[Libreoffice-commits] core.git: external/libxmlsec
Miklos Vajna
vmiklos at collabora.co.uk
Mon Mar 7 09:03:43 UTC 2016
external/libxmlsec/UnpackedTarball_xmlsec.mk | 11
external/libxmlsec/include/akmngr_mscrypto.h | 72
external/libxmlsec/include/akmngr_nss.h | 57
external/libxmlsec/include/ciphers.h | 36
external/libxmlsec/include/tokens.h | 183
external/libxmlsec/src/akmngr_mscrypto.c | 237
external/libxmlsec/src/akmngr_nss.c | 384 -
external/libxmlsec/src/keywrapers.c | 1213 ----
external/libxmlsec/src/tokens.c | 548 -
external/libxmlsec/xmlsec1-customkeymanage.patch | 3308 -----------
external/libxmlsec/xmlsec1-customkeymanage.patch.1 | 6149 +++++++++++++++++++++
11 files changed, 6150 insertions(+), 6048 deletions(-)
New commits:
commit 9e3a15c728255a7874179c7104de366b0e056928
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Mon Mar 7 09:32:27 2016 +0100
libxmlsec: move new files back to xmlsec1-customkeymanage.patch
That was the situation before commit
ec6af4194e80f5f0b2e46ca59802ff397a2a4a24 (convert libxmlsec to gbuild,
2012-11-29), and if we ever manage to upstream this patch, then it'll
just make the review process harder if half of the patch is in separate
files.
Change-Id: I0d12d72ea7a1a2591d1ef5232c006b6b7fea7aff
Reviewed-on: https://gerrit.libreoffice.org/22973
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
Tested-by: Jenkins <ci at libreoffice.org>
diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk
index a5a3d25..5915631 100644
--- a/external/libxmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -20,7 +20,7 @@ xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch
xmlsec_patches += xmlsec1-android.patch
# Partial backport of <https://github.com/lsh123/xmlsec/commit/6a4968bc33f83aaf61efc0a80333350ce9c372f5>.
xmlsec_patches += xmlsec1-1.2.14-ansi.patch
-xmlsec_patches += xmlsec1-customkeymanage.patch
+xmlsec_patches += xmlsec1-customkeymanage.patch.1
xmlsec_patches += xmlsec1-update-config.guess.patch.1
# Upstreamed as <https://github.com/lsh123/xmlsec/commit/7069e2b0ab49679008abedd6d223fb95538b0684>.
xmlsec_patches += xmlsec1-ooxml.patch.1
@@ -36,15 +36,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
$(foreach patch,$(xmlsec_patches),external/libxmlsec/$(patch)) \
))
-$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,external/libxmlsec/include/akmngr_mscrypto.h))
-$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/mscrypto/akmngr.c,external/libxmlsec/src/akmngr_mscrypto.c))
-$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/akmngr.h,external/libxmlsec/include/akmngr_nss.h))
-$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/ciphers.h,external/libxmlsec/include/ciphers.h))
-$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/tokens.h,external/libxmlsec/include/tokens.h))
-$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/akmngr.c,external/libxmlsec/src/akmngr_nss.c))
-$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/keywrapers.c,external/libxmlsec/src/keywrapers.c))
-$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/tokens.c,external/libxmlsec/src/tokens.c))
-
ifeq ($(OS)$(COM),WNTGCC)
$(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
external/libxmlsec/xmlsec1-mingw32.patch \
diff --git a/external/libxmlsec/include/akmngr_mscrypto.h b/external/libxmlsec/include/akmngr_mscrypto.h
deleted file mode 100644
index 57ba811..0000000
--- a/external/libxmlsec/include/akmngr_mscrypto.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * XMLSec library
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright ..........................
- */
-#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
-#define __XMLSEC_MSCRYPTO_AKMNGR_H__
-
-#include <windows.h>
-#include <wincrypt.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/transforms.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-xmlSecMSCryptoAppliedKeysMngrCreate(
- HCERTSTORE keyStore ,
- HCERTSTORE certStore
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- HCRYPTKEY symKey
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- HCRYPTKEY pubKey
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- HCRYPTKEY priKey
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
- xmlSecKeysMngrPtr mngr ,
- HCERTSTORE keyStore
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
- xmlSecKeysMngrPtr mngr ,
- HCERTSTORE trustedStore
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
- xmlSecKeysMngrPtr mngr ,
- HCERTSTORE untrustedStore
-) ;
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
-
-
-
diff --git a/external/libxmlsec/include/akmngr_nss.h b/external/libxmlsec/include/akmngr_nss.h
deleted file mode 100644
index a6b8830..0000000
--- a/external/libxmlsec/include/akmngr_nss.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * XMLSec library
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright ..........................
- */
-#ifndef __XMLSEC_NSS_AKMNGR_H__
-#define __XMLSEC_NSS_AKMNGR_H__
-
-#include <nss.h>
-#include <nspr.h>
-#include <pk11func.h>
-#include <cert.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/transforms.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-xmlSecNssAppliedKeysMngrCreate(
- PK11SlotInfo** slots,
- int cSlots,
- CERTCertDBHandle* handler
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssAppliedKeysMngrSymKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- PK11SymKey* symKey
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssAppliedKeysMngrPubKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- SECKEYPublicKey* pubKey
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssAppliedKeysMngrPriKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- SECKEYPrivateKey* priKey
-) ;
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* __XMLSEC_NSS_AKMNGR_H__ */
-
-
-
diff --git a/external/libxmlsec/include/ciphers.h b/external/libxmlsec/include/ciphers.h
deleted file mode 100644
index 8088614..0000000
--- a/external/libxmlsec/include/ciphers.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * XMLSec library
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright ..........................
- */
-#ifndef __XMLSEC_NSS_CIPHERS_H__
-#define __XMLSEC_NSS_CIPHERS_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/transforms.h>
-
-
-XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
- PK11SymKey* symkey ) ;
-
-XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
-
-XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
-
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* __XMLSEC_NSS_CIPHERS_H__ */
-
-
-
diff --git a/external/libxmlsec/include/tokens.h b/external/libxmlsec/include/tokens.h
deleted file mode 100644
index c7c0fa1..0000000
--- a/external/libxmlsec/include/tokens.h
+++ /dev/null
@@ -1,183 +0,0 @@
-/**
- * XMLSec library
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
- *
- * Contributor(s): _____________________________
- *
- */
-#ifndef __XMLSEC_NSS_TOKENS_H__
-#define __XMLSEC_NSS_TOKENS_H__
-
-#include <string.h>
-
-#include <nss.h>
-#include <pk11func.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/list.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-/**
- * xmlSecNssKeySlotListId
- *
- * The crypto mechanism list klass
- */
-#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
-XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
-
-/*******************************************
- * KeySlot interfaces
- *******************************************/
-/**
- * Internal NSS key slot data
- * @mechanismList: the mechanisms that the slot bound with.
