[Libreoffice-commits] core.git: external/libxmlsec
Miklos Vajna
vmiklos at collabora.co.uk
Fri May 5 06:18:53 UTC 2017
external/libxmlsec/UnpackedTarball_xmlsec.mk | 1
external/libxmlsec/xmlsec1-nssmangleciphers.patch.1 | 1145 --------------------
2 files changed, 1146 deletions(-)
New commits:
commit 074fd0fed18f6ffcd5c9e33e75f820e9c769abc9
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Thu May 4 20:20:47 2017 +0200
libxmlsec: remove xmlsec1-nssmangleciphers.patch.1
This was added in commit ebd1b95bb5f9235d1dba1b840fd746c9b53320d2
(INTEGRATION: CWS xmlsec08 (1.1.2); FILE ADDED, 2005-03-10). According
to CWS history it was introduced in the 1.1.2.1 part, without any
further comments.
Before the gbuild conversion in commit
ec6af4194e80f5f0b2e46ca59802ff397a2a4a24 (convert libxmlsec to gbuild,
2012-11-29) the makefile.mk had a comment for this patch: "Dubious, do
we still need this ?".
My best guess is that this was added as part of some effort to do ODF
encryption (not just signing) in xmlsecurity, but code for that on the
xmlsecurity part is already removed.
Change-Id: I3a5f1fedd7ce10b8b874bb8a3c9e6260213fbd8f
Reviewed-on: https://gerrit.libreoffice.org/37261
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk
index d7859f35a083..64fb37aad058 100644
--- a/external/libxmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -10,7 +10,6 @@
xmlsec_patches :=
xmlsec_patches += xmlsec1-configure.patch.1
xmlsec_patches += xmlsec1-nssdisablecallbacks.patch.1
-xmlsec_patches += xmlsec1-nssmangleciphers.patch.1
xmlsec_patches += xmlsec1-noverify.patch.1
xmlsec_patches += xmlsec1-vc.patch.1
xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
diff --git a/external/libxmlsec/xmlsec1-nssmangleciphers.patch.1 b/external/libxmlsec/xmlsec1-nssmangleciphers.patch.1
deleted file mode 100644
index ea5088fcea97..000000000000
--- a/external/libxmlsec/xmlsec1-nssmangleciphers.patch.1
+++ /dev/null
@@ -1,1145 +0,0 @@
-From 31942f69c090c27ec6c36f1fd36a5967c7ca9f74 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos at collabora.co.uk>
-Date: Fri, 4 Mar 2016 16:09:39 +0100
-Subject: [PATCH] xmlsec1-nssmangleciphers.patch
-
-Conflicts:
- src/nss/ciphers.c
----
- src/nss/ciphers.c | 859 ++++++++++++++++++++++++++++++------------------------
- 1 file changed, 480 insertions(+), 379 deletions(-)
-
-diff --git a/src/nss/ciphers.c b/src/nss/ciphers.c
-index cf67936..c063c04 100644
---- a/src/nss/ciphers.c
-+++ b/src/nss/ciphers.c
-@@ -11,180 +11,422 @@
-
- #include <string.h>
-
--#include <nspr.h>
- #include <nss.h>
--#include <secoid.h>
- #include <pk11func.h>
-
- #include <xmlsec/xmlsec.h>
-+#include <xmlsec/xmltree.h>
-+#include <xmlsec/base64.h>
- #include <xmlsec/keys.h>
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
- #include <xmlsec/nss/crypto.h>
-
--#define XMLSEC_NSS_MAX_KEY_SIZE 32
--#define XMLSEC_NSS_MAX_IV_SIZE 32
--#define XMLSEC_NSS_MAX_BLOCK_SIZE 32
-+#include <xmlsec/nss/ciphers.h>
-
- /**************************************************************************
- *
-- * Internal Nss Block cipher CTX
-+ * Internal Nss Block Cipher Context
-+ * This context is designed for repositing a block cipher for transform
- *
- *****************************************************************************/
--typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
