - } - EOF -- $CC_FOR_BUILD -o $dummy $dummy.c \ -- && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ -- && exit 0 -+ $CC_FOR_BUILD -o $dummy $dummy.c && -+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && -+ SYSTEM_NAME=`$dummy $dummyarg` && -+ { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax -- exit 0 ;; -+ exit ;; - Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax -- exit 0 ;; -+ exit ;; - Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax -- exit 0 ;; -+ exit ;; - Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix -- exit 0 ;; -+ exit ;; - m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 -- exit 0 ;; -+ exit ;; - m88k:*:4*:R4*) - echo m88k-motorola-sysv4 -- exit 0 ;; -+ exit ;; - m88k:*:3*:R3*) - echo m88k-motorola-sysv3 -- exit 0 ;; -+ exit ;; - AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` -@@ -485,29 +495,29 @@ - else - echo i586-dg-dgux${UNAME_RELEASE} - fi -- exit 0 ;; -+ exit ;; - M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 -- exit 0 ;; -+ exit ;; - M88*:*:R3*:*) - # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 -- exit 0 ;; -+ exit ;; - XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 -- exit 0 ;; -+ exit ;; - Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd -- exit 0 ;; -+ exit ;; - *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` -- exit 0 ;; -+ exit ;; - ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. -- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id -- exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' -+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id -+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i*86:AIX:*:*) - echo i386-ibm-aix -- exit 0 ;; -+ exit ;; - ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` -@@ -515,7 +525,7 @@ - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} -- exit 0 ;; -+ exit ;; - *:AIX:2:3) - if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build -@@ -530,15 +540,19 @@ - exit(0); - } - EOF -- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 -- echo rs6000-ibm-aix3.2.5 -+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` -+ then -+ echo "$SYSTEM_NAME" -+ else -+ echo rs6000-ibm-aix3.2.5 -+ fi - elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 - else - echo rs6000-ibm-aix3.2 - fi -- exit 0 ;; -- *:AIX:*:[45]) -+ exit ;; -+ *:AIX:*:[456]) - IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then - IBM_ARCH=rs6000 -@@ -551,28 +565,28 @@ - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} -- exit 0 ;; -+ exit ;; - *:AIX:*:*) - echo rs6000-ibm-aix -- exit 0 ;; -+ exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) - echo romp-ibm-bsd4.4 -- exit 0 ;; -+ exit ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to -- exit 0 ;; # report: romp-ibm BSD 4.3 -+ exit ;; # report: romp-ibm BSD 4.3 - *:BOSX:*:*) - echo rs6000-bull-bosx -- exit 0 ;; -+ exit ;; - DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 -- exit 0 ;; -+ exit ;; - 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd -- exit 0 ;; -+ exit ;; - hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 -- exit 0 ;; -+ exit ;; - 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in -@@ -634,9 +648,19 @@ - esac - if [ ${HP_ARCH} = "hppa2.0w" ] - then -- # avoid double evaluation of $set_cc_for_build -- test -n "$CC_FOR_BUILD" || eval $set_cc_for_build -- if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null -+ eval $set_cc_for_build -+ -+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating -+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler -+ # generating 64-bit code. GNU and HP use different nomenclature: -+ # -+ # $ CC_FOR_BUILD=cc ./config.guess -+ # => hppa2.0w-hp-hpux11.23 -+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess -+ # => hppa64-hp-hpux11.23 -+ -+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | -+ grep -q __LP64__ - then - HP_ARCH="hppa2.0w" - else -@@ -644,11 +668,11 @@ - fi - fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} -- exit 0 ;; -+ exit ;; - ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} -- exit 0 ;; -+ exit ;; - 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -@@ -676,208 +700,248 @@ - exit (0); - } - EOF -- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 -+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && -+ { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 -- exit 0 ;; -+ exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) - echo hppa1.1-hp-bsd -- exit 0 ;; -+ exit ;; - 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd -- exit 0 ;; -+ exit ;; - *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix -- exit 0 ;; -+ exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) - echo hppa1.1-hp-osf -- exit 0 ;; -+ exit ;; - hp8??:OSF1:*:*) - echo hppa1.0-hp-osf -- exit 0 ;; -+ exit ;; - i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk - else - echo ${UNAME_MACHINE}-unknown-osf1 - fi -- exit 0 ;; -+ exit ;; - parisc*:Lites*:*:*) - echo hppa1.1-hp-lites -- exit 0 ;; -+ exit ;; - C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd -- exit 0 ;; -+ exit ;; - C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi -- exit 0 ;; -+ exit ;; - C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd -- exit 0 ;; -+ exit ;; - C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd -- exit 0 ;; -+ exit ;; - C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd -- exit 0 ;; -+ exit ;; - CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ exit ;; - CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ - | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ - -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ exit ;; - CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ exit ;; - CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ exit ;; - CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ exit ;; - *:UNICOS/mp:*:*) -- echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -- exit 0 ;; -+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' -+ exit ;; - F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" -- exit 0 ;; -+ exit ;; -+ 5000:UNIX_System_V:4.