- * @slot: the pkcs slot
- *
- * This context is located after xmlSecPtrList
- */
-typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
-typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
-
-struct _xmlSecNssKeySlot {
- CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
- PK11SlotInfo* slot ;
-} ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssKeySlotSetMechList(
- xmlSecNssKeySlotPtr keySlot ,
- CK_MECHANISM_TYPE_PTR mechanismList
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssKeySlotEnableMech(
- xmlSecNssKeySlotPtr keySlot ,
- CK_MECHANISM_TYPE mechanism
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssKeySlotDisableMech(
- xmlSecNssKeySlotPtr keySlot ,
- CK_MECHANISM_TYPE mechanism
-) ;
-
-XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
-xmlSecNssKeySlotGetMechList(
- xmlSecNssKeySlotPtr keySlot
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssKeySlotSetSlot(
- xmlSecNssKeySlotPtr keySlot ,
- PK11SlotInfo* slot
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssKeySlotInitialize(
- xmlSecNssKeySlotPtr keySlot ,
- PK11SlotInfo* slot
-) ;
-
-XMLSEC_CRYPTO_EXPORT void
-xmlSecNssKeySlotFinalize(
- xmlSecNssKeySlotPtr keySlot
-) ;
-
-XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
-xmlSecNssKeySlotGetSlot(
- xmlSecNssKeySlotPtr keySlot
-) ;
-
-XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-xmlSecNssKeySlotCreate() ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssKeySlotCopy(
- xmlSecNssKeySlotPtr newKeySlot ,
- xmlSecNssKeySlotPtr keySlot
-) ;
-
-XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-xmlSecNssKeySlotDuplicate(
- xmlSecNssKeySlotPtr keySlot
-) ;
-
-XMLSEC_CRYPTO_EXPORT void
-xmlSecNssKeySlotDestroy(
- xmlSecNssKeySlotPtr keySlot
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssKeySlotBindMech(
- xmlSecNssKeySlotPtr keySlot ,
- CK_MECHANISM_TYPE type
-) ;
-
-XMLSEC_CRYPTO_EXPORT int
-xmlSecNssKeySlotSupportMech(
- xmlSecNssKeySlotPtr keySlot ,
- CK_MECHANISM_TYPE type
-) ;
-
-
-/************************************************************************
- * PKCS#11 crypto token interfaces
- *
- * A PKCS#11 slot repository will be defined internally. From the
- * repository, a user can specify a particular slot for a certain crypto
- * mechanism.
- *
- * In some situation, some cryptographic operation should act in a user
- * designated devices. The interfaces defined here provide the way. If
- * the user do not initialize the repository distinctly, the interfaces
- * use the default functions provided by NSS itself.
- *
- ************************************************************************/
-/**
- * Initialize NSS pkcs#11 slot repository
- *
- * Returns 0 if success or -1 if an error occurs.
- */
-XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
-
-/**
- * Shutdown and destroy NSS pkcs#11 slot repository
- */
-XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
-
-/**
- * Get PKCS#11 slot handler
- * @type the mechanism that the slot must support.
- *
- * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
- *
- * Notes: The returned handler must be destroied distinctly.
- */
-XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
-
-/**
- * Adopt a pkcs#11 slot with a mechanism into the repository
- * @slot: the pkcs#11 slot.
- * @mech: the mechanism.
- *
- * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
- * this mechanism only can perform on the @slot.
- *
- * Returns 0 if success or -1 if an error occurs.
- */
-XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* __XMLSEC_NSS_TOKENS_H__ */
-
-
diff --git a/external/libxmlsec/src/akmngr_mscrypto.c b/external/libxmlsec/src/akmngr_mscrypto.c
deleted file mode 100644
index af9eef4..0000000
--- a/external/libxmlsec/src/akmngr_mscrypto.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/**
- * XMLSec library
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright.........................
- */
-#include "globals.h"
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/keysmngr.h>
-#include <xmlsec/transforms.h>
-#include <xmlsec/errors.h>
-
-#include <xmlsec/mscrypto/crypto.h>
-#include <xmlsec/mscrypto/keysstore.h>
-#include <xmlsec/mscrypto/akmngr.h>
-#include <xmlsec/mscrypto/x509.h>
-
-/**
- * xmlSecMSCryptoAppliedKeysMngrCreate:
- * @hKeyStore: the pointer to key store.
- * @hCertStore: the pointer to certificate database.
- *
- * Create and load key store and certificate database into keys manager
- *
- * Returns keys manager pointer on success or NULL otherwise.
- */
-xmlSecKeysMngrPtr
-xmlSecMSCryptoAppliedKeysMngrCreate(
- HCERTSTORE hKeyStore ,
- HCERTSTORE hCertStore
-) {
- xmlSecKeyDataStorePtr certStore = NULL ;
- xmlSecKeysMngrPtr keyMngr = NULL ;
- xmlSecKeyStorePtr keyStore = NULL ;
-
- keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
- if( keyStore == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeyStoreCreate" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return NULL ;
- }
-
- /*-
- * At present, MS Crypto engine do not provide a way to setup a key store.
- */
- if( keyStore != NULL ) {
- /*TODO: binding key store.*/
- }
-
- keyMngr = xmlSecKeysMngrCreate() ;
- if( keyMngr == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrCreate" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeyStoreDestroy( keyStore ) ;
- return NULL ;
- }
-
- /*-
- * Add key store to manager, from now on keys manager destroys the store if
- * needed
- */
- if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
- "xmlSecKeysMngrAdoptKeyStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeyStoreDestroy( keyStore ) ;
- xmlSecKeysMngrDestroy( keyMngr ) ;
- return NULL ;
- }
-
- /*-
- * Initialize crypto library specific data in keys manager
- */
- if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecMSCryptoKeysMngrInit" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeysMngrDestroy( keyMngr ) ;
- return NULL ;
- }
-
- /*-
- * Set certificate databse to X509 key data store
- */
- /*-
- * At present, MS Crypto engine do not provide a way to setup a cert store.
- */
-
- /*-
- * Set the getKey callback
- */
- keyMngr->getKey = xmlSecKeysMngrGetKey ;
-
- return keyMngr ;
-}
-
-int
-xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- HCRYPTKEY symKey
-) {
- /*TODO: import the key into keys manager.*/
- return(0) ;
-}
-
-int
-xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- HCRYPTKEY pubKey
-) {
- /*TODO: import the key into keys manager.*/
- return(0) ;
-}
-
-int
-xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- HCRYPTKEY priKey
-) {
- /*TODO: import the key into keys manager.*/
- return(0) ;
-}
-
-int
-xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
- xmlSecKeysMngrPtr mngr ,
- HCERTSTORE keyStore
-) {
- xmlSecKeyDataStorePtr x509Store ;
-
- xmlSecAssert2( mngr != NULL, -1 ) ;
- xmlSecAssert2( keyStore != NULL, -1 ) ;
-
- x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
- if( x509Store == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrGetDataStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( -1 ) ;
- }
-
- if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
- "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( -1 ) ;
- }
-
- return( 0 ) ;
-}
-
-int
-xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
- xmlSecKeysMngrPtr mngr ,
- HCERTSTORE trustedStore
-) {
- xmlSecKeyDataStorePtr x509Store ;
-
- xmlSecAssert2( mngr != NULL, -1 ) ;
- xmlSecAssert2( trustedStore != NULL, -1 ) ;
-
- x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
- if( x509Store == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrGetDataStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( -1 ) ;
- }
-
- if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
- "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( -1 ) ;
- }
-
- return( 0 ) ;
-}
-
-int
-xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
- xmlSecKeysMngrPtr mngr ,
- HCERTSTORE untrustedStore
-) {
- xmlSecKeyDataStorePtr x509Store ;
-
- xmlSecAssert2( mngr != NULL, -1 ) ;
- xmlSecAssert2( untrustedStore != NULL, -1 ) ;
-
- x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
- if( x509Store == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrGetDataStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( -1 ) ;
- }
-
- if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
- "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( -1 ) ;
- }
-
- return( 0 ) ;
-}
-
-
diff --git a/external/libxmlsec/src/akmngr_nss.c b/external/libxmlsec/src/akmngr_nss.c
deleted file mode 100644
index 0eddf86..0000000
--- a/external/libxmlsec/src/akmngr_nss.c
+++ /dev/null
@@ -1,384 +0,0 @@
-/**
- * XMLSec library
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright.........................
- */
-#include "globals.h"
-
-#include <nspr.h>
-#include <nss.h>
-#include <pk11func.h>
-#include <cert.h>
-#include <keyhi.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/transforms.h>
-#include <xmlsec/errors.h>
-
-#include <xmlsec/nss/crypto.h>
-#include <xmlsec/nss/tokens.h>
-#include <xmlsec/nss/akmngr.h>
-#include <xmlsec/nss/pkikeys.h>
-#include <xmlsec/nss/ciphers.h>
-#include <xmlsec/nss/keysstore.h>
-
-/**
- * xmlSecNssAppliedKeysMngrCreate:
- * @slot: array of pointers to NSS PKCS#11 slot information.
