[Libreoffice-commits] core.git: download.lst external/libxmlsec
Miklos Vajna
vmiklos at collabora.co.uk
Wed May 10 09:31:10 UTC 2017
download.lst | 4
external/libxmlsec/UnpackedTarball_xmlsec.mk | 6
external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch.1 | 6
external/libxmlsec/xmlsec1-configure.patch.1 | 85
external/libxmlsec/xmlsec1-customkeymanage.patch.1 | 863 +++-------
external/libxmlsec/xmlsec1-mscrypto-fix-signing-regression.patch.1 | 46
external/libxmlsec/xmlsec1-noverify.patch.1 | 66
external/libxmlsec/xmlsec1-nss-ecdsa-memset.patch.1 | 37
external/libxmlsec/xmlsec1-nss-ecdsa-sha256.patch.1 | 434 -----
external/libxmlsec/xmlsec1-nssdisablecallbacks.patch.1 | 10
external/libxmlsec/xmlsec1-vc.patch.1 | 16
11 files changed, 477 insertions(+), 1096 deletions(-)
New commits:
commit ad319fdfcaaa6092ea1ff76935e088c5122e0d2e
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Wed May 10 09:06:59 2017 +0200
Upgrade libxmlsec to 1.2.24
Upstream changes interesting for us:
- Added ECDSA-SHA1, ECDSA-SHA256, ECDSA-SHA512 support for xmlsec-nss,
so we can drop 2 patches
- Fixed XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS handling, which
allows dropping xmlsec1-noverify.patch.1 in the future
Also backport a patch from xmlsec master that fixes signature creation
on Windows (the release regressed in this regard).
Change-Id: I2c14328283bf7d4f8af5595ea4c1efc29ee81f9e
diff --git a/download.lst b/download.lst
index c0af455665f5..8abec7d647d6 100644
--- a/download.lst
+++ b/download.lst
@@ -139,8 +139,8 @@ export LIBLANGTAG_SHA256SUM := d6242790324f1432fb0a6fae71b6851f520b2c5a87675497c
export LIBLANGTAG_TARBALL := liblangtag-0.6.2.tar.bz2
export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304f7281f8f7347483
export LIBTOMMATH_TARBALL := ltm-1.0.zip
-export LIBXMLSEC_SHA256SUM := 41d463d16c9894cd3317098d027c038039c6d896b9cbb9bad9c4e29959e10e9f
-export LIBXMLSEC_TARBALL := 86b1daaa438f5a7bea9a52d7b9799ac0-xmlsec1-1.2.23.tar.gz
+export LIBXMLSEC_SHA256SUM := 99a8643f118bb1261a72162f83e2deba0f4f690893b4b90e1be4f708e8d481cc
+export LIBXMLSEC_TARBALL := xmlsec1-1.2.24.tar.gz
export LIBXML_SHA256SUM := ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c
export LIBXML_TARBALL := ae249165c173b1ff386ee8ad676815f5-libxml2-2.9.4.tar.gz
export LIBXSLT_SHA256SUM := b5976e3857837e7617b29f2249ebb5eeac34e249208d31f1fbf7a6ba7a4090ce
diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk
index 64fb37aad058..62adcf788a85 100644
--- a/external/libxmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -14,10 +14,8 @@ xmlsec_patches += xmlsec1-noverify.patch.1
xmlsec_patches += xmlsec1-vc.patch.1
xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
xmlsec_patches += xmlsec1-customkeymanage.patch.1
-# Backport of <https://github.com/lsh123/xmlsec/pull/83>.
-xmlsec_patches += xmlsec1-nss-ecdsa-sha256.patch.1
-# Backport of <https://github.com/lsh123/xmlsec/pull/91>.
-xmlsec_patches += xmlsec1-nss-ecdsa-memset.patch.1
+# Backport of <https://github.com/lsh123/xmlsec/pull/112>.
+xmlsec_patches += xmlsec1-mscrypto-fix-signing-regression.patch.1
$(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
diff --git a/external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch.1 b/external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch.1
index 9ead19c343c7..9ff5e52872a9 100644
--- a/external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch.1
+++ b/external/libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch.1
@@ -1,4 +1,4 @@
-From b4cb46f2737f7e3a4073b747ed4a0dfb99d48fdd Mon Sep 17 00:00:00 2001
+From 057ee59c4e63b9afe0e95c626312ac530feadbeb Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Fri, 4 Mar 2016 16:12:48 +0100
Subject: [PATCH] xmlsec1-1.2.14_fix_extern_c.patch
@@ -10,7 +10,7 @@ Conflicts:
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/xmlsec/xmlsec.h b/include/xmlsec/xmlsec.h
-index 963b37a..ec58bec 100644
+index 69d765f2..11b9975c 100644
--- a/include/xmlsec/xmlsec.h
+++ b/include/xmlsec/xmlsec.h
@@ -11,16 +11,16 @@
@@ -35,5 +35,5 @@ index 963b37a..ec58bec 100644
*
* Basic types to make ports to exotic platforms easier
--
-2.6.6
+2.12.0
diff --git a/external/libxmlsec/xmlsec1-configure.patch.1 b/external/libxmlsec/xmlsec1-configure.patch.1
index e114012ab602..5718e223cad7 100644
--- a/external/libxmlsec/xmlsec1-configure.patch.1
+++ b/external/libxmlsec/xmlsec1-configure.patch.1
@@ -1,4 +1,4 @@
-From 70139f4422c78f21ed9a7435267e37d15c4c8fa6 Mon Sep 17 00:00:00 2001
+From 49f9bed356b307d7700f429851f1509639956b20 Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Fri, 4 Mar 2016 16:06:19 +0100
Subject: [PATCH] xmlsec1-configure.patch
@@ -7,44 +7,51 @@ Conflicts:
Makefile.am
Makefile.in
configure.ac
+ win32/Makefile.msvc
---
- Makefile.am | 2 +-
- Makefile.in | 2 +-
+ Makefile.am | 4 ++--
+ Makefile.in | 4 ++--
configure.ac | 50 +++++++++++++++++++++++++++++++++++++++-----------
win32/Makefile.msvc | 2 +-
- 4 files changed, 42 insertions(+), 14 deletions(-)
+ 4 files changed, 44 insertions(+), 16 deletions(-)
diff --git a/Makefile.am b/Makefile.am
-index 3453c01..2c5effb 100644
+index 82e26656..dac213ad 100644
--- a/Makefile.am
+++ b/Makefile.am
-@@ -1,7 +1,7 @@
- NULL =
-
+@@ -3,10 +3,10 @@ NULL =
SAFE_VERSION = @XMLSEC_VERSION_SAFE@
--SUBDIRS = include src apps man docs
-+SUBDIRS = include src
+ SUBDIRS = include src
+ if XMLSEC_APPS
+-SUBDIRS += apps
++SUBDIRS +=
+ endif
+ if XMLSEC_DOCS
+-SUBDIRS += man docs
++SUBDIRS +=
+ endif
TEST_APP = apps/xmlsec1$(EXEEXT)
DEFAULT_CRYPTO = @XMLSEC_DEFAULT_CRYPTO@
-
diff --git a/Makefile.in b/Makefile.in
-index f35b430..f3ca4ed 100644
+index ef0aed99..73f9db9c 100644
--- a/Makefile.in
+++ b/Makefile.in
-@@ -468,7 +468,7 @@ top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
- NULL =
- SAFE_VERSION = @XMLSEC_VERSION_SAFE@
--SUBDIRS = include src apps man docs
-+SUBDIRS = include src
- TEST_APP = apps/xmlsec1$(EXEEXT)
- DEFAULT_CRYPTO = @XMLSEC_DEFAULT_CRYPTO@
- bin_SCRIPTS = xmlsec1-config
+@@ -89,8 +89,8 @@ PRE_UNINSTALL = :
+ POST_UNINSTALL = :
+ build_triplet = @build@
+ host_triplet = @host@
+- at XMLSEC_APPS_TRUE@am__append_1 = apps
+- at XMLSEC_DOCS_TRUE@am__append_2 = man docs
++ at XMLSEC_APPS_TRUE@am__append_1 =
++ at XMLSEC_DOCS_TRUE@am__append_2 =
+ subdir = .