-- *xmlSecNssBlockCipherCtxPtr;
-+typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ;
-+typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ;
-+
- struct _xmlSecNssBlockCipherCtx {
- CK_MECHANISM_TYPE cipher;
-+ PK11SymKey* symkey ;
- PK11Context* cipherCtx;
- xmlSecKeyDataId keyId;
-- int keyInitialized;
-- int ctxInitialized;
-- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
-- xmlSecSize keySize;
-- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
-- xmlSecSize ivSize;
- };
--static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
-- xmlSecBufferPtr in,
-- xmlSecBufferPtr out,
-- int encrypt,
-- const xmlChar* cipherName,
-- xmlSecTransformCtxPtr transformCtx);
--static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
-- xmlSecBufferPtr in,
-- xmlSecBufferPtr out,
-- int encrypt,
-- const xmlChar* cipherName,
-- xmlSecTransformCtxPtr transformCtx);
--static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
-- xmlSecBufferPtr in,
-- xmlSecBufferPtr out,
-- int encrypt,
-- const xmlChar* cipherName,
-- xmlSecTransformCtxPtr transformCtx);
-+
-+#define xmlSecNssBlockCipherSize \
-+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) )
-+
-+#define xmlSecNssBlockCipherGetCtx( transform ) \
-+ ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
-+
-+static int
-+xmlSecNssBlockCipherCheckId(
-+ xmlSecTransformPtr transform
-+) {
-+ #ifndef XMLSEC_NO_DES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) {
-+ return 1 ;
-+ }
-+ #endif /* XMLSEC_NO_DES */
-+
-+ #ifndef XMLSEC_NO_AES
-+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) ||
-+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) {
-+
-+ return 1 ;
-+ }
-+ #endif /* XMLSEC_NO_AES */
-+
-+ return 0 ;
-+}
-+
-+static int
-+xmlSecNssBlockCipherFetchCtx(
-+ xmlSecNssBlockCipherCtxPtr context ,
-+ xmlSecTransformId id
-+) {
-+ xmlSecAssert2( context != NULL, -1 ) ;
-+
-+ #ifndef XMLSEC_NO_DES
-+ if( id == xmlSecNssTransformDes3CbcId ) {
-+ context->cipher = CKM_DES3_CBC ;
-+ context->keyId = xmlSecNssKeyDataDesId ;
-+ } else
-+ #endif /* XMLSEC_NO_DES */
-+
-+ #ifndef XMLSEC_NO_AES
-+ if( id == xmlSecNssTransformAes128CbcId ) {
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ if( id == xmlSecNssTransformAes192CbcId ) {
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ if( id == xmlSecNssTransformAes256CbcId ) {
-+ context->cipher = CKM_AES_CBC ;
-+ context->keyId = xmlSecNssKeyDataAesId ;
-+ } else
-+ #endif /* XMLSEC_NO_AES */
-+
-+ if( 1 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ return 0 ;
-+}
-+
-+/**
-+ * xmlSecTransformInitializeMethod:
-+ * @transform: the pointer to transform object.
-+ *
-+ * The transform specific initialization method.
-+ *
-+ * Returns 0 on success or a negative value otherwise.
-+ */
-+static int
-+xmlSecNssBlockCipherInitialize(
-+ xmlSecTransformPtr transform
-+) {
-+ xmlSecNssBlockCipherCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
-+
-+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherFetchCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ context->symkey = NULL ;
-+ context->cipherCtx = NULL ;
-+
-+ return 0 ;
-+}
-+
-+/**
-+ * xmlSecTransformFinalizeMethod:
-+ * @transform: the pointer to transform object.
-+ *
-+ * The transform specific destroy method.