*:*) -+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` -+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` -+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" -+ exit ;; - i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} -- exit 0 ;; -- *:FreeBSD:*:*|*:GNU/FreeBSD:*:*) -- # Determine whether the default compiler uses glibc. -- eval $set_cc_for_build -- sed 's/^ //' << EOF >$dummy.c -- #include <features.h> -- #if __GLIBC__ >= 2 -- LIBC=gnu -- #else -- LIBC= -- #endif --EOF -- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` -- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} -- exit 0 ;; -+ exit ;; -+ *:FreeBSD:*:*) -+ case ${UNAME_MACHINE} in -+ pc98) -+ echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; -+ amd64) -+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; -+ *) -+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; -+ esac -+ exit ;; - i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin -- exit 0 ;; -- i*:MINGW*:*) -+ exit ;; -+ *:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 -- exit 0 ;; -+ exit ;; -+ i*:windows32*:*) -+ # uname -m includes "-pc" on this system. -+ echo ${UNAME_MACHINE}-mingw32 -+ exit ;; - i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 -- exit 0 ;; -- x86:Interix*:[34]*) -- echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' -- exit 0 ;; -+ exit ;; -+ *:Interix*:*) -+ case ${UNAME_MACHINE} in -+ x86) -+ echo i586-pc-interix${UNAME_RELEASE} -+ exit ;; -+ authenticamd | genuineintel | EM64T) -+ echo x86_64-unknown-interix${UNAME_RELEASE} -+ exit ;; -+ IA64) -+ echo ia64-unknown-interix${UNAME_RELEASE} -+ exit ;; -+ esac ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks -- exit 0 ;; -+ exit ;; -+ 8664:Windows_NT:*) -+ echo x86_64-pc-mks -+ exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix -- exit 0 ;; -+ exit ;; - i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin -- exit 0 ;; -+ exit ;; -+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) -+ echo x86_64-unknown-cygwin -+ exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin -- exit 0 ;; -+ exit ;; - prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` -- exit 0 ;; -+ exit ;; - *:GNU:*:*) -+ # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` -- exit 0 ;; -+ exit ;; -+ *:GNU/*:*:*) -+ # other systems with GNU libc and userland -+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu -+ exit ;; - i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix -- exit 0 ;; -+ exit ;; -+ alpha:Linux:*:*) -+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in -+ EV5) UNAME_MACHINE=alphaev5 ;; -+ EV56) UNAME_MACHINE=alphaev56 ;; -+ PCA56) UNAME_MACHINE=alphapca56 ;; -+ PCA57) UNAME_MACHINE=alphapca56 ;; -+ EV6) UNAME_MACHINE=alphaev6 ;; -+ EV67) UNAME_MACHINE=alphaev67 ;; -+ EV68*) UNAME_MACHINE=alphaev68 ;; -+ esac -+ objdump --private-headers /bin/sh | grep -q ld.so.1 -+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi -+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} -+ exit ;; - arm*:Linux:*:*) -+ eval $set_cc_for_build -+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ -+ | grep -q __ARM_EABI__ -+ then -+ echo ${UNAME_MACHINE}-unknown-linux-gnu -+ else -+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi -+ fi -+ exit ;; -+ avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu -- exit 0 ;; -+ exit ;; - cris:Linux:*:*) - echo cris-axis-linux-gnu -- exit 0 ;; -- ia64:Linux:*:*) -- echo ${UNAME_MACHINE}-${VENDOR:-unknown}-linux-gnu -- exit 0 ;; -- m68*:Linux:*:*) -- echo ${UNAME_MACHINE}-unknown-linux-gnu -- exit 0 ;; -- mips:Linux:*:*) -+ exit ;; -+ crisv32:Linux:*:*) -+ echo crisv32-axis-linux-gnu -+ exit ;; -+ frv:Linux:*:*) -+ echo frv-unknown-linux-gnu -+ exit ;; -+ i*86:Linux:*:*) -+ LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -- #undef CPU -- #undef mips -- #undef mipsel -- #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) -- CPU=mipsel -- #else -- #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) -- CPU=mips -- #else -- CPU= -- #endif -+ #ifdef __dietlibc__ -+ LIBC=dietlibc - #endif - EOF -- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` -- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 -- ;; -- mips64:Linux:*:*) -+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` -+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}" -+ exit ;; -+ ia64:Linux:*:*) -+ echo ${UNAME_MACHINE}-unknown-linux-gnu -+ exit ;; -+ m32r*:Linux:*:*) -+ echo ${UNAME_MACHINE}-unknown-linux-gnu -+ exit ;; -+ m68*:Linux:*:*) -+ echo ${UNAME_MACHINE}-unknown-linux-gnu -+ exit ;; -+ mips:Linux:*:* | mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU -- #undef mips64 -- #undef mips64el -+ #undef ${UNAME_MACHINE} -+ #undef ${UNAME_MACHINE}el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) -- CPU=mips64el -+ CPU=${UNAME_MACHINE}el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) -- CPU=mips64 -+ CPU=${UNAME_MACHINE} - #else - CPU= - #endif - #endif - EOF -- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` -- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 -+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` -+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; -- ppc:Linux:*:*) -- echo