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
diff --git a/configure.ac b/configure.ac
-index b8770ad..721e4ca 100644
+index c100f92e..6e5c387b 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -227,8 +227,8 @@ dnl find libxml
+@@ -226,8 +226,8 @@ dnl find libxml
dnl ==========================================================================
LIBXML_MIN_VERSION="2.7.4"
LIBXML_CONFIG="xml2-config"
@@ -55,7 +62,7 @@ index b8770ad..721e4ca 100644
LIBXML_FOUND="no"
AC_ARG_WITH(libxml,
[ --with-libxml=[PFX] libxml2 location]
-@@ -237,6 +237,8 @@ AC_ARG_WITH(libxml-src,
+@@ -236,6 +236,8 @@ AC_ARG_WITH(libxml-src,
[ --with-libxml-src=[PFX] not installed yet libxml2 location]
)
@@ -64,7 +71,7 @@ index b8770ad..721e4ca 100644
if test "z$with_libxml" = "zno" -o "z$with_libxml_src" = "zno"; then
AC_MSG_CHECKING(for libxml2 libraries >= $LIBXML_MIN_VERSION)
AC_MSG_ERROR(libxml2 >= $LIBXML_MIN_VERSION is required for $XMLSEC_PACKAGE)
-@@ -285,6 +287,8 @@ if test "z$LIBXML_FOUND" = "zno" ; then
+@@ -284,6 +286,8 @@ if test "z$LIBXML_FOUND" = "zno" ; then
fi
fi
@@ -73,14 +80,14 @@ index b8770ad..721e4ca 100644
AC_SUBST(LIBXML_CFLAGS)
AC_SUBST(LIBXML_LIBS)
AC_SUBST(LIBXML_CONFIG)
-@@ -598,12 +602,26 @@ dnl ==========================================================================
+@@ -586,12 +590,26 @@ dnl ==========================================================================
XMLSEC_NO_NSS="1"
SEAMONKEY_MIN_VERSION="1.0"
MOZILLA_MIN_VERSION="1.4"
+if test "z$MOZ_FLAVOUR" = "zfirefox" ; then
+ MOZILLA_MIN_VERSION="1.0"
+fi
- NSS_MIN_VERSION="3.9"
+ NSS_MIN_VERSION="3.11.1"
NSPR_MIN_VERSION="4.4.1"
NSS_CFLAGS=""
NSS_LIBS=""
@@ -102,7 +109,7 @@ index b8770ad..721e4ca 100644
NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss"
NSS_FOUND="no"
NSPR_PACKAGE=mozilla-nspr
-@@ -630,6 +648,16 @@ elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z
+@@ -618,6 +636,16 @@ elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z
dnl We are going to try all options
dnl
if test "z$NSS_FOUND" = "zno" ; then
@@ -119,7 +126,7 @@ index b8770ad..721e4ca 100644
PKG_CHECK_MODULES(NSS, seamonkey-nspr >= $NSPR_MIN_VERSION seamonkey-nss >= $SEAMONKEY_MIN_VERSION,
[NSS_FOUND=yes NSPR_PACKAGE=seamonkey-nspr NSS_PACKAGE=seamonkey-nss],
[NSS_FOUND=no])
-@@ -661,8 +689,8 @@ if test "z$NSS_FOUND" = "zno" ; then
+@@ -649,8 +677,8 @@ if test "z$NSS_FOUND" = "zno" ; then
ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
fi
@@ -130,7 +137,7 @@ index b8770ad..721e4ca 100644
AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
NSPR_INCLUDES_FOUND="no"
-@@ -683,21 +711,21 @@ if test "z$NSS_FOUND" = "zno" ; then
+@@ -671,21 +699,21 @@ if test "z$NSS_FOUND" = "zno" ; then
NSPR_PRINIT_H="$with_nspr/include/prinit.h"
else
for dir in $ac_nss_inc_dir ; do
@@ -156,7 +163,7 @@ index b8770ad..721e4ca 100644
dnl do not add -L/usr/lib because compiler does it anyway
if test "z$dir" = "z/usr/lib" ; then
NSPR_LIBS="$NSPR_LIBS_LIST"
-@@ -768,7 +796,7 @@ if test "z$NSS_FOUND" = "zno" ; then
+@@ -756,7 +784,7 @@ if test "z$NSS_FOUND" = "zno" ; then
done
for dir in $ac_nss_lib_dir ; do
@@ -166,18 +173,18 @@ index b8770ad..721e4ca 100644
if test "z$dir" = "z/usr/lib" ; then
NSS_LIBS="$NSS_LIBS_LIST"
diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc
-index 8c887a1..bbc661a 100644
+index c1eea253..8156caa7 100644
--- a/win32/Makefile.msvc
+++ b/win32/Makefile.msvc
-@@ -394,7 +394,7 @@ APP_LIBS = $(SOLIBS) $(XMLSEC_CRYPTO_SOLIBS)
- XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
- XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
+@@ -393,7 +393,7 @@ APP_LIBS = $(SOLIBS) $(XMLSEC_CRYPTO_SOLIBS)
+ XMLSEC_OPENSSL_SOLIBS = libcrypto.lib wsock32.lib kernel32.lib user32.lib gdi32.lib crypt32.lib advapi32.lib ws2_32.lib
+ XMLSEC_OPENSSL_ALIBS = libcrypto.lib wsock32.lib kernel32.lib user32.lib gdi32.lib crypt32.lib advapi32.lib ws2_32.lib
--XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib
-+XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib
- XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
+-XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib
++XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib
+ XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib
--
-2.6.6
+2.12.0
diff --git a/external/libxmlsec/xmlsec1-customkeymanage.patch.1 b/external/libxmlsec/xmlsec1-customkeymanage.patch.1
index 2a5f15fecf4f..0bf999079970 100644
--- a/external/libxmlsec/xmlsec1-customkeymanage.patch.1
+++ b/external/libxmlsec/xmlsec1-customkeymanage.patch.1
@@ -1,4 +1,4 @@
-From e0264063089c9821acf81ea8f1086c8e1147a89c Mon Sep 17 00:00:00 2001
+From 082e7399e0396bef9de46ddf8180d253d594a826 Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Fri, 4 Mar 2016 16:19:12 +0100
Subject: [PATCH] xmlsec1-customkeymanage.patch
@@ -6,6 +6,7 @@ Subject: [PATCH] xmlsec1-customkeymanage.patch
Conflicts:
include/xmlsec/nss/app.h
include/xmlsec/nss/keysstore.h
+ src/nss/Makefile.in
src/nss/hmac.c
src/nss/keysstore.c
src/nss/pkikeys.c
@@ -15,27 +16,27 @@ Conflicts:
---
include/xmlsec/mscrypto/Makefile.am | 1 +
include/xmlsec/mscrypto/Makefile.in | 1 +
- include/xmlsec/mscrypto/akmngr.h | 71 ++++
+ include/xmlsec/mscrypto/akmngr.h | 53 +++
include/xmlsec/nss/Makefile.am | 3 +
include/xmlsec/nss/Makefile.in | 3 +
include/xmlsec/nss/akmngr.h | 56 +++
include/xmlsec/nss/app.h | 5 +
include/xmlsec/nss/ciphers.h | 35 ++
include/xmlsec/nss/keysstore.h | 4 +
- include/xmlsec/nss/tokens.h | 182 ++++++++
- src/mscrypto/akmngr.c | 236 +++++++++++
+ include/xmlsec/nss/tokens.h | 182 +++++++++
+ src/mscrypto/akmngr.c | 209 ++++++++++
src/nss/Makefile.am | 2 +
- src/nss/Makefile.in | 22 +-
- src/nss/akmngr.c | 384 +++++++++++++++++
- src/nss/hmac.c | 8 +-
- src/nss/keysstore.c | 826 +++++++++++++++++++++++++-----------
- src/nss/pkikeys.c | 51 ++-
- src/nss/symkeys.c | 705 ++++++++++++++++++++++++++++--
- src/nss/tokens.c | 548 ++++++++++++++++++++++++
- src/nss/x509.c | 564 +++++-------------------
- src/nss/x509vfy.c | 291 ++++---------
+ src/nss/Makefile.in | 20 +
+ src/nss/akmngr.c | 384 ++++++++++++++++++
+ src/nss/hmac.c | 6 +-
+ src/nss/keysstore.c | 772 ++++++++++++++++++++++++++----------
+ src/nss/pkikeys.c | 81 ++--
+ src/nss/symkeys.c | 705 ++++++++++++++++++++++++++++++--
+ src/nss/tokens.c | 544 +++++++++++++++++++++++++
+ src/nss/x509.c | 491 ++++++-----------------
+ src/nss/x509vfy.c | 248 ++++--------
win32/Makefile.msvc | 4 +
- 22 files changed, 3034 insertions(+), 968 deletions(-)
+ 22 files changed, 2971 insertions(+), 838 deletions(-)
create mode 100644 include/xmlsec/mscrypto/akmngr.h
create mode 100644 include/xmlsec/nss/akmngr.h
create mode 100644 include/xmlsec/nss/ciphers.h
@@ -45,7 +46,7 @@ Conflicts:
create mode 100644 src/nss/tokens.c
diff --git a/include/xmlsec/mscrypto/Makefile.am b/include/xmlsec/mscrypto/Makefile.am
-index 18dff94..44837b6 100644
+index 18dff94c..44837b62 100644
--- a/include/xmlsec/mscrypto/Makefile.am
+++ b/include/xmlsec/mscrypto/Makefile.am
@@ -3,6 +3,7 @@ NULL =
@@ -57,10 +58,10 @@ index 18dff94..44837b6 100644
certkeys.h \
crypto.h \
diff --git a/include/xmlsec/mscrypto/Makefile.in b/include/xmlsec/mscrypto/Makefile.in
-index f010d55..0ce0613 100644
+index e613f83c..07923cc7 100644
--- a/include/xmlsec/mscrypto/Makefile.in
+++ b/include/xmlsec/mscrypto/Makefile.in
-@@ -396,6 +396,7 @@ top_srcdir = @top_srcdir@
+@@ -400,6 +400,7 @@ top_srcdir = @top_srcdir@