-+ */
-+static void
-+xmlSecNssBlockCipherFinalize(
-+ xmlSecTransformPtr transform
-+) {
-+ xmlSecNssBlockCipherCtxPtr context = NULL ;
-+
-+ xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ;
-+ xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ;
-+
-+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return ;
-+ }
-+
-+ if( context->cipherCtx != NULL ) {
-+ PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ;
-+ context->cipherCtx = NULL ;
-+ }
-+
-+ if( context->symkey != NULL ) {
-+ PK11_FreeSymKey( context->symkey ) ;
-+ context->symkey = NULL ;
-+ }
-+
-+ context->cipher = CKM_INVALID_MECHANISM ;
-+ context->keyId = NULL ;
-+}
-+
-+/**
-+ * xmlSecTransformSetKeyRequirementsMethod:
-+ * @transform: the pointer to transform object.
-+ * @keyReq: the pointer to key requirements structure.
-+ *
-+ * Transform specific method to set transform's key requirements.
-+ *
-+ * Returns 0 on success or a negative value otherwise.
-+ */
-+static int
-+xmlSecNssBlockCipherSetKeyReq(
-+ xmlSecTransformPtr transform ,
-+ xmlSecKeyReqPtr keyReq
-+) {
-+ xmlSecNssBlockCipherCtxPtr context = NULL ;
-+ xmlSecSize cipherSize = 0 ;
-+
-+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
-+ xmlSecAssert2( keyReq != NULL , -1 ) ;
-+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
-+
-+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ keyReq->keyId = context->keyId ;
-+ keyReq->keyType = xmlSecKeyDataTypeSymmetric ;
-+
-+ if( transform->operation == xmlSecTransformOperationEncrypt ) {
-+ keyReq->keyUsage = xmlSecKeyUsageEncrypt ;
-+ } else {
-+ keyReq->keyUsage = xmlSecKeyUsageDecrypt ;
-+ }
-+
-+ /*
-+ if( context->symkey != NULL )
-+ cipherSize = PK11_GetKeyLength( context->symkey ) ;
-+
-+ keyReq->keyBitsSize = cipherSize * 8 ;
-+ */
-+
-+ return 0 ;
-+}
-+
-+/**
-+ * xmlSecTransformSetKeyMethod:
-+ * @transform: the pointer to transform object.
-+ * @key: the pointer to key.
-+ *
-+ * The transform specific method to set the key for use.
-+ *
-+ * Returns 0 on success or a negative value otherwise.
-+ */
-+static int
-+xmlSecNssBlockCipherSetKey(
-+ xmlSecTransformPtr transform ,
-+ xmlSecKeyPtr key
-+) {
-+ xmlSecNssBlockCipherCtxPtr context = NULL ;
-+ xmlSecKeyDataPtr keyData = NULL ;
-+ PK11SymKey* symkey = NULL ;
-+ CK_ATTRIBUTE_TYPE operation ;
-+ int ivLen ;
-+
-+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
-+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
-+ xmlSecAssert2( key != NULL , -1 ) ;
-+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
-+
-+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
-+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ "xmlSecNssBlockCipherGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
-+
-+ keyData = xmlSecKeyGetValue( key ) ;
-+ if( keyData == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
-+ "xmlSecKeyGetValue" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
-+ "xmlSecNssSymKeyDataGetKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ context->symkey = symkey ;
-+
-+ return 0 ;
-+}
-+
- static int
- xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
-- SECItem keyItem;
- SECItem ivItem;
-- PK11SlotInfo* slot;
-- PK11SymKey* symKey;
-+ SECItem* secParam = NULL ;
-+ xmlSecBufferPtr ivBuf = NULL ;
- int ivLen;
-- SECStatus rv;
-- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->cipher != 0, -1);
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
- xmlSecAssert2(ctx->cipherCtx == NULL, -1);
-- xmlSecAssert2(ctx->keyInitialized != 0, -1);
-- xmlSecAssert2(ctx->ctxInitialized == 0, -1);
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ivLen = PK11_GetIVLength(ctx->cipher);
-- xmlSecAssert2(ivLen > 0, -1);
-- xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
-+ if( ivLen < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "PK11_GetIVLength" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-
- if(encrypt) {
-- /* generate random iv */
-- rv = PK11_GenerateRandom(ctx->iv, ivLen);
-- if(rv != SECSuccess) {
-+ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_GenerateRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- "size=%d", ivLen);
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecBufferDestroy( ivBuf ) ;
- return(-1);
- }
-+ if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecBufferSetSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
-+ return -1 ;
-+ }
-
-- /* write iv to the output */
-- ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