- * @cSlots: number of slots in the array
- * @handler: the pointer to NSS certificate database.
- *
- * Create and load NSS crypto slot and certificate database into keys manager
- *
- * Returns keys manager pointer on success or NULL otherwise.
- */
-xmlSecKeysMngrPtr
-xmlSecNssAppliedKeysMngrCreate(
- PK11SlotInfo** slots,
- int cSlots,
- CERTCertDBHandle* handler
-) {
- xmlSecKeyDataStorePtr certStore = NULL ;
- xmlSecKeysMngrPtr keyMngr = NULL ;
- xmlSecKeyStorePtr keyStore = NULL ;
- int islot = 0;
- keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
- if( keyStore == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeyStoreCreate" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return NULL ;
- }
-
- for (islot = 0; islot < cSlots; islot++)
- {
- xmlSecNssKeySlotPtr keySlot ;
-
- /* Create a key slot */
- keySlot = xmlSecNssKeySlotCreate() ;
- if( keySlot == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
- "xmlSecNssKeySlotCreate" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeyStoreDestroy( keyStore ) ;
- return NULL ;
- }
-
- /* Set slot */
- if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
- "xmlSecNssKeySlotSetSlot" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeyStoreDestroy( keyStore ) ;
- xmlSecNssKeySlotDestroy( keySlot ) ;
- return NULL ;
- }
-
- /* Adopt keySlot */
- if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
- "xmlSecNssKeysStoreAdoptKeySlot" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeyStoreDestroy( keyStore ) ;
- xmlSecNssKeySlotDestroy( keySlot ) ;
- return NULL ;
- }
- }
-
- keyMngr = xmlSecKeysMngrCreate() ;
- if( keyMngr == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrCreate" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeyStoreDestroy( keyStore ) ;
- return NULL ;
- }
-
- /*-
- * Add key store to manager, from now on keys manager destroys the store if
- * needed
- */
- if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
- "xmlSecKeysMngrAdoptKeyStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeyStoreDestroy( keyStore ) ;
- xmlSecKeysMngrDestroy( keyMngr ) ;
- return NULL ;
- }
-
- /*-
- * Initialize crypto library specific data in keys manager
- */
- if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrCreate" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeysMngrDestroy( keyMngr ) ;
- return NULL ;
- }
-
- /*-
- * Set certificate databse to X509 key data store
- */
- /**
- * Because Tej's implementation of certDB use the default DB, so I ignore
- * the certDB handler at present. I'll modify the cert store sources to
- * accept particular certDB instead of default ones.
- certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
- if( certStore == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
- "xmlSecKeysMngrGetDataStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeysMngrDestroy( keyMngr ) ;
- return NULL ;
- }
-
- if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
- "xmlSecNssKeyDataStoreX509SetCertDb" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
-
- xmlSecKeysMngrDestroy( keyMngr ) ;
- return NULL ;
- }
- */
-
- /*-
- * Set the getKey callback
- */
- keyMngr->getKey = xmlSecKeysMngrGetKey ;
-
- return keyMngr ;
-}
-
-int
-xmlSecNssAppliedKeysMngrSymKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- PK11SymKey* symKey
-) {
- xmlSecKeyPtr key ;
- xmlSecKeyDataPtr data ;
- xmlSecKeyStorePtr keyStore ;
-
- xmlSecAssert2( mngr != NULL , -1 ) ;
- xmlSecAssert2( symKey != NULL , -1 ) ;
-
- keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
- if( keyStore == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrGetKeysStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1) ;
- }
- xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-
- data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
- if( data == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSymKeyDataKeyAdopt" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1) ;
- }
-
- key = xmlSecKeyCreate() ;
- if( key == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSymKeyDataKeyAdopt" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecKeyDataDestroy( data ) ;
- return(-1) ;
- }
-
- if( xmlSecKeySetValue( key , data ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSymKeyDataKeyAdopt" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecKeyDataDestroy( data ) ;
- return(-1) ;
- }
-
- if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSymKeyDataKeyAdopt" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecKeyDestroy( key ) ;
- return(-1) ;
- }
-
- return(0) ;
-}
-
-int
-xmlSecNssAppliedKeysMngrPubKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- SECKEYPublicKey* pubKey
-) {
- xmlSecKeyPtr key ;
- xmlSecKeyDataPtr data ;
- xmlSecKeyStorePtr keyStore ;
-
- xmlSecAssert2( mngr != NULL , -1 ) ;
- xmlSecAssert2( pubKey != NULL , -1 ) ;
-
- keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
- if( keyStore == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrGetKeysStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1) ;
- }
- xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-
- data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
- if( data == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssPKIAdoptKey" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1) ;
- }
-
- key = xmlSecKeyCreate() ;
- if( key == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSymKeyDataKeyAdopt" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecKeyDataDestroy( data ) ;
- return(-1) ;
- }
-
- if( xmlSecKeySetValue( key , data ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSymKeyDataKeyAdopt" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecKeyDataDestroy( data ) ;
- return(-1) ;
- }
-
- if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSymKeyDataKeyAdopt" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecKeyDestroy( key ) ;
- return(-1) ;
- }
-
- return(0) ;
-}
-
-int
-xmlSecNssAppliedKeysMngrPriKeyLoad(
- xmlSecKeysMngrPtr mngr ,
- SECKEYPrivateKey* priKey
-) {
- xmlSecKeyPtr key ;
- xmlSecKeyDataPtr data ;
- xmlSecKeyStorePtr keyStore ;
-
- xmlSecAssert2( mngr != NULL , -1 ) ;
- xmlSecAssert2( priKey != NULL , -1 ) ;
-
- keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
- if( keyStore == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrGetKeysStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1) ;
- }
- xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-
- data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
- if( data == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssPKIAdoptKey" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1) ;
- }
-
- key = xmlSecKeyCreate() ;
- if( key == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSymKeyDataKeyAdopt" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecKeyDataDestroy( data ) ;
- return(-1) ;
- }
-
- if( xmlSecKeySetValue( key , data ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSymKeyDataKeyAdopt" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecKeyDataDestroy( data ) ;
- return(-1) ;
- }
-
- if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSymKeyDataKeyAdopt" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecKeyDestroy( key ) ;
- return(-1) ;
- }
-
- return(0) ;
-}
-
diff --git a/external/libxmlsec/src/keywrapers.c b/external/libxmlsec/src/keywrapers.c
deleted file mode 100644
index 6066724..0000000
--- a/external/libxmlsec/src/keywrapers.c
+++ /dev/null
@@ -1,1213 +0,0 @@
-/**
- *
- * XMLSec library
- *
- * AES Algorithm support
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright .................................