NULL =
xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
xmlsecmscryptoinc_HEADERS = \
@@ -70,7 +71,7 @@ index f010d55..0ce0613 100644
crypto.h \
diff --git a/include/xmlsec/mscrypto/akmngr.h b/include/xmlsec/mscrypto/akmngr.h
new file mode 100644
-index 0000000..4858192
+index 00000000..dca7b016
--- /dev/null
+++ b/include/xmlsec/mscrypto/akmngr.h
@@ -0,0 +1,53 @@
@@ -128,7 +129,7 @@ index 0000000..4858192
+
+
diff --git a/include/xmlsec/nss/Makefile.am b/include/xmlsec/nss/Makefile.am
-index e352162..997ca7f 100644
+index e3521622..997ca7fd 100644
--- a/include/xmlsec/nss/Makefile.am
+++ b/include/xmlsec/nss/Makefile.am
@@ -10,6 +10,9 @@ bignum.h \
@@ -142,10 +143,10 @@ index e352162..997ca7f 100644
install-exec-hook:
diff --git a/include/xmlsec/nss/Makefile.in b/include/xmlsec/nss/Makefile.in
-index 68aceff..86d5efe 100644
+index ee5c02e3..6d18158c 100644
--- a/include/xmlsec/nss/Makefile.in
+++ b/include/xmlsec/nss/Makefile.in
-@@ -403,6 +403,9 @@ bignum.h \
+@@ -407,6 +407,9 @@ bignum.h \
keysstore.h \
pkikeys.h \
x509.h \
@@ -157,7 +158,7 @@ index 68aceff..86d5efe 100644
all: all-am
diff --git a/include/xmlsec/nss/akmngr.h b/include/xmlsec/nss/akmngr.h
new file mode 100644
-index 0000000..8053511
+index 00000000..80535110
--- /dev/null
+++ b/include/xmlsec/nss/akmngr.h
@@ -0,0 +1,56 @@
@@ -218,7 +219,7 @@ index 0000000..8053511
+
+
diff --git a/include/xmlsec/nss/app.h b/include/xmlsec/nss/app.h
-index aeac55e..72e3db0 100644
+index 93f6c637..03f6aa14 100644
--- a/include/xmlsec/nss/app.h
+++ b/include/xmlsec/nss/app.h
@@ -22,6 +22,9 @@ extern "C" {
@@ -242,7 +243,7 @@ index aeac55e..72e3db0 100644
xmlSecKeyDataType type);
diff --git a/include/xmlsec/nss/ciphers.h b/include/xmlsec/nss/ciphers.h
new file mode 100644
-index 0000000..607eb1e
+index 00000000..607eb1e0
--- /dev/null
+++ b/include/xmlsec/nss/ciphers.h
@@ -0,0 +1,35 @@
@@ -282,7 +283,7 @@ index 0000000..607eb1e
+
+
diff --git a/include/xmlsec/nss/keysstore.h b/include/xmlsec/nss/keysstore.h
-index a2cc289..8571f68 100644
+index eb64d3c3..369a1453 100644
--- a/include/xmlsec/nss/keysstore.h
+++ b/include/xmlsec/nss/keysstore.h
@@ -16,6 +16,8 @@ extern "C" {
@@ -305,7 +306,7 @@ index a2cc289..8571f68 100644
xmlSecKeysMngrPtr keysMngr);
diff --git a/include/xmlsec/nss/tokens.h b/include/xmlsec/nss/tokens.h
new file mode 100644
-index 0000000..444c561
+index 00000000..444c5614
--- /dev/null
+++ b/include/xmlsec/nss/tokens.h
@@ -0,0 +1,182 @@
@@ -493,7 +494,7 @@ index 0000000..444c561
+
diff --git a/src/mscrypto/akmngr.c b/src/mscrypto/akmngr.c
new file mode 100644
-index 0000000..3bbd124
+index 00000000..6d33e706
--- /dev/null
+++ b/src/mscrypto/akmngr.c
@@ -0,0 +1,209 @@
@@ -707,7 +708,7 @@ index 0000000..3bbd124
+}
+
diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am
-index 8cd8586..a14199e 100644
+index e666f33c..ec9e7896 100644
--- a/src/nss/Makefile.am
+++ b/src/nss/Makefile.am
@@ -35,6 +35,8 @@ libxmlsec1_nss_la_SOURCES =\
@@ -718,39 +719,30 @@ index 8cd8586..a14199e 100644
+ tokens.c \
$(NULL)
- if SHAREDLIB_HACK
+ libxmlsec1_nss_la_LIBADD = \
diff --git a/src/nss/Makefile.in b/src/nss/Makefile.in
-index 0e9c5b7..8461341 100644
+index 51836f3a..35acec13 100644
--- a/src/nss/Makefile.in
+++ b/src/nss/Makefile.in
-@@ -135,7 +135,8 @@ am__DEPENDENCIES_1 =
- am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \
- digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
- x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
-- ../strings.c
-+ ../strings.c \
-+ akmngr.c tokens.c
- am__objects_1 =
- am__dirstamp = $(am__leading_dot)dirstamp
- @SHAREDLIB_HACK_TRUE at am__objects_2 = ../libxmlsec1_nss_la-strings.lo
-@@ -147,6 +148,8 @@ am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
+@@ -140,6 +140,8 @@ am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
+ libxmlsec1_nss_la-akmngr.lo \
+ libxmlsec1_nss_la-tokens.lo \
- $(am__objects_1) $(am__objects_2)
+ $(am__objects_1)
libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
AM_V_lt = $(am__v_lt_ at AM_V@)
-@@ -463,6 +466,7 @@ libxmlsec1_nss_la_CPPFLAGS = \
- libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \
- digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
- x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
-+ akmngr.c tokens.c \
- $(NULL) $(am__append_1)
+@@ -474,6 +476,8 @@ libxmlsec1_nss_la_SOURCES = \
+ kw_des.c \
+ kw_aes.c \
+ globals.h \
++ akmngr.c \
++ tokens.c \
+ $(NULL)
+
libxmlsec1_nss_la_LIBADD = \
- $(NSS_LIBS) \
-@@ -583,6 +587,8 @@ distclean-compile:
+@@ -584,6 +588,8 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo at am__quote@
@@ -759,30 +751,30 @@ index 0e9c5b7..8461341 100644
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@@ -615,6 +621,20 @@ libxmlsec1_nss_la-app.lo: app.c
+@@ -616,6 +622,20 @@ libxmlsec1_nss_la-app.lo: app.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+libxmlsec1_nss_la-akmngr.lo: akmngr.c
-+ at am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \
-+ at am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
++ at am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
++ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo $(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo
++ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+ at am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
++ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
+
+libxmlsec1_nss_la-tokens.lo: tokens.c
-+ at am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \
-+ at am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
++ at am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
++ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo $(DEPDIR)/libxmlsec1_nss_la-tokens.Plo
++ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+ at am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
++ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
+
libxmlsec1_nss_la-bignum.lo: bignum.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
diff --git a/src/nss/akmngr.c b/src/nss/akmngr.c
new file mode 100644
-index 0000000..65b94ac
+index 00000000..65b94ac5
--- /dev/null
+++ b/src/nss/akmngr.c
@@ -0,0 +1,384 @@
@@ -1171,7 +1163,7 @@ index 0000000..65b94ac
+}
+
diff --git a/src/nss/hmac.c b/src/nss/hmac.c
-index 79fbf40..2469e6a 100644
+index f5158da6..7c294240 100644
--- a/src/nss/hmac.c
+++ b/src/nss/hmac.c
@@ -23,8 +23,8 @@
@@ -1184,30 +1176,25 @@ index 79fbf40..2469e6a 100644
/* sizes in bits */
#define XMLSEC_NSS_MIN_HMAC_SIZE 80
-@@ -358,13 +358,13 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+@@ -343,9 +343,9 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
keyItem.data = xmlSecBufferGetData(buffer);
keyItem.len = xmlSecBufferGetSize(buffer);
- slot = PK11_GetBestSlot(ctx->digestType, NULL);
+ slot = xmlSecNssSlotGet(ctx->digestType);
if(slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-- "PK11_GetBestSlot",
-+ "xmlSecNssSlotGet",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
+- xmlSecNssError("PK11_GetBestSlot", xmlSecTransformGetName(transform));
++ xmlSecNssError("xmlSecNssSlotGet", xmlSecTransformGetName(transform));
return(-1);
}
diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c
-index 057fc45..e4cb0f1 100644
+index 0976e4a9..03baa887 100644
--- a/src/nss/keysstore.c
+++ b/src/nss/keysstore.c
@@ -1,36 +1,56 @@
- /**
- * XMLSec library
+ /*
+ * XML Security Library (http://www.aleksey.com/xmlsec).