powerpc-${VENDOR:-unknown}-linux-gnu -- exit 0 ;; -- ppc64:Linux:*:*) -- echo powerpc64-${VENDOR:-unknown}-linux-gnu -- exit 0 ;; -- alpha:Linux:*:*) -- case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in -- EV5) UNAME_MACHINE=alphaev5 ;; -- EV56) UNAME_MACHINE=alphaev56 ;; -- PCA56) UNAME_MACHINE=alphapca56 ;; -- PCA57) UNAME_MACHINE=alphapca56 ;; -- EV6) UNAME_MACHINE=alphaev6 ;; -- EV67) UNAME_MACHINE=alphaev67 ;; -- EV68*) UNAME_MACHINE=alphaev68 ;; -- esac -- objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null -- if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi -- echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} -- exit 0 ;; -+ or32:Linux:*:*) -+ echo or32-unknown-linux-gnu -+ exit ;; -+ padre:Linux:*:*) -+ echo sparc-unknown-linux-gnu -+ exit ;; -+ parisc64:Linux:*:* | hppa64:Linux:*:*) -+ echo hppa64-unknown-linux-gnu -+ exit ;; - parisc:Linux:*:* | hppa:Linux:*:*) - # Look for CPU level - case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in -@@ -885,84 +949,40 @@ - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; - esac -- exit 0 ;; -- parisc64:Linux:*:* | hppa64:Linux:*:*) -- echo hppa64-unknown-linux-gnu -- exit 0 ;; -+ exit ;; -+ ppc64:Linux:*:*) -+ echo powerpc64-unknown-linux-gnu -+ exit ;; -+ ppc:Linux:*:*) -+ echo powerpc-unknown-linux-gnu -+ exit ;; - s390:Linux:*:* | s390x:Linux:*:*) -- echo ${UNAME_MACHINE}-${VENDOR:-ibm}-linux-gnu -- exit 0 ;; -+ echo ${UNAME_MACHINE}-ibm-linux -+ exit ;; - sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu -- exit 0 ;; -+ exit ;; - sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu -- exit 0 ;; -+ exit ;; - sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu -- exit 0 ;; -+ exit ;; -+ vax:Linux:*:*) -+ echo ${UNAME_MACHINE}-dec-linux-gnu -+ exit ;; - x86_64:Linux:*:*) -- echo x86_64-${VENDOR:-unknown}-linux-gnu -- exit 0 ;; -- i*86:Linux:*:*) -- # The BFD linker knows what the default object file format is, so -- # first see if it will tell us. cd to the root directory to prevent -- # problems with other programs or directories called `ld' in the path. -- # Set LC_ALL=C to ensure ld outputs messages in English. -- ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ -- | sed -ne '/supported targets:/!d -- s/[ ][ ]*/ /g -- s/.*supported targets: *// -- s/ .*// -- p'` -- case "$ld_supported_targets" in -- elf32-i386) -- TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" -- ;; -- a.out-i386-linux) -- echo "${UNAME_MACHINE}-pc-linux-gnuaout" -- exit 0 ;; -- coff-i386) -- echo "${UNAME_MACHINE}-pc-linux-gnucoff" -- exit 0 ;; -- "") -- # Either a pre-BFD a.out linker (linux-gnuoldld) or -- # one that does not give us useful --help. -- echo "${UNAME_MACHINE}-pc-linux-gnuoldld" -- exit 0 ;; -- esac -- # Determine whether the default compiler is a.out or elf -- eval $set_cc_for_build -- sed 's/^ //' << EOF >$dummy.c -- #include <features.h> -- #ifdef __ELF__ -- # ifdef __GLIBC__ -- # if __GLIBC__ >= 2 -- LIBC=gnu -- # else -- LIBC=gnulibc1 -- # endif -- # else -- LIBC=gnulibc1 -- # endif -- #else -- #ifdef __INTEL_COMPILER -- LIBC=gnu -- #else -- LIBC=gnuaout -- #endif -- #endif --EOF -- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` -- test x"${LIBC}" != x && echo "${UNAME_MACHINE}-${VENDOR:-pc}-linux-${LIBC}" && exit 0 -- test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 -- ;; -+ echo x86_64-unknown-linux-gnu -+ exit ;; -+ xtensa*:Linux:*:*) -+ echo ${UNAME_MACHINE}-unknown-linux-gnu -+ exit ;; - i*86:DYNIX/ptx:4*:*) - # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. - # earlier versions are messed up and put the nodename in both - # sysname and nodename. - echo i386-sequent-sysv4 -- exit 0 ;; -+ exit ;; - i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... -@@ -970,24 +990,27 @@ - # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} -- exit 0 ;; -+ exit ;; - i*86:OS/2:*:*) - # If we were able to find `uname', then EMX Unix compatibility - # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx -- exit 0 ;; -+ exit ;; - i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop -- exit 0 ;; -+ exit ;; - i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos -- exit 0 ;; -- i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) -+ exit ;; -+ i*86:syllable:*:*) -+ echo ${UNAME_MACHINE}-pc-syllable -+ exit ;; -+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp -- exit 0 ;; -+ exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` - if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then -@@ -995,15 +1018,16 @@ - else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} - fi -- exit 0 ;; -- i*86:*:5:[78]*) -+ exit ;; -+ i*86:*:5:[678]*) -+ # UnixWare 7.x, OpenUNIX and OpenServer 6. - case `/bin/uname -X | grep "^Machine"` in - *486*) UNAME_MACHINE=i486 ;; - *Pentium) UNAME_MACHINE=i586 ;; - *Pent*|*Celeron) UNAME_MACHINE=i686 ;; - esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} -- exit 0 ;; -+ exit ;; - i*86:*:3.2:*) - if test -f /usr/options/cb.name; then - UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` -@@ -1021,73 +1045,86 @@ - else - echo ${UNAME_MACHINE}-pc-sysv32 - fi -- exit 0 ;; -+ exit ;; - pc:*:*:*) - # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about -- # the processor, so we play safe by assuming i386. -- echo i386-pc-msdosdjgpp -- exit 0 ;; -+ # the processor, so we play safe by assuming i586. -+ # Note: whatever this is, it MUST be the same as what config.sub -+ # prints for the "djgpp" host, or else GDB configury will decide that -+ # this is a cross-build. -+ echo i586-pc-msdosdjgpp -+ exit ;; - Intel:Mach:3*:*) - echo i386-pc-mach3 -- exit 0 ;; -+ exit ;; - paragon:*:*:*) - echo i860-intel-osf1 -- exit 0 ;; -+ exit ;; - i860:*:4.