- */
-#include "globals.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <nss.h>
-#include <pk11func.h>
-#include <hasht.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/xmltree.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/transforms.h>
-#include <xmlsec/errors.h>
-
-#include <xmlsec/nss/crypto.h>
-#include <xmlsec/nss/ciphers.h>
-
-#define XMLSEC_NSS_AES128_KEY_SIZE 16
-#define XMLSEC_NSS_AES192_KEY_SIZE 24
-#define XMLSEC_NSS_AES256_KEY_SIZE 32
-#define XMLSEC_NSS_DES3_KEY_SIZE 24
-#define XMLSEC_NSS_DES3_KEY_LENGTH 24
-#define XMLSEC_NSS_DES3_IV_LENGTH 8
-#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
-
-static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
- 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
-};
-
-/*********************************************************************
- *
- * key wrap transforms
- *
- ********************************************************************/
-typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
-typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
-
-#define xmlSecNssKeyWrapSize \
- ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
-
-#define xmlSecNssKeyWrapGetCtx( transform ) \
- ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
-
-struct _xmlSecNssKeyWrapCtx {
- CK_MECHANISM_TYPE cipher ;
- PK11SymKey* symkey ;
- xmlSecKeyDataId keyId ;
- xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
-} ;
-
-static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
-static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
-static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
-
-static int
-xmlSecNssKeyWrapCheckId(
- xmlSecTransformPtr transform
-) {
- #ifndef XMLSEC_NO_DES
- if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
- return(1);
- }
- #endif /* XMLSEC_NO_DES */
-
- #ifndef XMLSEC_NO_AES
- if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
- xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
- xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
-
- return(1);
- }
- #endif /* XMLSEC_NO_AES */
-
- return(0);
-}
-
-static xmlSecSize
-xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
-#ifndef XMLSEC_NO_DES
- if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
- return(XMLSEC_NSS_DES3_KEY_SIZE);
- } else
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
- if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
- return(XMLSEC_NSS_AES128_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
- return(XMLSEC_NSS_AES192_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
- return(XMLSEC_NSS_AES256_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
- return(XMLSEC_NSS_AES256_KEY_SIZE);
- } else
-#endif /* XMLSEC_NO_AES */
-
- if(1)
- return(0);
-}
-
-
-static int
-xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
- xmlSecNssKeyWrapCtxPtr context ;
- int ret;
-
- xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
-
- context = xmlSecNssKeyWrapGetCtx( transform ) ;
- xmlSecAssert2( context != NULL , -1 ) ;
-
- #ifndef XMLSEC_NO_DES
- if( transform->id == xmlSecNssTransformKWDes3Id ) {
- context->cipher = CKM_DES3_CBC ;
- context->keyId = xmlSecNssKeyDataDesId ;
- } else
- #endif /* XMLSEC_NO_DES */
-
- #ifndef XMLSEC_NO_AES
- if( transform->id == xmlSecNssTransformKWAes128Id ) {
- /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
- context->cipher = CKM_AES_CBC ;
- context->keyId = xmlSecNssKeyDataAesId ;
- } else
- if( transform->id == xmlSecNssTransformKWAes192Id ) {
- /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
- context->cipher = CKM_AES_CBC ;
- context->keyId = xmlSecNssKeyDataAesId ;
- } else
- if( transform->id == xmlSecNssTransformKWAes256Id ) {
- /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
- context->cipher = CKM_AES_CBC ;
- context->keyId = xmlSecNssKeyDataAesId ;
- } else
- #endif /* XMLSEC_NO_AES */
-
-
- if( 1 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- context->symkey = NULL ;
- context->material = NULL ;
-
- return(0);
-}
-
-static void
-xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
- xmlSecNssKeyWrapCtxPtr context ;
-
- xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
-
- context = xmlSecNssKeyWrapGetCtx( transform ) ;
- xmlSecAssert( context != NULL ) ;
-
- if( context->symkey != NULL ) {
- PK11_FreeSymKey( context->symkey ) ;
- context->symkey = NULL ;
- }
-
- if( context->material != NULL ) {
- xmlSecBufferDestroy(context->material);
- context->material = NULL ;
- }
-}
-
-static int
-xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecNssKeyWrapCtxPtr context ;
- xmlSecSize cipherSize = 0 ;
-
-
- xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(keyReq != NULL, -1);
-
- context = xmlSecNssKeyWrapGetCtx( transform ) ;
- xmlSecAssert2( context != NULL , -1 ) ;
-
- keyReq->keyId = context->keyId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
- } else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
- }
-
- keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
-
- return(0);
-}
-
-static int
-xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecNssKeyWrapCtxPtr context = NULL ;
- xmlSecKeyDataPtr keyData = NULL ;
- PK11SymKey* symkey = NULL ;
-
- xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(key != NULL, -1);
-
- context = xmlSecNssKeyWrapGetCtx( transform ) ;
- if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- "xmlSecNssKeyWrapGetCtx" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
- xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
-
- keyData = xmlSecKeyGetValue( key ) ;
- if( keyData == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
- "xmlSecKeyGetValue" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
- "xmlSecNssSymKeyDataGetKey" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- context->symkey = symkey ;
-
- return(0) ;
-}
-
-/**
- * key wrap transform
- */
-static int
-xmlSecNssKeyWrapCtxInit(
- xmlSecNssKeyWrapCtxPtr ctx ,
- xmlSecBufferPtr in ,
- xmlSecBufferPtr out ,
- int encrypt ,
- xmlSecTransformCtxPtr transformCtx
-) {
- xmlSecSize blockSize ;
-
- xmlSecAssert2( ctx != NULL , -1 ) ;
- xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
- xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
- xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2( in != NULL , -1 ) ;
- xmlSecAssert2( out != NULL , -1 ) ;
- xmlSecAssert2( transformCtx != NULL , -1 ) ;
-
- if( ctx->material != NULL ) {
- xmlSecBufferDestroy( ctx->material ) ;
- ctx->material = NULL ;
- }
-
- if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_GetBlockSize" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- ctx->material = xmlSecBufferCreate( blockSize ) ;
- if( ctx->material == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferCreate" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- /* read raw key material into context */
- if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferSetData" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferRemoveHead" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- return(0);
-}
-
-/**
- * key wrap transform update
- */
-static int
-xmlSecNssKeyWrapCtxUpdate(
- xmlSecNssKeyWrapCtxPtr ctx ,
- xmlSecBufferPtr in ,
- xmlSecBufferPtr out ,
- int encrypt ,
- xmlSecTransformCtxPtr transformCtx
-) {
- xmlSecAssert2( ctx != NULL , -1 ) ;
- xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
- xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
- xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2( ctx->material != NULL , -1 ) ;
- xmlSecAssert2( in != NULL , -1 ) ;
- xmlSecAssert2( out != NULL , -1 ) ;
- xmlSecAssert2( transformCtx != NULL , -1 ) ;
-
- /* read raw key material and append into context */
- if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferAppend" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferRemoveHead" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- return(0);
-}
-
-static int
-xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
- xmlSecSize s;
- xmlSecSize i;
- xmlSecByte c;
-
- xmlSecAssert2(buf != NULL, -1);
-
- s = size / 2;
- --size;
- for(i = 0; i < s; ++i) {
- c = buf[i];
- buf[i] = buf[size - i];
- buf[size - i] = c;
- }
- return(0);
-}
-
-static xmlSecByte *
-xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize)
-{
- PK11Context *context = NULL;
- SECStatus s;
- xmlSecByte *digest = NULL;
- unsigned int len;
-
- xmlSecAssert2(in != NULL, NULL);
- xmlSecAssert2(out != NULL, NULL);
- xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
-
- /* Create a context for hashing (digesting) */
- context = PK11_CreateDigestContext(SEC_OID_SHA1);
- if (context == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_CreateDigestContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code = %d", PORT_GetError());
- goto done;
- }
-
- s = PK11_DigestBegin(context);
- if (s != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_DigestBegin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code = %d", PORT_GetError());
- goto done;
- }
-
- s = PK11_DigestOp(context, in, inSize);
- if (s != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_DigestOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code = %d", PORT_GetError());
- goto done;
- }
-
- s = PK11_DigestFinal(context, out, &len, outSize);
- if (s != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code = %d", PORT_GetError());
- goto done;
- }
- xmlSecAssert2(len == SHA1_LENGTH, NULL);
-
- digest = out;
-
-done:
- if (context != NULL) {
- PK11_DestroyContext(context, PR_TRUE);
- }
- return (digest);
-}
-
-static int
-xmlSecNssKWDes3Encrypt(
- PK11SymKey* symKey ,
- CK_MECHANISM_TYPE cipherMech ,
- const xmlSecByte* iv ,
- xmlSecSize ivSize ,
- const xmlSecByte* in ,
- xmlSecSize inSize ,
- xmlSecByte* out ,
- xmlSecSize outSize ,
- int enc
-) {
- PK11Context* EncContext = NULL;
- SECItem ivItem ;
- SECItem* secParam = NULL ;
- int tmp1_outlen;
- unsigned int tmp2_outlen;
- int result_len = -1;
- SECStatus rv;
-
- xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
- xmlSecAssert2( symKey != NULL , -1 ) ;
- xmlSecAssert2(iv != NULL, -1);
- xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
-
- /* Prepare IV */
- ivItem.data = ( unsigned char* )iv ;
- ivItem.len = ivSize ;
-
- secParam = PK11_ParamFromIV(cipherMech, &ivItem);
- if (secParam == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_ParamFromIV",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "Error code = %d", PORT_GetError());
- goto done;
- }
-
- EncContext = PK11_CreateContextBySymKey(cipherMech,
- enc ? CKA_ENCRYPT : CKA_DECRYPT,
- symKey, secParam);
- if (EncContext == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_CreateContextBySymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "Error code = %d", PORT_GetError());
- goto done;
- }
-
- tmp1_outlen = tmp2_outlen = 0;
- rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
- (unsigned char *)in, inSize);
- if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_CipherOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "Error code = %d", PORT_GetError());
- goto done;
- }
-
- rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