*
- * Nss keys store that uses Simple Keys Store under the hood. Uses the
- * Nss DB as a backing store for the finding keys, but the NSS DB is
@@ -1297,13 +1284,17 @@ index 057fc45..e4cb0f1 100644
***************************************************************************/
-#define xmlSecNssKeysStoreSize \
- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
--
++typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
++typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
+
-#define xmlSecNssKeysStoreGetSS(store) \
- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
- (xmlSecKeyStorePtr*)NULL)
-+typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
-+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
++struct _xmlSecNssKeysStoreCtx {
++ xmlSecPtrListPtr keyList ;
++ xmlSecPtrListPtr slotList ;
++} ;
-static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
-static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
@@ -1314,11 +1305,7 @@ index 057fc45..e4cb0f1 100644
-static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
- sizeof(xmlSecKeyStoreKlass),
- xmlSecNssKeysStoreSize,
-+struct _xmlSecNssKeysStoreCtx {
-+ xmlSecPtrListPtr keyList ;
-+ xmlSecPtrListPtr slotList ;
-+} ;
-
+-
- /* data */
- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
+#define xmlSecNssKeysStoreSize \
@@ -1709,10 +1696,7 @@ index 057fc45..e4cb0f1 100644
+ }
+ }
+ }
-
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
-- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
++
+ /*-
+ * Find the key from slotList
+ */
@@ -1735,8 +1719,7 @@ index 057fc45..e4cb0f1 100644
+ }
+ }
+ }
-
-- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
++
+ /*-
+ * Create a session key if we can not find the key from keyList and slotList
+ */
@@ -1759,7 +1742,10 @@ index 057fc45..e4cb0f1 100644
+ */
+ return NULL ;
+}
-+
+
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
+ sizeof( xmlSecKeyStoreKlass ) ,
+ xmlSecNssKeysStoreSize ,
@@ -1770,7 +1756,8 @@ index 057fc45..e4cb0f1 100644
+ NULL ,
+ NULL
+} ;
-+
+
+- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
+/**
+ * xmlSecNssKeysStoreGetKlass:
+ *
@@ -1789,7 +1776,7 @@ index 057fc45..e4cb0f1 100644
/**
* xmlSecNssKeysStoreLoad:
* @store: the pointer to Nss keys store.
-@@ -252,234 +651,147 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
+@@ -227,191 +626,126 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
*/
int
xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
@@ -1820,10 +1807,7 @@ index 057fc45..e4cb0f1 100644
- return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
-}
-+ list = context->keyList ;
-+ xmlSecAssert2( list != NULL, -1 );
-+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
-
+-
-static int
-xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
- xmlSecKeyStorePtr *ss;
@@ -1832,20 +1816,17 @@ index 057fc45..e4cb0f1 100644
-
- ss = xmlSecNssKeysStoreGetSS(store);
- xmlSecAssert2(((ss == NULL) || (*ss == NULL)), -1);
--
++ list = context->keyList ;
++ xmlSecAssert2( list != NULL, -1 );
++ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
+
- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
- if(*ss == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
+ /* create doc */
+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
+ if(doc == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-- "xmlSecKeyStoreCreate",
-+ "xmlSecCreateTree",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "xmlSecSimpleKeysStoreId");
-+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)",
+ xmlSecKeyStoreGetName(store));
return(-1);
}
@@ -1919,20 +1900,13 @@ index 057fc45..e4cb0f1 100644
- if (keyReq->keyType & xmlSecKeyDataTypePublic) {
- pubkey = CERT_ExtractPublicKey(cert);
- if (pubkey == NULL) {
-+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
-+ if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CERT_ExtractPublicKey",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecNssError("CERT_ExtractPublicKey", NULL);
- goto done;
- }
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSecAddChild",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "node=%s",
-+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
++ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
++ if(cur == NULL) {
++ xmlSecInternalError("xmlSecAddChild",
++ xmlSecKeyStoreGetName(store));
+ xmlFreeDoc(doc);
+ return(-1);
}
@@ -1940,20 +1914,13 @@ index 057fc45..e4cb0f1 100644
- if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
- privkey = PK11_FindKeyByAnyCert(cert, NULL);
- if (privkey == NULL) {
+- xmlSecNssError("PK11_FindKeyByAnyCert", NULL);
+- goto done;
+ /* special data key name */
+ if(xmlSecKeyGetName(key) != NULL) {
+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "PK11_FindKeyByAnyCert",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- goto done;
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSecAddChild",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "node=%s",
-+ xmlSecErrorsSafeString(xmlSecNodeKeyName));
++ xmlSecInternalError("xmlSecAddChild",
++ xmlSecKeyStoreGetName(store));
+ xmlFreeDoc(doc);
+ return(-1);
}
@@ -1961,75 +1928,50 @@ index 057fc45..e4cb0f1 100644
- data = xmlSecNssPKIAdoptKey(privkey, pubkey);
- if(data == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssPKIAdoptKey",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL);
- goto done;
- }
- privkey = NULL;
- pubkey = NULL;
--
-- key = xmlSecKeyCreate();
-- if (key == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecKeyCreate",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return (NULL);
-- }
+ /* create nodes for other keys data */
+ for(j = 0; j < idsSize; ++j) {
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
+- key = xmlSecKeyCreate();
+- if (key == NULL) {
+- xmlSecInternalError("xmlSecKeyCreate", NULL);
+- return (NULL);
+- }
++ if(dataId->dataNodeName == NULL) {
++ continue;
++ }
+
- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
- if(x509Data == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecKeyDataCreate",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "transform=%s",
-- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
+- xmlSecInternalError("xmlSecKeyDataCreate",
+- xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id));
- goto done;
- }
-+ if(dataId->dataNodeName == NULL) {
++ data = xmlSecKeyGetData(key, dataId);
++ if(data == NULL) {
+ continue;
-+ }
++ }
- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
- if (ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssKeyDataX509AdoptKeyCert",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "data=%s",
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert",
+- xmlSecKeyDataGetName(x509Data));
- goto done;
- }
- cert = CERT_DupCertificate(cert);
- if (cert == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CERT_DupCertificate",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- "data=%s",
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- xmlSecNssError("CERT_DupCertificate",
+- xmlSecKeyDataGetName(x509Data));
- goto done;
-+ data = xmlSecKeyGetData(key, dataId);
-+ if(data == NULL) {
-+ continue;
-+ }
-+
+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSecAddChild",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "node=%s",
-+ xmlSecErrorsSafeString(dataId->dataNodeName));
++ xmlSecInternalError("xmlSecAddChild",
++ xmlSecKeyStoreGetName(store));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
@@ -2038,16 +1980,11 @@ index 057fc45..e4cb0f1 100644
- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssKeyDataX509AdoptCert",
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "data=%s",
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
+- xmlSecKeyDataGetName(x509Data));
- goto done;
-+ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecInternalError("xmlSecKeyInfoCtxInitialize",
++ xmlSecKeyStoreGetName(store));
+ xmlFreeDoc(doc);
+ return(-1);
}
@@ -2055,12 +1992,8 @@ index 057fc45..e4cb0f1 100644
- ret = xmlSecKeySetValue(key, data);
- if (ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecKeySetValue",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "data=%s",
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+- xmlSecInternalError("xmlSecKeySetValue",
+- xmlSecKeyDataGetName(data));
- goto done;
- }
- data = NULL;
@@ -2073,16 +2006,11 @@ index 057fc45..e4cb0f1 100644
+ /* finally write key in the node */
+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecKeyAdoptData",
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSecKeyInfoNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "data=%s",
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- xmlSecInternalError("xmlSecKeyAdoptData",
+- xmlSecKeyDataGetName(x509Data));
- goto done;
-+ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecInternalError("xmlSecKeyInfoNodeWrite",
++ xmlSecKeyStoreGetName(store));
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlFreeDoc(doc);
+ return(-1);
@@ -2130,7 +2058,7 @@ index 057fc45..e4cb0f1 100644
+ return(0);
}
diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c
-index 5ede4cc..896c245 100644
+index 25828aec..0a15dae5 100644
--- a/src/nss/pkikeys.c
+++ b/src/nss/pkikeys.c
@@ -24,6 +24,7 @@
@@ -2150,24 +2078,20 @@ index 5ede4cc..896c245 100644
if (ctxSrc->privkey != NULL) {
ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
if(ctxDst->privkey == NULL) {
-@@ -588,13 +591,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+@@ -563,9 +566,10 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