-- if(ret < 0) {
-+ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferAppend",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", ivLen);
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecBufferDestroy( ivBuf ) ;
- return(-1);
- }
-
- } else {
-- /* if we don't have enough data, exit and hope that
-- * we'll have iv next time */
-- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
-- return(0);
-- }
--
-- /* copy iv to our buffer*/
-- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
-- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
--
-- /* and remove from input */
-- ret = xmlSecBufferRemoveHead(in, ivLen);
-- if(ret < 0) {
-+ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferRemoveHead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", ivLen);
-+ "xmlSecBufferSetData",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecBufferDestroy( ivBuf ) ;
- return(-1);
- }
- }
-
-- memset(&keyItem, 0, sizeof(keyItem));
-- keyItem.data = ctx->key;
-- keyItem.len = ctx->keySize;
-- memset(&ivItem, 0, sizeof(ivItem));
-- ivItem.data = ctx->iv;
-- ivItem.len = ctx->ivSize;
--
-- slot = PK11_GetBestSlot(ctx->cipher, NULL);
-- if(slot == NULL) {
-+ if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
-- "PK11_GetBestSlot",
-+ "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecBufferDestroy( ivBuf ) ;
- return(-1);
- }
-
-- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
-- CKA_SIGN, &keyItem, NULL);
-- if(symKey == NULL) {
-+ ivItem.data = xmlSecBufferGetData( ivBuf ) ;
-+ ivItem.len = xmlSecBufferGetSize( ivBuf ) ;
-+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
-- "PK11_ImportSymKey",
-+ "PK11_ParamFromIV",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-- PK11_FreeSlot(slot);
-+ xmlSecBufferDestroy( ivBuf ) ;
- return(-1);
- }
-
- ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
- (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
-- symKey, &ivItem);
-+ ctx->symkey, secParam);
- if(ctx->cipherCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
-- "PK11_CreateContextBySymKey",
-+ "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-- PK11_FreeSymKey(symKey);
-- PK11_FreeSlot(slot);
-+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
- return(-1);
- }
-
-- ctx->ctxInitialized = 1;
-- PK11_FreeSymKey(symKey);
-- PK11_FreeSlot(slot);
-+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
-+ xmlSecBufferDestroy( ivBuf ) ;
- return(0);
- }
-
-+/**
-+ * Block cipher transform update
-+ */
- static int
- xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
-@@ -192,54 +434,49 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- xmlSecSize inSize, inBlocks, outSize;
-- int blockLen;
-+ int blockSize;
- int outLen = 0;
- xmlSecByte* outBuf;
-- SECStatus rv;
-- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->cipher != 0, -1);
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
-- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
-- blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
-- xmlSecAssert2(blockLen > 0, -1);
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
-+
-+ inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ;
-+ inSize = inBlocks * blockSize ;
-
-- if(inSize < (xmlSecSize)blockLen) {
-- return(0);
-- }
--
-- if(encrypt) {
-- inBlocks = inSize / ((xmlSecSize)blockLen);
-- } else {
-- /* we want to have the last block in the input buffer
-- * for padding check */
-- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
-+ if( inSize < blockSize ) {
-+ return 0 ;
- }
-- inSize = inBlocks * ((xmlSecSize)blockLen);
-
-- /* we write out the input size plus may be one block */
-- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
-- if(ret < 0) {
-+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", outSize + inSize + blockLen);
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outBuf = xmlSecBufferGetData(out) + outSize;
-
-- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
-- xmlSecBufferGetData(in), inSize);
-- if(rv != SECSuccess) {
-+ if(PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_CipherOp",
-@@ -247,27 +484,22 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-- xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
-
-- /* set correct output buffer size */
-- ret = xmlSecBufferSetSize(out, outSize + outLen);
-- if(ret < 0) {
-+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", outSize + outLen);