- &tmp2_outlen, outSize-tmp1_outlen);
- if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "Error code = %d", PORT_GetError());
- goto done;
- }
-
- result_len = tmp1_outlen + tmp2_outlen;
-
-done:
- if (secParam) {
- SECITEM_FreeItem(secParam, PR_TRUE);
- }
- if (EncContext) {
- PK11_DestroyContext(EncContext, PR_TRUE);
- }
-
- return(result_len);
-}
-
-static int
-xmlSecNssKeyWrapDesOp(
- xmlSecNssKeyWrapCtxPtr ctx ,
- int encrypt ,
- xmlSecBufferPtr result
-) {
- xmlSecByte sha1[SHA1_LENGTH];
- xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
- xmlSecByte* in;
- xmlSecSize inSize;
- xmlSecByte* out;
- xmlSecSize outSize;
- xmlSecSize s;
- int ret;
- SECStatus status;
-
- xmlSecAssert2( ctx != NULL , -1 ) ;
- xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
- xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
- xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2( ctx->material != NULL , -1 ) ;
- xmlSecAssert2( result != NULL , -1 ) ;
-
- in = xmlSecBufferGetData(ctx->material);
- inSize = xmlSecBufferGetSize(ctx->material) ;
- out = xmlSecBufferGetData(result);
- outSize = xmlSecBufferGetMaxSize(result) ;
- if( encrypt ) {
- /* step 2: calculate sha1 and CMS */
- if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssComputeSHA1",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* step 3: construct WKCKS */
- memcpy(out, in, inSize);
- memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
-
- /* step 4: generate random iv */
- status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
- if(status != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_GenerateRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code = %d", PORT_GetError());
- return(-1);
- }
-
- /* step 5: first encryption, result is TEMP1 */
- ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
- iv, XMLSEC_NSS_DES3_IV_LENGTH,
- out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
- out, outSize, 1);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* step 6: construct TEMP2=IV || TEMP1 */
- memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
- inSize + XMLSEC_NSS_DES3_IV_LENGTH);
- memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
- s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
-
- /* step 7: reverse octets order, result is TEMP3 */
- ret = xmlSecNssKWDes3BufferReverse(out, s);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3BufferReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* step 8: second encryption with static IV */
- ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
- xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
- out, s,
- out, outSize, 1);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- s = ret;
-
- if( xmlSecBufferSetSize( result , s ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } else {
- /* step 2: first decryption with static IV, result is TEMP3 */
- ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
- xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
- in, inSize,
- out, outSize, 0);
- if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- s = ret;
-
- /* step 3: reverse octets order in TEMP3, result is TEMP2 */
- ret = xmlSecNssKWDes3BufferReverse(out, s);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3BufferReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
- ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
- out, XMLSEC_NSS_DES3_IV_LENGTH,
- out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
- out, outSize, 0);
- if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
-
- /* steps 6 and 7: calculate SHA1 and validate it */
- if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssComputeSHA1",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "SHA1 does not match");
- return(-1);
- }
-
- if( xmlSecBufferSetSize( result , s ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- return(0);
-}
-
-static int
-xmlSecNssKeyWrapAesOp(
- xmlSecNssKeyWrapCtxPtr ctx ,
- int encrypt ,
- xmlSecBufferPtr result
-) {
- PK11Context* cipherCtx = NULL;
- SECItem ivItem ;
- SECItem* secParam = NULL ;
- xmlSecSize inSize ;
- xmlSecSize inBlocks ;
- int blockSize ;
- int midSize ;
- int finSize ;
- xmlSecByte* out ;
- xmlSecSize outSize;
-
- xmlSecAssert2( ctx != NULL , -1 ) ;
- xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
- xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
- xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2( ctx->material != NULL , -1 ) ;
- xmlSecAssert2( result != NULL , -1 ) ;
-
- /* Do not set any IV */
- memset(&ivItem, 0, sizeof(ivItem));
-
- /* Get block size */
- if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_GetBlockSize" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- inSize = xmlSecBufferGetSize( ctx->material ) ;
- if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferSetMaxSize" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- /* Get Param for context initialization */
- if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_ParamFromIV" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
- if( cipherCtx == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_CreateContextBySymKey" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- SECITEM_FreeItem( secParam , PR_TRUE ) ;
- return(-1);
- }
-
- out = xmlSecBufferGetData(result) ;
- outSize = xmlSecBufferGetMaxSize(result) ;
- if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_CipherOp" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_DigestFinal" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferSetSize" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- return 0 ;
-}
-
-/**
- * Block cipher transform final
- */
-static int
-xmlSecNssKeyWrapCtxFinal(
- xmlSecNssKeyWrapCtxPtr ctx ,
- xmlSecBufferPtr in ,
- xmlSecBufferPtr out ,
- int encrypt ,
- xmlSecTransformCtxPtr transformCtx
-) {
- PK11SymKey* targetKey ;
- xmlSecSize blockSize ;
- xmlSecBufferPtr result ;
-
- xmlSecAssert2( ctx != NULL , -1 ) ;
- xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
- xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
- xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2( ctx->material != NULL , -1 ) ;
- xmlSecAssert2( in != NULL , -1 ) ;
- xmlSecAssert2( out != NULL , -1 ) ;
- xmlSecAssert2( transformCtx != NULL , -1 ) ;
-
- /* read raw key material and append into context */
- if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferAppend" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferRemoveHead" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- /* Now we get all of the key materail */
- /* from now on we will wrap or unwrap the key */
- if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_GetBlockSize" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- result = xmlSecBufferCreate( blockSize ) ;
- if( result == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferCreate" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- switch( ctx->cipher ) {
- case CKM_DES3_CBC :
- if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssKeyWrapDesOp" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecBufferDestroy(result);
- return(-1);
- }
- break ;
- /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
- case CKM_AES_CBC :
- if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssKeyWrapAesOp" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecBufferDestroy(result);
- return(-1);
- }
- break ;
- }
-
- /* Write output */
- if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferAppend" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecBufferDestroy(result);
- return(-1);
- }
- xmlSecBufferDestroy(result);
-
- return(0);
-}
-
-static int
-xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecNssKeyWrapCtxPtr context = NULL ;
- xmlSecBufferPtr inBuf, outBuf ;
- int operation ;
- int rtv ;
-
- xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
- xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
- xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
- xmlSecAssert2( transformCtx != NULL , -1 ) ;
-
- context = xmlSecNssKeyWrapGetCtx( transform ) ;
- if( context == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- "xmlSecNssKeyWrapGetCtx" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- inBuf = &( transform->inBuf ) ;
- outBuf = &( transform->outBuf ) ;
-
- if( transform->status == xmlSecTransformStatusNone ) {
- transform->status = xmlSecTransformStatusWorking ;
- }
-
- operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
- if( transform->status == xmlSecTransformStatusWorking ) {
- if( context->material == NULL ) {
- rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
- if( rtv < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- "xmlSecNssKeyWrapCtxInit" ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
- }
-
- if( context->material == NULL && last != 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- NULL ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- "No enough data to intialize transform" ) ;
- return(-1);
- }
-
- if( context->material != NULL ) {
- rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
- if( rtv < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- "xmlSecNssKeyWrapCtxUpdate" ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
- }
-
- if( last ) {
- rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
- if( rtv < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- "xmlSecNssKeyWrapCtxFinal" ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished ;
- }
- } else if( transform->status == xmlSecTransformStatusFinished ) {
- if( xmlSecBufferGetSize( inBuf ) != 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- NULL ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- "status=%d", transform->status ) ;
- return(-1);
- }
- } else {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- NULL ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- "status=%d", transform->status ) ;
- return(-1);
- }
-
- return(0);
-}
-
-#ifndef XMLSEC_NO_AES
-
-
-#ifdef __MINGW32__ // for runtime-pseudo-reloc
-static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
-#else
-static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
-#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes128, /* const xmlChar* name; */
- xmlSecHrefKWAes128, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-#ifdef __MINGW32__ // for runtime-pseudo-reloc
-static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
-#else
-static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
-#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes192, /* const xmlChar* name; */
- xmlSecHrefKWAes192, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-#ifdef __MINGW32__ // for runtime-pseudo-reloc
-static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
-#else
-static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
-#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes256, /* const xmlChar* name; */
- xmlSecHrefKWAes256, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecNssTransformKWAes128GetKlass:
- *
- * The AES-128 key wrapper transform klass.