goto done;
}
- slot = PK11_GetBestSlot(CKM_DSA, NULL);
+ slot = xmlSecNssSlotGet(CKM_DSA);
if(slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "PK11_GetBestSlot",
-+ "xmlSecNssSlotGet",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
+- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id));
++ xmlSecNssError("xmlSecNssSlotGet",
++ xmlSecKeyDataKlassGetName(id));
ret = -1;
goto done;
}
-@@ -801,14 +804,14 @@ done:
+@@ -713,14 +717,14 @@ done:
if (slot != NULL) {
PK11_FreeSlot(slot);
}
@@ -2184,7 +2108,7 @@ index 5ede4cc..896c245 100644
return(ret);
}
-@@ -827,7 +830,7 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+@@ -739,7 +743,7 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
@@ -2193,43 +2117,57 @@ index 5ede4cc..896c245 100644
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
/* we can have only private key or public key */
-@@ -949,7 +952,8 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_PQG_ParamGen",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- "size=%d", sizeBits);
-+ "size=%d, error code=%d", sizeBits, PORT_GetError());
+@@ -826,36 +830,32 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
+ j = PQG_PBITS_TO_INDEX(sizeBits);
+ rv = PK11_PQG_ParamGen(j, &pqgParams, &pqgVerify);
+ if (rv != SECSuccess) {
+- xmlSecNssError2("PK11_PQG_ParamGen", xmlSecKeyDataGetName(data),
++ xmlSecNssError2("PK11_PQG_ParamGen",
++ xmlSecKeyDataGetName(data),
+ "size=%lu", (unsigned long)sizeBits);
+ ret = -1;
goto done;
}
-@@ -959,11 +963,12 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_PQG_VerifyParams",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- "size=%d", sizeBits);
-+ "size=%d, error code=%d", sizeBits, PORT_GetError());
+ rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &res);
+ if (rv != SECSuccess || res != SECSuccess) {
+- xmlSecNssError2("PK11_PQG_VerifyParams", xmlSecKeyDataGetName(data),
+- "size=%lu", (unsigned long)sizeBits);
+- goto done;
+- }
+-
+- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
+- if(slot == NULL) {
+- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data));
+- goto done;
+- }
+-
+- rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+- if (rv != SECSuccess) {
+- xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data),
+- "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot)));
++ xmlSecNssError2("PK11_PQG_VerifyParams",
++ xmlSecKeyDataGetName(data),
++ "size=%lu", (unsigned long)sizeBits);
+ ret = -1;
goto done;
}
-- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
+ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
- PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
++ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
&pubkey, PR_FALSE, PR_TRUE, NULL);
-@@ -973,8 +978,9 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_GenerateKeyPair",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
+ if((privkey == NULL) || (pubkey == NULL)) {
+- xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data));
++ xmlSecNssError("PK11_GenerateKeyPair",
++ xmlSecKeyDataGetName(data));
++
+ ret = -1;
goto done;
}
-@@ -988,6 +994,8 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
+@@ -866,6 +866,8 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
goto done;
}
@@ -2238,7 +2176,7 @@ index 5ede4cc..896c245 100644
ret = 0;
done:
-@@ -1000,16 +1008,13 @@ done:
+@@ -878,16 +880,13 @@ done:
if (pqgVerify != NULL) {
PK11_PQG_DestroyVerify(pqgVerify);
}
@@ -2256,7 +2194,7 @@ index 5ede4cc..896c245 100644
}
static xmlSecKeyDataType
-@@ -1019,10 +1024,10 @@ xmlSecNssKeyDataDsaGetType(xmlSecKeyDataPtr data) {
+@@ -897,10 +896,10 @@ xmlSecNssKeyDataDsaGetType(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
@@ -2269,7 +2207,7 @@ index 5ede4cc..896c245 100644
return(xmlSecKeyDataTypePublic);
}
-@@ -1036,7 +1041,7 @@ xmlSecNssKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
+@@ -914,7 +913,7 @@ xmlSecNssKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
@@ -2278,24 +2216,20 @@ index 5ede4cc..896c245 100644
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
}
-@@ -1225,13 +1230,13 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+@@ -1101,9 +1100,10 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
goto done;
}
- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
if(slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "PK11_GetBestSlot",
-+ "xmlSecNssSlotGet",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
+- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id));
++ xmlSecNssError("PK11_GetBestSlot",
++ xmlSecKeyDataKlassGetName(id));
ret = -1;
goto done;
}
-@@ -1393,7 +1398,7 @@ xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+@@ -1226,7 +1226,7 @@ xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
@@ -2304,16 +2238,29 @@ index 5ede4cc..896c245 100644
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
-@@ -1464,7 +1469,7 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
+@@ -1282,19 +1282,8 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
params.keySizeInBits = sizeBits;
params.pe = 65537;
- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
+- if(slot == NULL) {
+- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data));
+- goto done;
+- }
+-
+- rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+- if (rv != SECSuccess) {
+- xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data),
+- "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot)));
+- goto done;
+- }
+-
+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
- PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
++ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms,
&pubkey, PR_FALSE, PR_TRUE, NULL);
-@@ -1534,7 +1539,7 @@ xmlSecNssKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
+ if(privkey == NULL || pubkey == NULL) {
+@@ -1354,7 +1343,7 @@ xmlSecNssKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
@@ -2323,10 +2270,10 @@ index 5ede4cc..896c245 100644
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
}
diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c
-index b98dd49..39ba339 100644
+index c88be8b2..2807f934 100644
--- a/src/nss/symkeys.c
+++ b/src/nss/symkeys.c
-@@ -15,20 +15,41 @@
+@@ -14,20 +14,41 @@
#include <stdio.h>
#include <string.h>
@@ -2369,7 +2316,7 @@ index b98dd49..39ba339 100644
static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
xmlSecKeyDataPtr src);
-@@ -67,107 +88,743 @@ static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+@@ -66,107 +87,743 @@ static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
(xmlSecKeyDataIsValid((data)) && \
xmlSecNssSymKeyDataKlassCheck((data)->id))
@@ -3133,7 +3080,7 @@ index b98dd49..39ba339 100644
}
static int
-@@ -201,7 +858,7 @@ xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+@@ -200,7 +857,7 @@ xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
*************************************************************************/
static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -3142,7 +3089,7 @@ index b98dd49..39ba339 100644
/* data */
xmlSecNameAESKeyValue,
-@@ -282,7 +939,7 @@ xmlSecNssKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize
+@@ -281,7 +938,7 @@ xmlSecNssKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize
*************************************************************************/
static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -3151,7 +3098,7 @@ index b98dd49..39ba339 100644
/* data */
xmlSecNameDESKeyValue,
-@@ -364,7 +1021,7 @@ xmlSecNssKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize
+@@ -363,7 +1020,7 @@ xmlSecNssKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize
*************************************************************************/
static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -3162,7 +3109,7 @@ index b98dd49..39ba339 100644
xmlSecNameHMACKeyValue,
diff --git a/src/nss/tokens.c b/src/nss/tokens.c
new file mode 100644
-index 0000000..e27d1e4
+index 00000000..40ad9bbe
--- /dev/null
+++ b/src/nss/tokens.c
@@ -0,0 +1,544 @@
@@ -3711,7 +3658,7 @@ index 0000000..e27d1e4
+}
+
diff --git a/src/nss/x509.c b/src/nss/x509.c
-index 1bb0fed..66b571a 100644
+index ef61d6b3..ae443717 100644
--- a/src/nss/x509.c
+++ b/src/nss/x509.c
@@ -61,33 +61,18 @@ static int xmlSecNssX509DataNodeRead (xmlSecKeyDataPt
@@ -3758,7 +3705,7 @@ index 1bb0fed..66b571a 100644
static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
FILE* output);
static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
-@@ -748,31 +730,22 @@ static int
+@@ -700,29 +682,22 @@ static int
xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
@@ -3777,11 +3724,9 @@ index 1bb0fed..66b571a 100644
- content = xmlSecX509DataGetNodeContent (node, keyInfoCtx);
- if (content < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecX509DataGetNodeContent",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "content=%d", content);
+- xmlSecInternalError2("xmlSecX509DataGetNodeContent",
+- xmlSecKeyDataKlassGetName(id),
+- "content=%d", content);
- return(-1);
- } else if(content == 0) {
- /* by default we are writing certificates and crls */
@@ -3795,23 +3740,20 @@ index 1bb0fed..66b571a 100644
data = xmlSecKeyGetData(key, id);
if(data == NULL) {
/* no x509 data in the key */
-@@ -792,79 +765,74 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+@@ -740,67 +715,65 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
return(-1);
}
- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
+- xmlSecInternalError2("xmlSecNssX509CertificateNodeWrite",