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
-- /* remove the processed block from input */
-- ret = xmlSecBufferRemoveHead(in, inSize);
-- if(ret < 0) {
-+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", inSize);
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
-@@ -281,81 +513,82 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- xmlSecSize inSize, outSize;
-- int blockLen, outLen = 0;
-+ int blockSize, outLen = 0;
- xmlSecByte* inBuf;
- xmlSecByte* outBuf;
-- SECStatus rv;
-- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->cipher != 0, -1);
-+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
-+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
-- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
-+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
-- blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
-- xmlSecAssert2(blockLen > 0, -1);
-+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_GetBlockSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
-
-+ /******************************************************************/
- if(encrypt != 0) {
-- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
-+ xmlSecAssert2( inSize < blockSize, -1 ) ;
-
- /* create padding */
-- ret = xmlSecBufferSetMaxSize(in, blockLen);
-- if(ret < 0) {
-+ if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", blockLen);
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- inBuf = xmlSecBufferGetData(in);
-
-- /* generate random padding */
-- if((xmlSecSize)blockLen > (inSize + 1)) {
-- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
-- if(rv != SECSuccess) {
-+ /* generate random */
-+ if( blockSize > ( inSize + 1 ) ) {
-+ if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_GenerateRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- "size=%d", blockLen - inSize - 1);
-+ XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-- inBuf[blockLen - 1] = blockLen - inSize;
-- inSize = blockLen;
-+ inBuf[blockSize-1] = blockSize - inSize ;
-+ inSize = blockSize ;
- } else {
-- if(inSize != (xmlSecSize)blockLen) {
-+ if( inSize != blockSize ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "data=%d;block=%d", inSize, blockLen);
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
-- /* process last block */
-- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
-- if(ret < 0) {
-+ /* process the last block */
-+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", outSize + 2 * blockLen);
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outBuf = xmlSecBufferGetData(out) + outSize;
-
-- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
-- xmlSecBufferGetData(in), inSize);
-- if(rv != SECSuccess) {
-+ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_CipherOp",
-@@ -363,300 +596,168 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-- xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
-
- if(encrypt == 0) {
- /* check padding */
-- if(outLen < outBuf[blockLen - 1]) {
-+ if( outLen < outBuf[blockSize-1] ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "padding=%d;buffer=%d",
-- outBuf[blockLen - 1], outLen);
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-- outLen -= outBuf[blockLen - 1];
-+ outLen -= outBuf[blockSize-1] ;
- }
-
-- /* set correct output buffer size */
-- ret = xmlSecBufferSetSize(out, outSize + outLen);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferSetSize",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", outSize + outLen);
-- return(-1);
-- }
-+ /******************************************************************/
-
-- /* remove the processed block from input */
-- ret = xmlSecBufferRemoveHead(in, inSize);
-- if(ret < 0) {
-+ /******************************************************************
-+ if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
-- "xmlSecBufferRemoveHead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "size=%d", inSize);
-+ "xmlSecBufferSetMaxSize",
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
-- return(0);
--}
--
--
--/******************************************************************************
-- *
-- * EVP Block Cipher transforms
-- *
-- * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
-- *
-- *****************************************************************************/
--#define xmlSecNssBlockCipherSize \
-- (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
--#define xmlSecNssBlockCipherGetCtx(transform) \
-- ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
--
--static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
--static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
--static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
-- xmlSecKeyReqPtr keyReq);
--static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
-- xmlSecKeyPtr key);
--static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
-- int last,
-- xmlSecTransformCtxPtr transformCtx);
--static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
--
--
--
--static int
--xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
--#ifndef XMLSEC_NO_DES
-- if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
-- return(1);
-- }
--#endif /* XMLSEC_NO_DES */
--
--#ifndef XMLSEC_NO_AES
-- if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
-- xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
-- xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
--
-- return(1);
-+ outBuf = xmlSecBufferGetData( out ) + outSize ;
-+ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "PK11_DigestFinal" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
- }
--#endif /* XMLSEC_NO_AES */
--
-- return(0);
--}
--
--static int
--xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
-- xmlSecNssBlockCipherCtxPtr ctx;
--
-- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
-- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
--
-- ctx = xmlSecNssBlockCipherGetCtx(transform);
-- xmlSecAssert2(ctx != NULL, -1);
--
-- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
--
--#ifndef XMLSEC_NO_DES
-- if(transform->id == xmlSecNssTransformDes3CbcId) {
-- ctx->cipher = CKM_DES3_CBC;
-- ctx->keyId = xmlSecNssKeyDataDesId;
-- ctx->keySize = 24;
-- } else
--#endif /* XMLSEC_NO_DES */
--
--#ifndef XMLSEC_NO_AES
-- if(transform->id == xmlSecNssTransformAes128CbcId) {
-- ctx->cipher = CKM_AES_CBC;
-- ctx->keyId = xmlSecNssKeyDataAesId;
-- ctx->keySize = 16;
-- } else if(transform->id == xmlSecNssTransformAes192CbcId) {
-- ctx->cipher = CKM_AES_CBC;
-- ctx->keyId = xmlSecNssKeyDataAesId;
-- ctx->keySize = 24;
-- } else if(transform->id == xmlSecNssTransformAes256CbcId) {
-- ctx->cipher = CKM_AES_CBC;
-- ctx->keyId = xmlSecNssKeyDataAesId;
-- ctx->keySize = 32;
-- } else
--#endif /* XMLSEC_NO_AES */
--
-- if(1) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-+ ******************************************************************/
-+
-+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferSetSize" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
- }
--
-- return(0);
--}
--
--static void
--xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
-- xmlSecNssBlockCipherCtxPtr ctx;
--
-- xmlSecAssert(xmlSecNssBlockCipherCheckId(transform));
-- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize));
--
-- ctx = xmlSecNssBlockCipherGetCtx(transform);
-- xmlSecAssert(ctx != NULL);
--
-- if(ctx->cipherCtx != NULL) {
-- PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
-+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( cipherName ) ,
-+ "xmlSecBufferRemoveHead" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
- }
-+/* PK11_Finalize( ctx->cipherCtx ) ;*/
-+ PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
-+ ctx->cipherCtx = NULL ;
-
-- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
--}
--
--static int
--xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
-- xmlSecNssBlockCipherCtxPtr ctx;
--
-- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
-- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
-- xmlSecAssert2(keyReq != NULL, -1);
--
-- ctx = xmlSecNssBlockCipherGetCtx(transform);
-- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->keyId != NULL, -1);
--
-- keyReq->keyId = ctx->keyId;
-- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
-- if(transform->operation == xmlSecTransformOperationEncrypt) {
-- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
-- } else {
-- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
-- }
-- keyReq->keyBitsSize = 8 * ctx->keySize;
- return(0);
- }
-
--static int
--xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
-- xmlSecNssBlockCipherCtxPtr ctx;
-- xmlSecBufferPtr buffer;
-+/**
-+ * xmlSecTransformExecuteMethod:
-+ * @transform: the pointer to transform object.
-+ * @last: the flag: if set to 1 then it's the last data chunk.
-+ * @transformCtx: the pointer to transform context object.
-+ *
-+ * Transform specific method to process a chunk of data.