- *
- * Returns AES-128 key wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecNssTransformKWAes128GetKlass(void) {
- return(&xmlSecNssKWAes128Klass);
-}
-
-/**
- * xmlSecNssTransformKWAes192GetKlass:
- *
- * The AES-192 key wrapper transform klass.
- *
- * Returns AES-192 key wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecNssTransformKWAes192GetKlass(void) {
- return(&xmlSecNssKWAes192Klass);
-}
-
-/**
- *
- * The AES-256 key wrapper transform klass.
- *
- * Returns AES-256 key wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecNssTransformKWAes256GetKlass(void) {
- return(&xmlSecNssKWAes256Klass);
-}
-
-#endif /* XMLSEC_NO_AES */
-
-
-#ifndef XMLSEC_NO_DES
-
-#ifdef __MINGW32__ // for runtime-pseudo-reloc
-static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
-#else
-static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
-#endif
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
-
- xmlSecNameKWDes3, /* const xmlChar* name; */
- xmlSecHrefKWDes3, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecNssTransformKWDes3GetKlass:
- *
- * The Triple DES key wrapper transform klass.
- *
- * Returns Triple DES key wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecNssTransformKWDes3GetKlass(void) {
- return(&xmlSecNssKWDes3Klass);
-}
-
-#endif /* XMLSEC_NO_DES */
-
diff --git a/external/libxmlsec/src/tokens.c b/external/libxmlsec/src/tokens.c
deleted file mode 100644
index 25c1fb0..0000000
--- a/external/libxmlsec/src/tokens.c
+++ /dev/null
@@ -1,548 +0,0 @@
-/**
- * XMLSec library
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright..................................
- *
- * Contributor(s): _____________________________
- *
- */
-
-/**
- * In order to ensure that particular crypto operation is performed on
- * particular crypto device, a subclass of xmlSecList is used to store slot and
- * mechanism information.
- *
- * In the list, a slot is bound with a mechanism. If the mechanism is available,
- * this mechanism only can perform on the slot; otherwise, it can perform on
- * every eligibl slot in the list.
- *
- * When try to find a slot for a particular mechanism, the slot bound with
- * available mechanism will be looked up firstly.
- */
-#include "globals.h"
-#include <string.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/errors.h>
-#include <xmlsec/list.h>
-
-#include <xmlsec/nss/tokens.h>
-
-int
-xmlSecNssKeySlotSetMechList(
- xmlSecNssKeySlotPtr keySlot ,
- CK_MECHANISM_TYPE_PTR mechanismList
-) {
- int counter ;
-
- xmlSecAssert2( keySlot != NULL , -1 ) ;
-
- if( keySlot->mechanismList != CK_NULL_PTR ) {
- xmlFree( keySlot->mechanismList ) ;
-
- for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
- keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
- if( keySlot->mechanismList == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( -1 );
- }
- for( ; counter >= 0 ; counter -- )
- *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
- }
-
- return( 0 );
-}
-
-int
-xmlSecNssKeySlotEnableMech(
- xmlSecNssKeySlotPtr keySlot ,
- CK_MECHANISM_TYPE mechanism
-) {
- int counter ;
- CK_MECHANISM_TYPE_PTR newList ;
-
- xmlSecAssert2( keySlot != NULL , -1 ) ;
-
- if( mechanism != CKM_INVALID_MECHANISM ) {
- for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
- newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
- if( newList == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( -1 );
- }
- *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
- *( newList + counter ) = mechanism ;
- for( counter -= 1 ; counter >= 0 ; counter -- )
- *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
-
- xmlFree( keySlot->mechanismList ) ;
- keySlot->mechanismList = newList ;
- }
-
- return(0);
-}
-
-int
-xmlSecNssKeySlotDisableMech(
- xmlSecNssKeySlotPtr keySlot ,
- CK_MECHANISM_TYPE mechanism
-) {
- int counter ;
-
- xmlSecAssert2( keySlot != NULL , -1 ) ;
-
- for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
- if( *( keySlot->mechanismList + counter ) == mechanism ) {
- for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
- *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
- }
-
- break ;
- }
- }
-
- return(0);
-}
-
-CK_MECHANISM_TYPE_PTR
-xmlSecNssKeySlotGetMechList(
- xmlSecNssKeySlotPtr keySlot
-) {
- if( keySlot != NULL )
- return keySlot->mechanismList ;
- else
- return NULL ;
-}
-
-int
-xmlSecNssKeySlotSetSlot(
- xmlSecNssKeySlotPtr keySlot ,
- PK11SlotInfo* slot
-) {
- xmlSecAssert2( keySlot != NULL , -1 ) ;
-
- if( slot != NULL && keySlot->slot != slot ) {
- if( keySlot->slot != NULL )
- PK11_FreeSlot( keySlot->slot ) ;
-
- if( keySlot->mechanismList != NULL ) {
- xmlFree( keySlot->mechanismList ) ;
- keySlot->mechanismList = NULL ;
- }
-
- keySlot->slot = PK11_ReferenceSlot( slot ) ;
- }
-
- return(0);
-}
-
-int
-xmlSecNssKeySlotInitialize(
- xmlSecNssKeySlotPtr keySlot ,
- PK11SlotInfo* slot
-) {
- xmlSecAssert2( keySlot != NULL , -1 ) ;
- xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
- xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
-
- if( slot != NULL ) {
- keySlot->slot = PK11_ReferenceSlot( slot ) ;
- }
-
- return(0);
-}
-
-void
-xmlSecNssKeySlotFinalize(
- xmlSecNssKeySlotPtr keySlot
-) {
- xmlSecAssert( keySlot != NULL ) ;
-
- if( keySlot->mechanismList != NULL ) {
- xmlFree( keySlot->mechanismList ) ;
- keySlot->mechanismList = NULL ;
- }
-
- if( keySlot->slot != NULL ) {
- PK11_FreeSlot( keySlot->slot ) ;
- keySlot->slot = NULL ;
- }
-
-}
-
-PK11SlotInfo*
-xmlSecNssKeySlotGetSlot(
- xmlSecNssKeySlotPtr keySlot
-) {
- if( keySlot != NULL )
- return keySlot->slot ;
- else
- return NULL ;
-}
-
-xmlSecNssKeySlotPtr
-xmlSecNssKeySlotCreate() {
- xmlSecNssKeySlotPtr keySlot ;
-