+ /* set base64 lines size from context */
+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssX509CertificateNodeWrite",
-+ "xmlSecNssX509CertBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
-+ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecInternalError2("xmlSecNssX509CertBase64DerWrite",
+ xmlSecKeyDataKlassGetName(id),
+ "pos=%d", pos);
return(-1);
- }
}
@@ -3819,16 +3761,12 @@ index 1bb0fed..66b571a 100644
- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
+- xmlSecInternalError2("xmlSecNssX509SubjectNameNodeWrite",
+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+ if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssX509SubjectNameNodeWrite",
-+ "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
-+ "node=%s",
-+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
++ xmlSecInternalError2("xmlSecAddChild",
+ xmlSecKeyDataKlassGetName(id),
+ "pos=%d", pos);
+ xmlFree(buf);
return(-1);
- }
@@ -3843,11 +3781,9 @@ index 1bb0fed..66b571a 100644
- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssX509IssuerSerialNodeWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
+- xmlSecInternalError2("xmlSecNssX509IssuerSerialNodeWrite",
+- xmlSecKeyDataKlassGetName(id),
+- "pos=%d", pos);
- return(-1);
- }
+ /* write crls */
@@ -3855,10 +3791,8 @@ index 1bb0fed..66b571a 100644
+ for(pos = 0; pos < size; ++pos) {
+ crl = xmlSecNssKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssKeyDataX509GetCrl",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl",
++ xmlSecKeyDataKlassGetName(id),
+ "pos=%d", pos);
+ return(-1);
}
@@ -3866,21 +3800,17 @@ index 1bb0fed..66b571a 100644
- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssX509SKINodeWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
+- xmlSecInternalError2("xmlSecNssX509SKINodeWrite",
+- xmlSecKeyDataKlassGetName(id),
+- "pos=%d", pos);
- return(-1);
- }
+ /* set base64 lines size from context */
+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssX509CrlBase64DerWrite",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecInternalError2("xmlSecNssX509CrlBase64DerWrite",
++ xmlSecKeyDataKlassGetName(id),
++ "pos=%d", pos);
+ return(-1);
}
- }
@@ -3891,21 +3821,17 @@ index 1bb0fed..66b571a 100644
- for(pos = 0; pos < size; ++pos) {
- crl = xmlSecNssKeyDataX509GetCrl(data, pos);
- if(crl == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssKeyDataX509GetCrl",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
+- xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl",
+- xmlSecKeyDataKlassGetName(id),
+- "pos=%d", pos);
- return(-1);
- }
- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-- "xmlSecNssX509CRLNodeWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "pos=%d", pos);
+- xmlSecInternalError2("xmlSecNssX509CRLNodeWrite",
+- xmlSecKeyDataKlassGetName(id),
+- "pos=%d", pos);
- return(-1);
- }
+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
@@ -3926,7 +3852,7 @@ index 1bb0fed..66b571a 100644
}
return(0);
-@@ -1054,46 +1022,6 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
+@@ -988,37 +961,6 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
}
static int
@@ -3941,22 +3867,13 @@ index 1bb0fed..66b571a 100644
- /* set base64 lines size from context */
- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509CertBase64DerWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecNssX509CertBase64DerWrite", NULL);
- return(-1);
- }
-
- cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
- if(cur == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecEnsureEmptyChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509Certificate)", NULL);
- xmlFree(buf);
- return(-1);
- }
@@ -3973,7 +3890,7 @@ index 1bb0fed..66b571a 100644
xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlChar* subject;
-@@ -1116,19 +1044,13 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
+@@ -1038,15 +980,11 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
}
subject = xmlNodeGetContent(node);
@@ -3982,51 +3899,50 @@ index 1bb0fed..66b571a 100644
- xmlFree(subject);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+- xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty");
+ if(subject == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecInvalidNodeContentError(node,
++ xmlSecKeyDataGetName(data),
++ "empty");
return(-1);
- }
- return(0);
}
cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
-@@ -1166,40 +1088,6 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
+@@ -1077,40 +1015,6 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
}
static int
-xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
- xmlChar* buf = NULL;
- xmlNodePtr cur = NULL;
+- int ret;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
-
- buf = xmlSecNssX509NameWrite(&(cert->subject));
- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameWrite(&(cert->subject))",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->subject))", NULL);
- return(-1);
- }
-
- cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
- if(cur == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecEnsureEmptyChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SubjectName)", NULL);
+- xmlFree(buf);
+- return(-1);
+- }
+-
+- ret = xmlSecNodeEncodeAndSetContent(cur, buf);
+- if(ret < 0) {
+- xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL);
- xmlFree(buf);
- return(-1);
- }
-- xmlSecNodeEncodeAndSetContent(cur, buf);
+-
+- /* done */
- xmlFree(buf);
- return(0);
-}
@@ -4035,18 +3951,14 @@ index 1bb0fed..66b571a 100644
xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlNodePtr cur;
-@@ -1224,21 +1112,9 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
+@@ -1132,18 +1036,11 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
}
cur = xmlSecGetNextElementNode(node->children);
- if(cur == NULL) {
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
-- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+- xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL,
+- xmlSecKeyDataGetName(data));
- return(-1);
- }
- return(0);
@@ -4054,11 +3966,14 @@ index 1bb0fed..66b571a 100644
/* the first is required node X509IssuerName */
- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
+- xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, xmlSecKeyDataGetName(data));
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
-@@ -1333,78 +1209,6 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
++ xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL,
++ xmlSecKeyDataGetName(data));
+ return(-1);
+ }
+ issuerName = xmlNodeGetContent(cur);
+@@ -1207,62 +1104,6 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
}
static int
@@ -4067,6 +3982,7 @@ index 1bb0fed..66b571a 100644
- xmlNodePtr issuerNameNode;
- xmlNodePtr issuerNumberNode;
- xmlChar* buf;
+- int ret;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
@@ -4074,57 +3990,40 @@ index 1bb0fed..66b571a 100644
- /* create xml nodes */
- cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
- if(cur == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecEnsureEmptyChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerSerial)", NULL);
- return(-1);
- }
-
- issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
- if(issuerNameNode == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecEnsureEmptyChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerName)", NULL);
- return(-1);
- }
-
- issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
- if(issuerNumberNode == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecEnsureEmptyChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SerialNumber)", NULL);
- return(-1);
- }
-
- /* write data */
- buf = xmlSecNssX509NameWrite(&(cert->issuer));
- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameWrite(&(cert->issuer))",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->issuer))", NULL);
+- return(-1);
+- }
+-
+- ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
+- if(ret < 0) {
+- xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNameNode)", NULL);
+- xmlFree(buf);
- return(-1);
- }
-- xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
- xmlFree(buf);
-
- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", NULL);
- return(-1);
- }
- xmlNodeSetContent(issuerNumberNode, buf);
@@ -4137,7 +4036,7 @@ index 1bb0fed..66b571a 100644
xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlChar* ski;
-@@ -1427,11 +1231,7 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
+@@ -1282,15 +1123,9 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
}
ski = xmlNodeGetContent(node);
@@ -4147,53 +4046,47 @@ index 1bb0fed..66b571a 100644
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ if(ski == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-@@ -1439,8 +1239,6 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty");
return(-1);
- }
- return(0);
}
cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
-@@ -1476,41 +1274,6 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
+@@ -1319,40 +1154,6 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
}
static int
-xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
- xmlChar *buf = NULL;
- xmlNodePtr cur = NULL;
+- int ret;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
-
- buf = xmlSecNssX509SKIWrite(cert);
- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509SKIWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecNssX509SKIWrite", NULL);
- return(-1);
- }
-
- cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