-+ *
-+ * Returns 0 on success or a negative value otherwise.
-+ */
-+xmlSecNssBlockCipherExecute(
-+ xmlSecTransformPtr transform ,
-+ int last ,
-+ xmlSecTransformCtxPtr transformCtx
-+) {
-+ xmlSecNssBlockCipherCtxPtr context = NULL ;
-+ xmlSecBufferPtr inBuf = NULL ;
-+ xmlSecBufferPtr outBuf = NULL ;
-+ const xmlChar* cipherName ;
-+ int operation ;
-+ int rtv ;
-
- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
-- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
-- xmlSecAssert2(key != NULL, -1);
--
-- ctx = xmlSecNssBlockCipherGetCtx(transform);
-- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(ctx->cipher != 0, -1);
-- xmlSecAssert2(ctx->keyInitialized == 0, -1);
-- xmlSecAssert2(ctx->keyId != NULL, -1);
-- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
-
-- xmlSecAssert2(ctx->keySize > 0, -1);
-- xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
-+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
-+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
-
-- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
-- xmlSecAssert2(buffer != NULL, -1);
--
-- if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
-+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
-+ if( context == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
-- "keySize=%d;expected=%d",
-- xmlSecBufferGetSize(buffer), ctx->keySize);
-- return(-1);
-+ "xmlSecNssBlockCipherGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
- }
-
-- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
-- memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
-
-- ctx->keyInitialized = 1;
-- return(0);
--}
--
--static int
--xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
-- xmlSecNssBlockCipherCtxPtr ctx;
-- xmlSecBufferPtr in, out;
-- int ret;
--
-- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
-- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
-- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
-- xmlSecAssert2(transformCtx != NULL, -1);
--
-- in = &(transform->inBuf);
-- out = &(transform->outBuf);
--
-- ctx = xmlSecNssBlockCipherGetCtx(transform);
-- xmlSecAssert2(ctx != NULL, -1);
-+ inBuf = &( transform->inBuf ) ;
-+ outBuf = &( transform->outBuf ) ;
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
-+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
-+ cipherName = xmlSecTransformGetName( transform ) ;
-+
- if(transform->status == xmlSecTransformStatusWorking) {
-- if(ctx->ctxInitialized == 0) {
-- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
-- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
-- xmlSecTransformGetName(transform), transformCtx);
-- if(ret < 0) {
-+ if( context->cipherCtx == NULL ) {
-+ rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
-+ if( rtv < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssBlockCipherCtxInit",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_R_INVALID_STATUS,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-- if((ctx->ctxInitialized == 0) && (last != 0)) {
-+ if( context->cipherCtx == NULL && last != 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-+ XMLSEC_ERRORS_R_INVALID_STATUS,
- "not enough data to initialize transform");
- return(-1);
- }
-
-- if(ctx->ctxInitialized != 0) {
-- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
-- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
-- xmlSecTransformGetName(transform), transformCtx);
-- if(ret < 0) {
-+ if( context->cipherCtx != NULL ) {
-+ rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
-+ if( rtv < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssBlockCipherCtxUpdate",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_R_INVALID_STATUS,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- if(last) {
-- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
-- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
-- xmlSecTransformGetName(transform), transformCtx);
-- if(ret < 0) {
-+ rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
-+ if( rtv < 0 ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssBlockCipherCtxFinal",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_R_INVALID_STATUS,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished;
- }
- } else if(transform->status == xmlSecTransformStatusFinished) {
-- /* the only way we can get here is if there is no input */
-- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
-- } else if(transform->status == xmlSecTransformStatusNone) {
-- /* the only way we can get here is if there is no enough data in the input */
-- xmlSecAssert2(last == 0, -1);
-+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_INVALID_STATUS ,
-+ "status=%d", transform->status ) ;
-+ return -1 ;
-+ }
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
---
-2.6.6
-
More information about the Libreoffice-commits
mailing list