- /* Allocates a new xmlSecNssKeySlot and fill the fields */
- keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
- if( keySlot == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( NULL );
- }
- memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
-
- return( keySlot ) ;
-}
-
-int
-xmlSecNssKeySlotCopy(
- xmlSecNssKeySlotPtr newKeySlot ,
- xmlSecNssKeySlotPtr keySlot
-) {
- CK_MECHANISM_TYPE_PTR mech ;
- int counter ;
-
- xmlSecAssert2( newKeySlot != NULL , -1 ) ;
- xmlSecAssert2( keySlot != NULL , -1 ) ;
-
- if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
- if( newKeySlot->slot != NULL )
- PK11_FreeSlot( newKeySlot->slot ) ;
-
- newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
- }
-
- if( keySlot->mechanismList != CK_NULL_PTR ) {
- xmlFree( newKeySlot->mechanismList ) ;
-
- for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
- newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
- if( newKeySlot->mechanismList == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( -1 );
- }
- for( ; counter >= 0 ; counter -- )
- *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
- }
-
- return( 0 );
-}
-
-xmlSecNssKeySlotPtr
-xmlSecNssKeySlotDuplicate(
- xmlSecNssKeySlotPtr keySlot
-) {
- xmlSecNssKeySlotPtr newKeySlot ;
- int ret ;
-
- xmlSecAssert2( keySlot != NULL , NULL ) ;
-
- newKeySlot = xmlSecNssKeySlotCreate() ;
- if( newKeySlot == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( NULL );
- }
-
- if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( NULL );
- }
-
- return( newKeySlot );
-}
-
-void
-xmlSecNssKeySlotDestroy(
- xmlSecNssKeySlotPtr keySlot
-) {
- xmlSecAssert( keySlot != NULL ) ;
-
- if( keySlot->mechanismList != NULL )
- xmlFree( keySlot->mechanismList ) ;
-
- if( keySlot->slot != NULL )
- PK11_FreeSlot( keySlot->slot ) ;
-
- xmlFree( keySlot ) ;
-}
-
-int
-xmlSecNssKeySlotBindMech(
- xmlSecNssKeySlotPtr keySlot ,
- CK_MECHANISM_TYPE type
-) {
- int counter ;
-
- xmlSecAssert2( keySlot != NULL , 0 ) ;
- xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
- xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
-
- for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
- if( *( keySlot->mechanismList + counter ) == type )
- return(1) ;
- }
-
- return( 0 ) ;
-}
-
-int
-xmlSecNssKeySlotSupportMech(
- xmlSecNssKeySlotPtr keySlot ,
- CK_MECHANISM_TYPE type
-) {
- xmlSecAssert2( keySlot != NULL , 0 ) ;
- xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
- xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
-
- if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
- return(1);
- } else
- return(0);
-}
-
-void
-xmlSecNssKeySlotDebugDump(
- xmlSecNssKeySlotPtr keySlot ,
- FILE* output
-) {
- xmlSecAssert( keySlot != NULL ) ;
- xmlSecAssert( output != NULL ) ;
-
- fprintf( output, "== KEY SLOT\n" );
-}
-
-void
-xmlSecNssKeySlotDebugXmlDump(
- xmlSecNssKeySlotPtr keySlot ,
- FILE* output
-) {
-}
-
-/**
- * Key Slot List
- */
-#ifdef __MINGW32__ // for runtime-pseudo-reloc
-static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
-#else
-static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
-#endif
- BAD_CAST "mechanism-list",
- (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
- (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
- (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
- (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
-};
-
-xmlSecPtrListId
-xmlSecNssKeySlotListGetKlass(void) {
- return(&xmlSecNssKeySlotPtrListKlass);
-}
-
-
-/*-
- * Global PKCS#11 crypto token repository -- Key slot list
- */
-static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
-
-PK11SlotInfo*
-xmlSecNssSlotGet(
- CK_MECHANISM_TYPE type
-) {
- PK11SlotInfo* slot = NULL ;
- xmlSecNssKeySlotPtr keySlot ;
- xmlSecSize ksSize ;
- xmlSecSize ksPos ;
- char flag ;
-
- if( _xmlSecNssKeySlotList == NULL ) {
- slot = PK11_GetBestSlot( type , NULL ) ;
- } else {
- ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
-
- /*-
- * Firstly, checking whether the mechanism is bound with a special slot.
- * If no bound slot, we try to find the first eligible slot in the list.
- */
- for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
- keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
- if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
- slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
- flag = 2 ;
- } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
- slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
- flag = 1 ;
- }
-
- if( flag == 2 )
- break ;
- }
- if( slot != NULL )
- slot = PK11_ReferenceSlot( slot ) ;
- }
-
- if( slot != NULL && PK11_NeedLogin( slot ) ) {
- if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- PK11_FreeSlot( slot ) ;
- return( NULL );
- }
- }
-
- return slot ;
-}
-
-int
-xmlSecNssSlotInitialize(
- void
-) {
- if( _xmlSecNssKeySlotList != NULL ) {
- xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
- _xmlSecNssKeySlotList = NULL ;
- }
-
- _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
- if( _xmlSecNssKeySlotList == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return( -1 );
- }
-
- return(0);
-}
-
-void
-xmlSecNssSlotShutdown(
- void
-) {
- if( _xmlSecNssKeySlotList != NULL ) {
- xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
- _xmlSecNssKeySlotList = NULL ;
- }
-}
-
-int
-xmlSecNssSlotAdopt(
- PK11SlotInfo* slot,
- CK_MECHANISM_TYPE type
-) {
- xmlSecNssKeySlotPtr keySlot ;
- xmlSecSize ksSize ;
- xmlSecSize ksPos ;
- char flag ;
-
- xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
- xmlSecAssert2( slot != NULL, -1 ) ;
-
- ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
-
- /*-
- * Firstly, checking whether the slot is in the repository already.