- if(cur == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecEnsureEmptyChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "new_node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SKI)", NULL);
+- xmlFree(buf);
+- return(-1);
+- }
+-
+- ret = xmlSecNodeEncodeAndSetContent(cur, buf);
+- if(ret < 0) {
+- xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL);
- xmlFree(buf);
- return(-1);
- }
-- xmlSecNodeEncodeAndSetContent(cur, buf);
-- xmlFree(buf);
-
+- /* done */
+- xmlFree(buf);
- return(0);
-}
-
@@ -4201,7 +4094,7 @@ index 1bb0fed..66b571a 100644
xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar *content;
CERTSignedCrl* crl;
-@@ -1520,19 +1283,13 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
+@@ -1362,15 +1163,9 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
xmlSecAssert2(keyInfoCtx != NULL, -1);
content = xmlNodeGetContent(node);
@@ -4211,18 +4104,14 @@ index 1bb0fed..66b571a 100644
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ if(content == NULL){
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty");
return(-1);
- }
- return(0);
}
crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
-@@ -1552,47 +1309,6 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
+@@ -1387,38 +1182,6 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
}
static int
@@ -4237,22 +4126,13 @@ index 1bb0fed..66b571a 100644
- /* set base64 lines size from context */
- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
- if(buf == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509CrlBase64DerWrite",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecNssX509CrlBase64DerWrite", NULL);
- return(-1);
- }
-
- cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
- if(cur == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecEnsureEmptyChild",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "new_node=%s",
-- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509CRL)", NULL);
- xmlFree(buf);
- return(-1);
- }
@@ -4270,7 +4150,7 @@ index 1bb0fed..66b571a 100644
xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecNssX509DataCtxPtr ctx;
-@@ -1601,6 +1317,10 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
+@@ -1427,6 +1190,10 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
SECStatus status;
PRTime notBefore, notAfter;
@@ -4281,12 +4161,7 @@ index 1bb0fed..66b571a 100644
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
-@@ -1632,10 +1352,14 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-+ "error code=%d", PORT_GetError());
+@@ -1456,12 +1223,64 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
return(-1);
}
@@ -4296,9 +4171,8 @@ index 1bb0fed..66b571a 100644
+ *
keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
if(keyValue == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-@@ -1645,6 +1369,54 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509CertGetKey",
+ xmlSecKeyDataGetName(data));
return(-1);
}
+ */
@@ -4352,7 +4226,7 @@ index 1bb0fed..66b571a 100644
/* verify that the key matches our expectations */
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
-@@ -1946,108 +1718,6 @@ xmlSecNssX509CrlBase64DerWrite(CERTSignedCrl* crl, int base64LineWrap) {
+@@ -1702,88 +1521,6 @@ xmlSecNssX509CrlBase64DerWrite(CERTSignedCrl* crl, int base64LineWrap) {
return(res);
}
@@ -4365,21 +4239,13 @@ index 1bb0fed..66b571a 100644
-
- str = CERT_NameToAscii(nm);
- if (str == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CERT_NameToAscii",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecNssError("CERT_NameToAscii", NULL);
- return(NULL);
- }
-
- res = xmlStrdup(BAD_CAST str);
- if(res == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlStrdup",
-- XMLSEC_ERRORS_R_MALLOC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecStrdupError(BAD_CAST str, NULL);
- PORT_Free(str);
- return(NULL);
- }
@@ -4409,11 +4275,7 @@ index 1bb0fed..66b571a 100644
-
- res = (xmlChar*)xmlMalloc(resLen + 1);
- if(res == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlStrdup",
-- XMLSEC_ERRORS_R_MALLOC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecMallocError(resLen + 1, NULL);
- return (NULL);
- }
-
@@ -4433,22 +4295,14 @@ index 1bb0fed..66b571a 100644
-
- rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
- if (rv != SECSuccess) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "CERT_FindSubjectKeyIDExtension",
-- XMLSEC_ERRORS_R_CRYPTO_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecNssError("CERT_FindSubjectKeyIDExtension", NULL);
- SECITEM_FreeItem(&ski, PR_FALSE);
- return(NULL);
- }
-
- res = xmlSecBase64Encode(ski.data, ski.len, 0);
- if(res == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecBase64Encode",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecBase64Encode", NULL);
- SECITEM_FreeItem(&ski, PR_FALSE);
- return(NULL);
- }
@@ -4462,7 +4316,7 @@ index 1bb0fed..66b571a 100644
xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
SECItem *sn;
diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c
-index 0edaa2d..c8baaab 100644
+index b28a37e1..39574fdd 100644
--- a/src/nss/x509vfy.c
+++ b/src/nss/x509vfy.c
@@ -30,6 +30,7 @@
@@ -4493,7 +4347,7 @@ index 0edaa2d..c8baaab 100644
static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
sizeof(xmlSecKeyDataStoreKlass),
-@@ -365,7 +355,7 @@ xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
+@@ -355,7 +345,7 @@ xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
*****************************************************************************/
static CERTName *
xmlSecNssGetCertName(const xmlChar * name) {
@@ -4502,34 +4356,26 @@ index 0edaa2d..c8baaab 100644
xmlChar *p;
CERTName *res;
-@@ -390,33 +380,19 @@ xmlSecNssGetCertName(const xmlChar * name) {
+@@ -375,24 +365,14 @@ xmlSecNssGetCertName(const xmlChar * name) {
memcpy(p, " E=", 13);
}
- tmp = xmlSecNssX509NameRead(name2, xmlStrlen(name2));
- if(tmp == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameRead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "name2=\"%s\"",
-- xmlSecErrorsSafeString(name2));
+- xmlSecInternalError2("xmlSecNssX509NameRead", NULL,
+- "name2=\"%s\"", xmlSecErrorsSafeString(name2));
- xmlFree(name2);
- return(NULL);
- }
-
- res = CERT_AsciiToName((char*)tmp);
+- if (res == NULL) {
+ res = CERT_AsciiToName((char*)name2);
- if (name == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_AsciiToName",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ascii=\"%s\", error code=%d",
-- xmlSecErrorsSafeString((char*)tmp),
-+ xmlSecErrorsSafeString((char*)name2),
- PORT_GetError());
++ if (name == NULL) {
+ xmlSecNssError2("CERT_AsciiToName", NULL,
+- "ascii=\"%s\"", xmlSecErrorsSafeString((char*)tmp));
- PORT_Free(tmp);
++ "ascii=\"%s\"", xmlSecErrorsSafeString((char*)name2));
xmlFree(name2);
return(NULL);
}
@@ -4538,33 +4384,25 @@ index 0edaa2d..c8baaab 100644
return(res);
}
-@@ -514,22 +490,11 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName,
+@@ -468,15 +448,8 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName,
issuerAndSN.derIssuer.data = nameitem->data;
issuerAndSN.derIssuer.len = nameitem->len;
- /* TBD: serial num can be arbitrarily long */
- if(PR_sscanf((char *)issuerSerial, "%llu", &issuerSN) != 1) {
-+ rv = xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber );
-+ if(rv < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
-- "PR_sscanf",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- "error code=%d", PR_GetError());
+- xmlSecNssError("PR_sscanf(issuerSerial)", NULL);
- SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
- goto done;
- }
-
- rv = xmlSecNssNumToItem(&issuerAndSN.serialNumber, issuerSN);
- if(rv <= 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssNumToItem",
-+ "xmlSecNssIntegerToItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "error code=%d", PR_GetError());
++ rv = xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber );
++ if(rv < 0) {
+ xmlSecInternalError("xmlSecNssNumToItem(serialNumber)", NULL);
SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
-@@ -614,175 +579,6 @@ done:
+ goto done;
+@@ -547,140 +520,6 @@ done:
return(cert);
}
@@ -4581,11 +4419,8 @@ index 0edaa2d..c8baaab 100644
- /* return string should be no longer than input string */
- retval = (xmlSecByte *)PORT_Alloc(len+1);
- if(retval == NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "PORT_Alloc",
-- XMLSEC_ERRORS_R_MALLOC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecNssError2("PORT_Alloc", NULL,
+- "size=%d", (len+1));
- return(NULL);
- }
- p = retval;
@@ -4598,11 +4433,7 @@ index 0edaa2d..c8baaab 100644
-
- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
- if(nameLen < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameStringRead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecNssX509NameStringRead", NULL);
- goto done;
- }
- memcpy(p, name, nameLen);
@@ -4614,11 +4445,7 @@ index 0edaa2d..c8baaab 100644
- valueLen = xmlSecNssX509NameStringRead(&str, &len,
- value, sizeof(value), '"', 1);
- if(valueLen < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameStringRead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecNssX509NameStringRead", NULL);
- goto done;
- }
- /* skip spaces before comma or semicolon */
@@ -4626,11 +4453,7 @@ index 0edaa2d..c8baaab 100644
- ++str; --len;
- }
- if((len > 0) && ((*str) != ',')) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "comma is expected");
+- xmlSecInvalidIntegerDataError("char", (*str), "comma ','", NULL);
- goto done;
- }
- if(len > 0) {
@@ -4642,21 +4465,13 @@ index 0edaa2d..c8baaab 100644
- *p++='\"';