*:*) # i860-SVR4 - if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 - else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 - fi -- exit 0 ;; -+ exit ;; - mini*:CTIX:SYS*5:*) - # "miniframe" - echo m68010-convergent-sysv -- exit 0 ;; -+ exit ;; - mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv -- exit 0 ;; -+ exit ;; - M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix -- exit 0 ;; -- M68*:*:R3V[567]*:*) -- test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; -- 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0) -+ exit ;; -+ M68*:*:R3V[5678]*:*) -+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; -+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) - OS_REL='' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ -- && echo i486-ncr-sysv4.3${OS_REL} && exit 0 -+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ -- && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; -+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ -- && echo i486-ncr-sysv4 && exit 0 ;; -+ && { echo i486-ncr-sysv4; exit; } ;; -+ NCR*:*:4.2:* | MPRAS*:*:4.2:*) -+ OS_REL='.3' -+ test -r /etc/.relid \ -+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` -+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ -+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } -+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ -+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } -+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ -+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 -- exit 0 ;; -+ exit ;; - TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} -- exit 0 ;; -- PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) -+ exit ;; -+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 -- exit 0 ;; -+ exit ;; - RM*:SINIX-*:*:*) - echo mips-sni-sysv4 -- exit 0 ;; -+ exit ;; - *:SINIX-*:*:*) - if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=`(uname -p) 2>/dev/null` -@@ -1095,68 +1132,94 @@ - else - echo ns32k-sni-sysv - fi -- exit 0 ;; -+ exit ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says <Richard.M.Bartel@ccMail.Census.GOV> - echo i586-unisys-sysv4 -- exit 0 ;; -+ exit ;; - *:UNIX_System_V:4*:FTX*) - # From Gerald Hewes <hewes@openmarket.com>. - # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 -- exit 0 ;; -+ exit ;; - *:*:*:FTX*) - # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 -- exit 0 ;; -+ exit ;; -+ i*86:VOS:*:*) -+ # From Paul.Green@stratus.com. -+ echo ${UNAME_MACHINE}-stratus-vos -+ exit ;; - *:VOS:*:*) - # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos -- exit 0 ;; -+ exit ;; - mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 -- exit 0 ;; -+ exit ;; - R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} - else - echo mips-unknown-sysv${UNAME_RELEASE} - fi -- exit 0 ;; -+ exit ;; - BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos -- exit 0 ;; -+ exit ;; - BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos -- exit 0 ;; -+ exit ;; - BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos -- exit 0 ;; -+ exit ;; -+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible. -+ echo i586-pc-haiku -+ exit ;; - SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; -+ SX-7:SUPER-UX:*:*) -+ echo sx7-nec-superux${UNAME_RELEASE} -+ exit ;; -+ SX-8:SUPER-UX:*:*) -+ echo sx8-nec-superux${UNAME_RELEASE} -+ exit ;; -+ SX-8R:SUPER-UX:*:*) -+ echo sx8r-nec-superux${UNAME_RELEASE} -+ exit ;; - Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:Darwin:*:*) -- case `uname -p` in -- *86) UNAME_PROCESSOR=i686 ;; -- powerpc) UNAME_PROCESSOR=powerpc ;; -+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown -+ case $UNAME_PROCESSOR in -+ i386) -+ eval $set_cc_for_build -+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then -+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ -+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ -+ grep IS_64BIT_ARCH >/dev/null -+ then -+ UNAME_PROCESSOR="x86_64" -+ fi -+ fi ;; -+ unknown) UNAME_PROCESSOR=powerpc ;; - esac - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:procnto*:*:* | *:QNX:[0123456789]*:*) - UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then -@@ -1164,22 +1227,25 @@ - UNAME_MACHINE=pc - fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:QNX:*:4*) - echo i386-pc-qnx -- exit 0 ;; -- NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) -+ exit ;; -+ NSE-?:NONSTOP_KERNEL:*:*) -+ echo nse-tandem-nsk${UNAME_RELEASE} -+ exit ;; -+ NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:NonStop-UX:*:*) - echo mips-compaq-nonstopux -- exit 0 ;; -+ exit ;; - BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv -- exit 0 ;; -+ exit ;; - DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; - *:Plan9:*:*) - # "uname -m" is not consistent, so use $cputype instead. 386 - # is converted to i386 for consistency with other x86 -@@ -1190,28 +1256,50 @@ - UNAME_MACHINE="$cputype" - fi - echo ${UNAME_MACHINE}-unknown-plan9 -- exit 0 ;; -+ exit ;; - *:TOPS-10:*:*) - echo pdp10-unknown-tops10 -- exit 0 ;; -+ exit ;; - *:TENEX:*:*) - echo pdp10-unknown-tenex -- exit 0 ;; -+ exit ;; - KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 -- exit 0 ;; -+ exit ;; - XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 -- exit 0 ;; -+ exit ;; - *:TOPS-20:*:*) - echo pdp10-unknown-tops20 -- exit 0 ;; -+ exit ;; - *:ITS:*:*) - echo pdp10-unknown-its -- exit 0 ;; -+ exit ;; - SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} -- exit 0 ;; -+ exit ;; -+ *:DragonFly:*:*) -+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` -+ exit ;; -+ *:*VMS:*:*) -+ UNAME_MACHINE=`(uname -p) 2>/dev/null` -+ case "${UNAME_MACHINE}" in -+ A*) echo alpha-dec-vms ; exit ;; -+ I*) echo ia64-dec-vms ; exit ;; -+ V*) echo vax-dec-vms ; exit ;; -+ esac ;; -+ *:XENIX:*:SysV) -+ echo i386-pc-xenix -+ exit ;; -+ i*86:skyos:*:*) -+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' -+ exit ;; -+ i*86:rdos:*:*) -+ echo ${UNAME_MACHINE}-pc-rdos -+ exit ;; -+ i*86:AROS:*:*) -+ echo ${UNAME_MACHINE}-pc-aros -+ exit ;; - esac - - #echo '(No uname command or uname output not recognized.)' 