- */
- flag = 0 ;
- for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
- keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
- /* If find the slot in the list */
- if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
- /* If mechnism type is valid, bind the slot with the mechanism */
- if( type != CKM_INVALID_MECHANISM ) {
- if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
- }
-
- flag = 1 ;
- }
- }
-
- /* If the slot do not in the list, add a new item to the list */
- if( flag == 0 ) {
- /* Create a new KeySlot */
- keySlot = xmlSecNssKeySlotCreate() ;
- if( keySlot == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- /* Initialize the keySlot with a slot */
- if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecNssKeySlotDestroy( keySlot ) ;
- return(-1);
- }
-
- /* If mechnism type is valid, bind the slot with the mechanism */
- if( type != CKM_INVALID_MECHANISM ) {
- if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecNssKeySlotDestroy( keySlot ) ;
- return(-1);
- }
- }
-
- /* Add keySlot into the list */
- if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecNssKeySlotDestroy( keySlot ) ;
- return(-1);
- }
- }
-
- return(0);
-}
-
diff --git a/external/libxmlsec/xmlsec1-customkeymanage.patch b/external/libxmlsec/xmlsec1-customkeymanage.patch.1
similarity index 56%
rename from external/libxmlsec/xmlsec1-customkeymanage.patch
rename to external/libxmlsec/xmlsec1-customkeymanage.patch.1
index 1881ea9..d261d73 100644
--- a/external/libxmlsec/xmlsec1-customkeymanage.patch
+++ b/external/libxmlsec/xmlsec1-customkeymanage.patch.1
@@ -1,6 +1,47 @@
---- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200
-@@ -3,6 +3,7 @@
+From a74ad2cada3cd652f08679d65cb6e1ef3acad21c Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos at collabora.co.uk>
+Date: Fri, 4 Mar 2016 16:19:12 +0100
+Subject: [PATCH] xmlsec1-customkeymanage.patch
+
+---
+ include/xmlsec/mscrypto/Makefile.am | 1 +
+ include/xmlsec/mscrypto/Makefile.in | 1 +
+ include/xmlsec/mscrypto/akmngr.h | 71 ++
+ include/xmlsec/nss/Makefile.am | 3 +
+ include/xmlsec/nss/Makefile.in | 3 +
+ include/xmlsec/nss/akmngr.h | 56 ++
+ include/xmlsec/nss/app.h | 5 +
+ include/xmlsec/nss/ciphers.h | 35 +
+ include/xmlsec/nss/keysstore.h | 4 +
+ include/xmlsec/nss/tokens.h | 182 ++++++
+ src/mscrypto/akmngr.c | 236 +++++++
+ src/nss/Makefile.am | 3 +
+ src/nss/Makefile.in | 30 +-
+ src/nss/akmngr.c | 384 +++++++++++
+ src/nss/hmac.c | 8 +-
+ src/nss/keysstore.c | 830 ++++++++++++++++--------
+ src/nss/keywrapers.c | 1213 +++++++++++++++++++++++++++++++++++
+ src/nss/pkikeys.c | 51 +-
+ src/nss/symkeys.c | 717 ++++++++++++++++++++-
+ src/nss/tokens.c | 548 ++++++++++++++++
+ src/nss/x509.c | 547 ++++------------
+ src/nss/x509vfy.c | 303 +++------
+ win32/Makefile.msvc | 4 +
+ 23 files changed, 4275 insertions(+), 960 deletions(-)
+ create mode 100644 include/xmlsec/mscrypto/akmngr.h
+ create mode 100644 include/xmlsec/nss/akmngr.h
+ create mode 100644 include/xmlsec/nss/ciphers.h
+ create mode 100644 include/xmlsec/nss/tokens.h
+ create mode 100644 src/mscrypto/akmngr.c
+ create mode 100644 src/nss/akmngr.c
+ create mode 100644 src/nss/keywrapers.c
+ create mode 100644 src/nss/tokens.c
+
+diff --git a/include/xmlsec/mscrypto/Makefile.am b/include/xmlsec/mscrypto/Makefile.am
+index 18dff94..44837b6 100644
+--- a/include/xmlsec/mscrypto/Makefile.am
++++ b/include/xmlsec/mscrypto/Makefile.am
+@@ -3,6 +3,7 @@ NULL =
xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
xmlsecmscryptoinc_HEADERS = \
@@ -8,9 +49,11 @@
app.h \
certkeys.h \
crypto.h \
---- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200
-@@ -281,6 +281,7 @@
+diff --git a/include/xmlsec/mscrypto/Makefile.in b/include/xmlsec/mscrypto/Makefile.in
+index 1570c0f..1d02a06 100644
+--- a/include/xmlsec/mscrypto/Makefile.in
++++ b/include/xmlsec/mscrypto/Makefile.in
+@@ -281,6 +281,7 @@ top_srcdir = @top_srcdir@
NULL =
xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
xmlsecmscryptoinc_HEADERS = \
@@ -18,9 +61,88 @@
app.h \
certkeys.h \
crypto.h \
---- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200
-@@ -10,6 +10,9 @@
+diff --git a/include/xmlsec/mscrypto/akmngr.h b/include/xmlsec/mscrypto/akmngr.h
+new file mode 100644
+index 0000000..4858192
+--- /dev/null
++++ b/include/xmlsec/mscrypto/akmngr.h
+@@ -0,0 +1,71 @@
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright ..........................
++ */
++#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
++#define __XMLSEC_MSCRYPTO_AKMNGR_H__
++
++#include <windows.h>
++#include <wincrypt.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
++xmlSecMSCryptoAppliedKeysMngrCreate(
++ HCERTSTORE keyStore ,
++ HCERTSTORE certStore
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY symKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY pubKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY priKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE keyStore
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE trustedStore
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE untrustedStore
++) ;
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
++
++
+diff --git a/include/xmlsec/nss/Makefile.am b/include/xmlsec/nss/Makefile.am
+index e352162..997ca7f 100644
+--- a/include/xmlsec/nss/Makefile.am
++++ b/include/xmlsec/nss/Makefile.am
+@@ -10,6 +10,9 @@ bignum.h \
keysstore.h \
pkikeys.h \
x509.h \
@@ -30,9 +152,11 @@
$(NULL)
install-exec-hook:
---- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200
-@@ -288,6 +288,9 @@
+diff --git a/include/xmlsec/nss/Makefile.in b/include/xmlsec/nss/Makefile.in
+index cd99f9d..3fb47cf 100644
+--- a/include/xmlsec/nss/Makefile.in
++++ b/include/xmlsec/nss/Makefile.in
+@@ -288,6 +288,9 @@ bignum.h \
keysstore.h \
pkikeys.h \
x509.h \
@@ -42,9 +166,73 @@
$(NULL)
all: all-am
---- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200
-@@ -22,6 +22,9 @@
+diff --git a/include/xmlsec/nss/akmngr.h b/include/xmlsec/nss/akmngr.h
+new file mode 100644
+index 0000000..8053511
+--- /dev/null
++++ b/include/xmlsec/nss/akmngr.h
+@@ -0,0 +1,56 @@
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright ..........................
++ */
++#ifndef __XMLSEC_NSS_AKMNGR_H__
++#define __XMLSEC_NSS_AKMNGR_H__
++
++#include <nss.h>
++#include <nspr.h>
++#include <pk11func.h>
++#include <cert.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
++xmlSecNssAppliedKeysMngrCreate(
++ PK11SlotInfo** slots,
++ int cSlots,
++ CERTCertDBHandle* handler
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssAppliedKeysMngrSymKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ PK11SymKey* symKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssAppliedKeysMngrPubKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ SECKEYPublicKey* pubKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssAppliedKeysMngrPriKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ SECKEYPrivateKey* priKey
++) ;
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_NSS_AKMNGR_H__ */
++
++
+diff --git a/include/xmlsec/nss/app.h b/include/xmlsec/nss/app.h
+index b78492f..1d85eae 100644
+--- a/include/xmlsec/nss/app.h
++++ b/include/xmlsec/nss/app.h
+@@ -22,6 +22,9 @@ extern "C" {
#include <xmlsec/keysmngr.h>
#include <xmlsec/transforms.h>
@@ -54,7 +242,7 @@
/**
* Init/shutdown
*/
-@@ -36,6 +39,8 @@
+@@ -36,6 +39,8 @@ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr
xmlSecKeyPtr key);
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
const char* uri);
@@ -63,9 +251,52 @@
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
const char* filename,
xmlSecKeyDataType type);
---- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200
-+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200
-@@ -16,6 +16,8 @@
+diff --git a/include/xmlsec/nss/ciphers.h b/include/xmlsec/nss/ciphers.h
+new file mode 100644
+index 0000000..607eb1e
+--- /dev/null
++++ b/include/xmlsec/nss/ciphers.h
+@@ -0,0 +1,35 @@
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright ..........................
++ */
++#ifndef __XMLSEC_NSS_CIPHERS_H__
++#define __XMLSEC_NSS_CIPHERS_H__
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++
++
++XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
++ PK11SymKey* symkey ) ;
++
++XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
++
++XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
++
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_NSS_CIPHERS_H__ */
++
++
+diff --git a/include/xmlsec/nss/keysstore.h b/include/xmlsec/nss/keysstore.h
+index 10e6bb3..126f2fb 100644
+--- a/include/xmlsec/nss/keysstore.h
++++ b/include/xmlsec/nss/keysstore.h
+@@ -16,6 +16,8 @@ extern "C" {
#endif /* __cplusplus */
#include <xmlsec/xmlsec.h>
@@ -74,7 +305,7 @@
/****************************************************************************
*
-@@ -31,6 +33,8 @@
+@@ -31,6 +33,8 @@ extern "C" {
XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
xmlSecKeyPtr key);
@@ -83,9 +314,441 @@
XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
const char *uri,
xmlSecKeysMngrPtr keysMngr);
---- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
-+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200
... etc. - the rest is truncated
More information about the Libreoffice-commits
mailing list