- } else if((*str) == '#') {
- /* TODO: read octect values */
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "reading octect values is not implemented yet");
+- xmlSecNotImplementedError("reading octect values is not implemented yet");
- goto done;
- } else {
- valueLen = xmlSecNssX509NameStringRead(&str, &len,
- value, sizeof(value), ',', 1);
- if(valueLen < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecNssX509NameStringRead",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
+- xmlSecInternalError("xmlSecNssX509NameStringRead", NULL);
- goto done;
- }
- memcpy(p, value, valueLen);
@@ -4702,22 +4517,14 @@ index 0edaa2d..c8baaab 100644
- nonSpace = q;
- if(xmlSecIsHex((*p))) {
- if((p - (*str) + 1) >= (*strLen)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "two hex digits expected");
+- xmlSecInvalidDataError("two hex digits expected", NULL);
- return(-1);
- }
- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
- p += 2;
- } else {
- if(((++p) - (*str)) >= (*strLen)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_DATA,
-- "escaped symbol missed");
+- xmlSecInvalidDataError("escaped symbol missed", NULL);
- return(-1);
- }
- *(q++) = *(p++);
@@ -4725,11 +4532,7 @@ index 0edaa2d..c8baaab 100644
- }
- }
- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_INVALID_SIZE,
-- "buffer is too small");
+- xmlSecInvalidSizeOtherError("buffer is too small", NULL);
- return(-1);
- }
- (*strLen) -= (p - (*str));
@@ -4740,7 +4543,7 @@ index 0edaa2d..c8baaab 100644
/* code lifted from NSS */
static int
xmlSecNssNumToItem(SECItem *it, PRUint64 ui)
-@@ -819,6 +615,77 @@ xmlSecNssNumToItem(SECItem *it, PRUint64 ui)
+@@ -717,6 +556,77 @@ xmlSecNssNumToItem(SECItem *it, PRUint64 ui)
PORT_Memcpy(it->data, bb + (zeros_len - 1), it->len);
return(it->len);
}
@@ -4819,10 +4622,10 @@ index 0edaa2d..c8baaab 100644
diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc
-index a474592..f9ddd74 100644
+index ef1909ce..5ea58000 100644
--- a/win32/Makefile.msvc
+++ b/win32/Makefile.msvc
-@@ -226,6 +226,9 @@ XMLSEC_OPENSSL_OBJS_A = \
+@@ -225,6 +225,9 @@ XMLSEC_OPENSSL_OBJS_A = \
$(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
XMLSEC_NSS_OBJS = \
@@ -4832,7 +4635,7 @@ index a474592..f9ddd74 100644
$(XMLSEC_NSS_INTDIR)\app.obj\
$(XMLSEC_NSS_INTDIR)\bignum.obj\
$(XMLSEC_NSS_INTDIR)\ciphers.obj \
-@@ -261,6 +264,7 @@ XMLSEC_NSS_OBJS_A = \
+@@ -260,6 +263,7 @@ XMLSEC_NSS_OBJS_A = \
$(XMLSEC_NSS_INTDIR_A)\strings.obj
XMLSEC_MSCRYPTO_OBJS = \
@@ -4841,5 +4644,5 @@ index a474592..f9ddd74 100644
$(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
--
-2.6.6
+2.12.0
diff --git a/external/libxmlsec/xmlsec1-mscrypto-fix-signing-regression.patch.1 b/external/libxmlsec/xmlsec1-mscrypto-fix-signing-regression.patch.1
new file mode 100644
index 000000000000..27c30ba01048
--- /dev/null
+++ b/external/libxmlsec/xmlsec1-mscrypto-fix-signing-regression.patch.1
@@ -0,0 +1,46 @@
+From 92d28e2a9110c19e75482942702516505714fc72 Mon Sep 17 00:00:00 2001
+From: lsh123 <aleksey at aleksey.com>
+Date: Sun, 7 May 2017 07:53:46 -0700
+Subject: [PATCH] fix regression
+
+---
+ src/mscrypto/x509.c | 16 ++++------------
+ 1 file changed, 4 insertions(+), 12 deletions(-)
+
+diff --git a/src/mscrypto/x509.c b/src/mscrypto/x509.c
+index 08c9088d..497fa0e9 100644
+--- a/src/mscrypto/x509.c
++++ b/src/mscrypto/x509.c
+@@ -392,12 +392,8 @@ xmlSecMSCryptoKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecAssert2(ctx->hMemStore != 0, NULL);
+ xmlSecAssert2(ctx->numCerts > pos, NULL);
+
+- while (pos > 0) {
+- pCert = CertEnumCertificatesInStore(ctx->hMemStore, pCert);
+- if(pCert == NULL) {
+- break;
+- }
+- pos--;
++ while ((pCert = CertEnumCertificatesInStore(ctx->hMemStore, pCert)) && (pos > 0)) {
++ pos--;
+ }
+
+ return(pCert);
+@@ -474,12 +470,8 @@ xmlSecMSCryptoKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecAssert2(ctx->hMemStore != 0, NULL);
+ xmlSecAssert2(ctx->numCrls > pos, NULL);
+
+- while(pos > 0) {
+- pCRL = CertEnumCRLsInStore(ctx->hMemStore, pCRL);
+- if(pCRL == NULL) {
+- break;
+- }
+- pos--;
++ while ((pCRL = CertEnumCRLsInStore(ctx->hMemStore, pCRL)) && (pos > 0)) {
++ pos--;
+ }
+
+ return(pCRL);
+--
+2.12.0
+
diff --git a/external/libxmlsec/xmlsec1-noverify.patch.1 b/external/libxmlsec/xmlsec1-noverify.patch.1
index 07b5398ab7e8..1c5672494caa 100644
--- a/external/libxmlsec/xmlsec1-noverify.patch.1
+++ b/external/libxmlsec/xmlsec1-noverify.patch.1
@@ -1,26 +1,28 @@
-From 06564ccc3e2484553a23a2595d48b0ef3445497b Mon Sep 17 00:00:00 2001
+From 4960b231f67eb86e5f6d6a79154c15268c959b34 Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Fri, 4 Mar 2016 16:10:16 +0100
Subject: [PATCH] xmlsec1-noverify.patch
Conflicts:
+ src/mscrypto/x509vfy.c
src/nss/x509vfy.c
---
- src/mscrypto/x509vfy.c | 13 ++++++++++---
- src/nss/x509vfy.c | 28 +++++++++++++++++++++-------
- 2 files changed, 31 insertions(+), 10 deletions(-)
+ src/mscrypto/x509vfy.c | 12 ++++++++----
+ src/nss/x509vfy.c | 24 ++++++++++--------------
+ 2 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c
-index 899cb6e..cf4cbb7 100644
+index e4a84a60..a12cb709 100644
--- a/src/mscrypto/x509vfy.c
+++ b/src/mscrypto/x509vfy.c
-@@ -560,9 +560,16 @@ xmlSecMSCryptoX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs,
- CertFreeCertificateContext(nextCert);
+@@ -525,10 +525,14 @@ xmlSecMSCryptoX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs,
}
-- if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
-- return(cert);
-- }
+ if(selected == 1) {
+- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) != 0
+- || xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
+- return(cert);
+- }
+ /* JL: OpenOffice.org implements its own certificate verification routine.
+ The goal is to separate validation of the signature
+ and the certificate. For example, OOo could show that the document signature is valid,
@@ -28,28 +30,32 @@ index 899cb6e..cf4cbb7 100644
+ the certificate by libxmlsec and the verification fails, then the XML signature will not be
+ verified. This would happen, for example, if the root certificate is not installed.
+ */
-+/* if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { */
-+ if (selected == 1)
-+ return cert;
++ return(cert);
+ }
}
- return (NULL);
diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c
-index 9e957fe..0edaa2d 100644
+index cd328fea..b28a37e1 100644
--- a/src/nss/x509vfy.c
+++ b/src/nss/x509vfy.c
-@@ -211,13 +211,27 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
+@@ -213,20 +213,16 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
continue;
}
-- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
-- cert, PR_FALSE,
-- (SECCertificateUsage)0,
-- timeboundary , NULL, NULL, NULL);
-- if (status == SECSuccess) {
+- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
+- /* it's important to set the usage here, otherwise no real verification
+- * is performed. */
+- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
+- cert, PR_FALSE,
+- certificateUsageEmailSigner,
+- timeboundary , NULL, NULL, NULL);
+- if(status == SECSuccess) {
+- break;
+- }
+- } else {
+- status = SECSuccess;
- break;
- }
-+
+ /*
+ JL: OpenOffice.org implements its own certificate verification routine.
+ The goal is to separate validation of the signature
@@ -57,22 +63,12 @@ index 9e957fe..0edaa2d 100644
+ but the certificate could not be verified. If we do not prevent the verification of
+ the certificate by libxmlsec and the verification fails, then the XML signature may not be
+ verified. This would happen, for example, if the root certificate is not installed.
-+
-+ status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
-+ cert, PR_FALSE,
-+ (SECCertificateUsage)0,
-+ timeboundary , NULL, NULL, NULL);
-+ if (status == SECSuccess) {
-+ break;
-+ }
-+
+ */
-+ status = SECSuccess;
-+ break;
-+
++ status = SECSuccess;
++ break;
}
if (status == SECSuccess) {
--
-2.6.6
+2.12.0
diff --git a/external/libxmlsec/xmlsec1-nss-ecdsa-memset.patch.1 b/external/libxmlsec/xmlsec1-nss-ecdsa-memset.patch.1
deleted file mode 100644
index 2cefbe0f1bd8..000000000000
--- a/external/libxmlsec/xmlsec1-nss-ecdsa-memset.patch.1
+++ /dev/null
@@ -1,37 +0,0 @@
-From 2ef2b9f34e2eebcdb4116e55e1e3b8034a1961c8 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos at collabora.co.uk>
-Date: Mon, 6 Mar 2017 22:34:46 +0100
-Subject: [PATCH] nss: fix assert when building against debug nss (#91)
-
-Due to reading uninitialized memory. gdb says:
-
- Assertion failure: dest == NULL || dest->data == NULL, at secasn1e.c:1483
- Program received signal SIGABRT, Aborted.
- 0x00007ffff74748d7 in raise () from /lib64/libc.so.6
- (gdb) up
- #1 0x00007ffff7475caa in abort () from /lib64/libc.so.6
- (gdb)
- #2 0x00007fffe57f96ae in PR_Assert (s=0x7fffe1cbf298 "dest == NULL || dest->data == NULL", file=0x7fffe1cbef60 "secasn1e.c", ln=1483) at ../../../../pr/src/io/prlog.c:553
- 553 abort();
- (gdb)
- #3 0x00007fffe1cb1941 in SEC_ASN1EncodeItem_Util (poolp=0x0, dest=0x7fffffff95f0, src=0x7fffffff9530, theTemplate=0x7fffe55ae180 <DSA_SignatureTemplate>) at secasn1e.c:1483
- 1483 PORT_Assert(dest == NULL || dest->data == NULL);
----
- src/nss/signatures.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/nss/signatures.c b/src/nss/signatures.c
-index a8fec2c..b7a292e 100644
---- a/src/nss/signatures.c
-+++ b/src/nss/signatures.c
-@@ -354,6 +354,7 @@ xmlSecNssSignatureVerify(xmlSecTransformPtr transform,
... etc. - the rest is truncated
More information about the Libreoffice-commits
mailing list