1>&2 -@@ -1243,7 +1331,7 @@ - #endif - - #if defined (__arm) && defined (__acorn) && defined (__unix) -- printf ("arm-acorn-riscix"); exit (0); -+ printf ("arm-acorn-riscix\n"); exit (0); - #endif - - #if defined (hp300) && !defined (hpux) -@@ -1332,11 +1420,12 @@ - } - EOF - --$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 -+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && -+ { echo "$SYSTEM_NAME"; exit; } - - # Apollos put the system type in the environment. - --test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } -+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - - # Convex versions that predate uname can use getsysinfo(1) - -@@ -1345,22 +1434,22 @@ - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd -- exit 0 ;; -+ exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi -- exit 0 ;; -+ exit ;; - c34*) - echo c34-convex-bsd -- exit 0 ;; -+ exit ;; - c38*) - echo c38-convex-bsd -- exit 0 ;; -+ exit ;; - c4*) - echo c4-convex-bsd -- exit 0 ;; -+ exit ;; - esac - fi - -@@ -1371,7 +1460,9 @@ - the operating system you are using. It is advised that you - download the most up to date version of the config scripts from - -- ftp://ftp.gnu.org/pub/gnu/config/ -+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD -+and -+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD - - If the version you run ($0) is already up to date, please - send the following data and any information you think might be ---- misc/xmlsec1-1.2.12/config.sub 2010-04-15 09:29:35.000000000 +0000 -+++ misc/build/xmlsec1-1.2.12/config.sub 2010-04-15 09:29:46.000000000 +0000 -@@ -1,9 +1,10 @@ - #! /bin/sh - # Configuration validation subroutine script. - # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, --# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. -+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 -+# Free Software Foundation, Inc. - --timestamp='2003-06-18' -+timestamp='2010-01-22' - - # This file is (in principle) common to ALL GNU software. - # The presence of a machine in this file suggests that SOME GNU software -@@ -21,22 +22,26 @@ - # - # You should have received a copy of the GNU General Public License - # along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place - Suite 330, --# Boston, MA 02111-1307, USA. -- -+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -+# 02110-1301, USA. -+# - # As a special exception to the GNU General Public License, if you - # distribute this file as part of a program that contains a - # configuration script generated by Autoconf, you may include it under - # the same distribution terms that you use for the rest of that program. - -+ - # Please send patches to <config-patches@gnu.org>. Submit a context --# diff and a properly formatted ChangeLog entry. -+# diff and a properly formatted GNU ChangeLog entry. - # - # Configuration subroutine to validate and canonicalize a configuration type. - # Supply the specified configuration type as an argument. - # If it is invalid, we print an error message on stderr and exit with code 1. - # Otherwise, we print the canonical config type on stdout and succeed. - -+# You can get the latest version of this script from: -+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD -+ - # This file is supposed to be the same for all GNU packages - # and recognize all the CPU types, system types and aliases - # that are meaningful with *any* GNU software. -@@ -70,8 +75,9 @@ - version="\ - GNU config.sub ($timestamp) - --Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 --Free Software Foundation, Inc. -+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free -+Software Foundation, Inc. - - This is free software; see the source for copying conditions. There is NO - warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." -@@ -83,11 +89,11 @@ - while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) -- echo "$timestamp" ; exit 0 ;; -+ echo "$timestamp" ; exit ;; - --version | -v ) -- echo "$version" ; exit 0 ;; -+ echo "$version" ; exit ;; - --help | --h* | -h ) -- echo "$usage"; exit 0 ;; -+ echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. -@@ -99,7 +105,7 @@ - *local*) - # First pass through any local machine types. - echo $1 -- exit 0;; -+ exit ;; - - * ) - break ;; -@@ -118,7 +124,10 @@ - # Here we must recognize all the valid KERNEL-OS combinations. - maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` - case $maybe_os in -- nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) -+ nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ -+ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ -+ kopensolaris*-gnu* | \ -+ storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; -@@ -144,10 +153,13 @@ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -- -apple | -axis) -+ -apple | -axis | -knuth | -cray | -microblaze) - os= - basic_machine=$1 - ;; -+ -bluegene*) -+ os=-cnk -+ ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 -@@ -169,6 +181,10 @@ - -hiux*) - os=-hiuxwe2 - ;; -+ -sco6) -+ os=-sco5v6 -+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` -+ ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` -@@ -185,6 +201,10 @@ - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; -+ -sco5v6*) -+ # Don't forget version if it is 3.2v4 or newer. -+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` -+ ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` -@@ -228,54 +248,71 @@ - | a29k \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ -- | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ -+ | am33_2.0 \ -+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ -+ | bfin \ - | c4x | clipper \ - | d10v | d30v | dlx | dsp16xx \ -- | fr30 | frv \ -+ | fido | fr30 | frv \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | i370 | i860 | i960 | ia64 \ -- | ip2k \ -- | m32r | m68000 | m68k | m88k | mcore \ -+ | ip2k | iq2000 \ -+ | lm32 \ -+ | m32c | m32r | m32rle | m68000 | m68k | m88k \ -+ | maxq | mb | microblaze | mcore | mep | metag \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ -- | mips64vr | mips64vrel \ -+ | mips64octeon | mips64octeonel \ - | mips64orion | mips64orionel \ -+ | mips64r5900 | mips64r5900el \ -+ | mips64vr | mips64vrel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ -+ | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa64 | mipsisa64el \ -+ | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ -+ | moxie \ -+ | mt \ - | msp430 \ -+ | nios | nios2 \ - | ns16k | ns32k \ -- | openrisc | or32 \ -+ | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ - | pyramid \ -- | s390 | s390x \ -- | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ -+ | rx \ -+ | score \ -+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ -- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ -- | strongarm \ -+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ -+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ -+ | spu | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ -+ | ubicom32 \ - | v850 | v850e \ - | we32k \ -- | x86 | xscale | xstormy16 | xtensa \ -- | z8k) -+ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ -+ | z8k | z80) - basic_machine=$basic_machine-unknown - ;; -- m6811 | m68hc11 | m6812 | m68hc12) -+ m6811 | m68hc11 | m6812 | m68hc12 | picochip) - # Motorola 68HC11/12. - basic_machine=$basic_machine-unknown - os=-none - ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) - ;; -+ ms1) -+ basic_machine=mt-unknown -+ ;; - - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and -@@ -295,55 +332,69 @@ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ -- | avr-* \ -- | bs2000-* \ -+ | avr-* | avr32-* \ -+ | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ -- | clipper-* | cydra-* \ -+ | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ -- | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ -+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | i*86-* | i860-* | i960-* | ia64-* \ -- | ip2k-* \ -- | m32r-* \ -+ | ip2k-* | iq2000-* \ -+ | lm32-* \ -+ | m32c-* | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ -- | m88110-* | m88k-* | mcore-* \ -+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ -- | mips64vr-* | mips64vrel-* \ -+ | mips64octeon-* | mips64octeonel-* \ - | mips64orion-* | mips64orionel-* \ -+ | mips64r5900-* | mips64r5900el-* \ -+ | mips64vr-* | mips64vrel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ -+ | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa64-* | mipsisa64el-* \ -+ | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipstx39-* | mipstx39el-* \ -+ | mmix-* \ -+ | mt-* \ - | msp430-* \ -- | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ -+ | nios-* | nios2-* \ -+ | none-* | np1-* | ns16k-* | ns32k-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ - | pyramid-* \ -- | romp-* | rs6000-* \ -- | s390-* | s390x-* \ -- | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ -+ | romp-* | rs6000-* | rx-* \ -+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ -- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ -- | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ -+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ -+ | sparclite-* \ -+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ -+ | tile-* | tilegx-* \ - | tron-* \ -+ | ubicom32-* \ - | v850-* | v850e-* | vax-* \ - | we32k-* \ -- | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ -- | xtensa-* \ -+ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ -+ | xstormy16-* | xtensa*-* \ - | ymp-* \ -- | z8k-*) -+ | z8k-* | z80-*) -+ ;; -+ # Recognize the basic CPU types without company name, with glob match. -+ xtensa*) -+ basic_machine=$basic_machine-unknown - ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. -@@ -361,6 +412,9 @@ - basic_machine=a29k-amd - os=-udi - ;; -+ abacus) -+ basic_machine=abacus-unknown -+ ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout -@@ -378,6 +432,9 @@ - amd64) - basic_machine=x86_64-pc - ;; -+ amd64-*) -+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` -+ ;; - amdahl) - basic_machine=580-amdahl - os=-sysv -@@ -401,6 +458,10 @@ - basic_machine=m68k-apollo - os=-bsd - ;; -+ aros) -+ basic_machine=i386-pc -+ os=-aros -+ ;; - aux) - basic_machine=m68k-apple - os=-aux -@@ -409,10 +470,26 @@ - basic_machine=ns32k-sequent - os=-dynix - ;; -+ blackfin) -+ basic_machine=bfin-unknown -+ os=-linux -+ ;; -+ blackfin-*) -+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` -+ os=-linux -+ ;; -+ bluegene*) -+ basic_machine=powerpc-ibm -+ os=-cnk -+ ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; -+ cegcc) -+ basic_machine=arm-unknown -+ os=-cegcc -+ ;; - convex-c1) - basic_machine=c1-convex - os=-bsd -@@ -437,12 +514,27 @@ - basic_machine=j90-cray - os=-unicos - ;; -+ craynv) -+ basic_machine=craynv-cray -+ os=-unicosmp -+ ;; -+ cr16) -+ basic_machine=cr16-unknown -+ os=-elf -+ ;; - crds | unos) - basic_machine=m68k-crds - ;; -+ crisv32 | crisv32-* | etraxfs*) -+ basic_machine=crisv32-axis -+ ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; -+ crx) -+ basic_machine=crx-unknown -+ os=-elf -+ ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; -@@ -465,6 +557,14 @@ - basic_machine=m88k-motorola - os=-sysv3 - ;; -+ dicos) -+ basic_machine=i686-pc -+ os=-dicos -+ ;; -+ djgpp) -+ basic_machine=i586-pc -+ os=-msdosdjgpp -+ ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx -@@ -615,6 +715,14 @@ - basic_machine=m68k-isi - os=-sysv - ;; -+ m68knommu) -+ basic_machine=m68k-unknown -+ os=-linux -+ ;; -+ m68knommu-*) -+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` -+ os=-linux -+ ;; - m88k-omron*) - basic_machine=m88k-omron - ;; -@@ -626,10 +734,17 @@ - basic_machine=ns32k-utek - os=-sysv - ;; -+ microblaze) -+ basic_machine=microblaze-xilinx -+ ;; - mingw32) - basic_machine=i386-pc - os=-mingw32 - ;; -+ mingw32ce) -+ basic_machine=arm-unknown -+ os=-mingw32ce -+ ;; - miniframe) - basic_machine=m68000-convergent - ;; -@@ -643,10 +758,6 @@ - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; -- mmix*) -- basic_machine=mmix-knuth -- os=-mmixware -- ;; - monitor) - basic_machine=m68k-rom68k - os=-coff -@@ -659,6 +770,9 @@ - basic_machine=i386-pc - os=-msdos - ;; -+ ms1-*) -+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` -+ ;; - mvs) - basic_machine=i370-ibm - os=-mvs -@@ -727,10 +841,6 @@ - np1) - basic_machine=np1-gould - ;; -- nv1) -- basic_machine=nv1-cray -- os=-unicosmp -- ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; -@@ -738,9 +848,12 @@ - basic_machine=hppa1.1-oki - os=-proelf - ;; -- or32 | or32-*) -+ openrisc | openrisc-*) - basic_machine=or32-unknown -- os=-coff -+ ;; -+ os400) -+ basic_machine=powerpc-ibm -+ os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson -@@ -758,6 +871,14 @@ - basic_machine=i860-intel - os=-osf - ;; -+ parisc) -+ basic_machine=hppa-unknown -+ os=-linux -+ ;; -+ parisc-*) -+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` -+ os=-linux -+ ;; - pbd) - basic_machine=sparc-tti - ;; -@@ -767,6 +888,12 @@ - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; -+ pc98) -+ basic_machine=i386-pc -+ ;; -+ pc98-*) -+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` -+ ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; -@@ -823,6 +950,10 @@ - basic_machine=i586-unknown - os=-pw32 - ;; -+ rdos) -+ basic_machine=i386-pc -+ os=-rdos -+ ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff -@@ -833,6 +964,12 @@ - rtpc | rtpc-*) - basic_machine=romp-ibm - ;; -+ s390 | s390-*) -+ basic_machine=s390-ibm -+ ;; -+ s390x | s390x-*) -+ basic_machine=s390x-ibm -+ ;; - sa29200) - basic_machine=a29k-amd - os=-udi -@@ -843,6 +980,10 @@ - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; -+ sde) -+ basic_machine=mipsisa32-sde -+ os=-elf -+ ;; - sei) - basic_machine=mips-sei - os=-seiux -@@ -854,6 +995,9 @@ - basic_machine=sh-hitachi - os=-hms - ;; -+ sh5el) -+ basic_machine=sh5le-unknown -+ ;; - sh64) - basic_machine=sh64-unknown - ;; -@@ -943,6 +1087,15 @@ - basic_machine=tic6x-unknown - os=-coff - ;; -+ # This must be matched before tile*. -+ tilegx*) -+ basic_machine=tilegx-unknown -+ os=-linux-gnu -+ ;; -+ tile*) -+ basic_machine=tile-unknown -+ os=-linux-gnu -+ ;; - tx39) - basic_machine=mipstx39-unknown - ;; -@@ -956,6 +1109,10 @@ - tower | tower-32) - basic_machine=m68k-ncr - ;; -+ tpf) -+ basic_machine=s390x-ibm -+ os=-tpf -+ ;; - udi29k) - basic_machine=a29k-amd - os=-udi -@@ -999,6 +1156,10 @@ - basic_machine=hppa1.1-winbond - os=-proelf - ;; -+ xbox) -+ basic_machine=i686-pc -+ os=-mingw32 -+ ;; - xps | xps100) - basic_machine=xps100-honeywell - ;; -@@ -1010,6 +1171,10 @@ - basic_machine=z8k-unknown - os=-sim - ;; -+ z80-*-coff) -+ basic_machine=z80-unknown -+ os=-sim -+ ;; - none) - basic_machine=none-none - os=-none -@@ -1029,6 +1194,9 @@ - romp) - basic_machine=romp-ibm - ;; -+ mmix) -+ basic_machine=mmix-knuth -+ ;; - rs6000) - basic_machine=rs6000-ibm - ;; -@@ -1045,13 +1213,10 @@ - we32k) - basic_machine=we32k-att - ;; -- sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) -+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown - ;; -- sh64) -- basic_machine=sh64-unknown -- ;; -- sparc | sparcv9 | sparcv9b) -+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun - ;; - cydra) -@@ -1098,6 +1263,9 @@ - # First match some system type aliases - # that might get confused with valid system types. - # -solaris* is a basic system type, with this one exception. -+ -auroraux) -+ os=-auroraux -+ ;; - -solaris1 | -solaris1.*) - os=`echo $os | sed -e 's|solaris1|sunos4|'` - ;; -@@ -1118,25 +1286,30 @@ - # Each alternative MUST END IN A *, to match a version number. - # -sysv* is not here because it comes later, after sysvr4. - -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ -- | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ -- | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ -+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ -+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ -+ | -sym* | -kopensolaris* \ - | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ -- | -aos* \ -+ | -aos* | -aros* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ -- | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ -- | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ -+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ -+ | -openbsd* | -solidbsd* \ -+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ -+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ -- | -chorusos* | -chorusrdb* \ -+ | -chorusos* | -chorusrdb* | -cegcc* \ - | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ -- | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ -+ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ -+ | -uxpv* | -beos* | -mpeix* | -udk* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ -- | -powermax* | -dnix* | -nx6 | -nx7 | -sei*) -+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ -+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) - # Remember, each alternative MUST END IN *, to match a version number. - ;; - -qnx*) -@@ -1154,12 +1327,15 @@ - os=`echo $os | sed -e 's|nto|nto-qnx|'` - ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ -- | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ -+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) - ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` - ;; -+ -linux-dietlibc) -+ os=-linux-dietlibc -+ ;; - -linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` - ;; -@@ -1172,6 +1348,9 @@ - -opened*) - os=-openedition - ;; -+ -os400*) -+ os=-os400 -+ ;; - -wince*) - os=-wince - ;; -@@ -1193,6 +1372,9 @@ - -atheos*) - os=-atheos - ;; -+ -syllable*) -+ os=-syllable -+ ;; - -386bsd) - os=-bsd - ;; -@@ -1215,6 +1397,9 @@ - -sinix*) - os=-sysv4 - ;; -+ -tpf*) -+ os=-tpf -+ ;; - -triton*) - os=-sysv3 - ;; -@@ -1251,6 +1436,14 @@ - -kaos*) - os=-kaos - ;; -+ -zvmoe) -+ os=-zvmoe -+ ;; -+ -dicos*) -+ os=-dicos -+ ;; -+ -nacl*) -+ ;; - -none) - ;; - *) -@@ -1273,6 +1466,12 @@ - # system, and we'll never get to this point. - - case $basic_machine in -+ score-*) -+ os=-elf -+ ;; -+ spu-*) -+ os=-elf -+ ;; - *-acorn) - os=-riscix1.2 - ;; -@@ -1282,8 +1481,8 @@ - arm*-semi) - os=-aout - ;; -- c4x-* | tic4x-*) -- os=-coff -+ c4x-* | tic4x-*) -+ os=-coff - ;; - # This must come before the *-dec entry. - pdp10-*) -@@ -1310,6 +1509,9 @@ - m68*-cisco) - os=-aout - ;; -+ mep-*) -+ os=-elf -+ ;; - mips*-cisco) - os=-elf - ;; -@@ -1328,9 +1530,15 @@ - *-be) - os=-beos - ;; -+ *-haiku) -+ os=-haiku -+ ;; - *-ibm) - os=-aix - ;; -+ *-knuth) -+ os=-mmixware -+ ;; - *-wec) - os=-proelf - ;; -@@ -1433,7 +1641,7 @@ - -sunos*) - vendor=sun - ;; -- -aix*) -+ -cnk*|-aix*) - vendor=ibm - ;; - -beos*) -@@ -1463,9 +1671,15 @@ - -mvs* | -opened*) - vendor=ibm - ;; -+ -os400*) -+ vendor=ibm -+ ;; - -ptx*) - vendor=sequent - ;; -+ -tpf*) -+ vendor=ibm -+ ;; - -vxsim* | -vxworks* | -windiss*) - vendor=wrs - ;; -@@ -1490,7 +1704,7 @@ - esac - - echo $basic_machine$os --exit 0 -+exit - - # Local variables: - # eval: (add-hook 'write-file-hooks 'time-stamp) diff --git a/libxmlsec/xmlsec1-vc.patch b/libxmlsec/xmlsec1-vc.patch new file mode 100644 index 000000000000..3f3d00ec30f2 --- /dev/null +++ b/libxmlsec/xmlsec1-vc.patch @@ -0,0 +1,25 @@ +--- build/xmlsec1-1.2.14/win32/Makefile.msvc.old 2010-10-20 00:49:04.671875000 +0200 ++++ build/xmlsec1-1.2.14/win32/Makefile.msvc 2010-10-20 00:49:23.406250000 +0200 +@@ -351,7 +351,11 @@ + !if "$(DEBUG)" == "1" + LDFLAGS = $(LDFLAGS) /DEBUG + !else +-LDFLAGS = $(LDFLAGS) /OPT:NOWIN98 ++!if "$(_NMAKE_VER)" >= "10.00.30319.01" ++LDFLAGS = $(LDFLAGS) ++!else ++LDFLAGS = $(LDFLAGS) /OPT:NOWIN98 ++!endif + !endif + + SOLIBS = $(LIBS) libxml2.lib +--- build/xmlsec/win32/Makefile.msvc.old 2012-11-30 11:09:23.130479800 -0500 ++++ build/xmlsec/win32/Makefile.msvc 2012-11-30 11:11:06.037550700 -0500 +@@ -301,6 +301,7 @@ + CFLAGS = $(CFLAGS) /D "HAVE_STDIO_H" /D "HAVE_STDLIB_H" + CFLAGS = $(CFLAGS) /D "HAVE_STRING_H" /D "HAVE_CTYPE_H" + CFLAGS = $(CFLAGS) /D "HAVE_MALLOC_H" /D "HAVE_MEMORY_H" ++CFLAGS = $(CFLAGS) $(SOLARINC) + + # Optimisation and debug symbols. + !if "$(DEBUG)" == "1" diff --git a/libxmlsec/xmlsec1-vc10.patch b/libxmlsec/xmlsec1-vc10.patch deleted file mode 100644 index 72a1d2147cde..000000000000 --- a/libxmlsec/xmlsec1-vc10.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- misc/build/xmlsec1-1.2.14/win32/Makefile.msvc.old 2010-10-20 00:49:04.671875000 +0200 -+++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc 2010-10-20 00:49:23.406250000 +0200 -@@ -351,7 +351,11 @@ - !if "$(DEBUG)" == "1" - LDFLAGS = $(LDFLAGS) /DEBUG - !else --LDFLAGS = $(LDFLAGS) /OPT:NOWIN98 -+!if "$(_NMAKE_VER)" >= "10.00.30319.01" -+LDFLAGS = $(LDFLAGS) -+!else -+LDFLAGS = $(LDFLAGS) /OPT:NOWIN98 -+!endif - !endif - - SOLIBS = $(LIBS) libxml2.lib diff --git a/tail_build/prj/build.lst b/tail_build/prj/build.lst index 3b8a97e642a3..809069859e08 100644 --- a/tail_build/prj/build.lst +++ b/tail_build/prj/build.lst @@ -1,2 +1,2 @@ -tb tail_build : CPPUNIT:cppunit EXPAT:expat FONTCONFIG:fontconfig ICU:icu LIBPNG:libpng LIBXML2:libxml2 libxmlsec LIBXSLT:libxslt MOZ:moz NSS:nss OPENSSL:openssl PYTHON:python3 REDLAND:redland XPDF:xpdf ZLIB:zlib external solenv soltools NULL +tb tail_build : CPPUNIT:cppunit EXPAT:expat FONTCONFIG:fontconfig ICU:icu LIBPNG:libpng LIBXML2:libxml2 LIBXSLT:libxslt MOZ:moz NSS:nss OPENSSL:openssl PYTHON:python3 REDLAND:redland XPDF:xpdf ZLIB:zlib external solenv soltools NULL tb tail_build\prj nmake - all tb_prj NULL diff --git a/xmlsecurity/Library_xsec_xmlsec.mk b/xmlsecurity/Library_xsec_xmlsec.mk index 29010b709071..68cdf0a094de 100644 --- a/xmlsecurity/Library_xsec_xmlsec.mk +++ b/xmlsecurity/Library_xsec_xmlsec.mk @@ -38,6 +38,7 @@ $(eval $(call gb_Library_set_include,xsec_xmlsec,\ $$(INCLUDE) \ -I$(SRCDIR)/xmlsecurity/inc \ -I$(SRCDIR)/xmlsecurity/source/xmlsec \ + -I$(call gb_UnpackedTarball_get_dir,xmlsec/include) \ )) $(eval $(call gb_Library_use_sdk_api,xsec_xmlsec)) @@ -68,6 +69,9 @@ $(eval $(call gb_Library_use_libraries,xsec_xmlsec,\ $(gb_UWINAPI) \ )) +$(eval $(call gb_Library_use_packages,xsec_xmlsec,\ + xmlsec \ +)) $(eval $(call gb_Library_use_externals,xsec_xmlsec,\ libxml2 \ nss3 \ |