diff options
author | sangwan.kwon <sangwan.kwon@samsung.com> | 2016-07-27 15:33:38 +0900 |
---|---|---|
committer | sangwan.kwon <sangwan.kwon@samsung.com> | 2016-07-27 15:39:05 +0900 |
commit | d4d35351fd63a7051a7cbef2002cb0c641925ec3 (patch) | |
tree | d390d823f40a886547b932f9bd9239fe81ef6056 /src | |
parent | caccc67c33486a1d1b29f227071851961b29a722 (diff) | |
download | xmlsec1-d4d35351fd63a7051a7cbef2002cb0c641925ec3.tar.gz xmlsec1-d4d35351fd63a7051a7cbef2002cb0c641925ec3.tar.bz2 xmlsec1-d4d35351fd63a7051a7cbef2002cb0c641925ec3.zip |
Imported Upstream version 1.2.22upstream/1.2.22upstream
Change-Id: I4d17734839f021e46aef7a30483ac17e8c85fb1d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Diffstat (limited to 'src')
114 files changed, 5414 insertions, 7496 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 3883ab6f..44cfabea 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2,8 +2,9 @@ NULL = SUBDIRS = . $(XMLSEC_CRYPTO_LIST) -INCLUDES = \ +AM_CFLAGS = \ -DPACKAGE=\"@PACKAGE@\" \ + -DXMLSEC_DEFAULT_CRYPTO=\"@XMLSEC_DEFAULT_CRYPTO@\" \ -I../include \ -I$(top_srcdir)/include \ $(XMLSEC_DEFINES) \ @@ -44,12 +45,12 @@ libxmlsec1_la_SOURCES = \ membuf.c \ nodeset.c \ parser.c \ + relationship.c \ soap.c \ strings.c \ templates.c \ transforms.c \ x509.c \ - xkms.c \ xmldsig.c \ xmlenc.c \ xmlsec.c \ diff --git a/src/Makefile.in b/src/Makefile.in index c0d0157c..8a6b7254 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,61 @@ @SET_MAKE@ VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -35,14 +89,14 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -84,16 +138,29 @@ am__objects_1 = am_libxmlsec1_la_OBJECTS = app.lo base64.lo bn.lo buffer.lo c14n.lo \ dl.lo enveloped.lo errors.lo io.lo keyinfo.lo keys.lo \ keysdata.lo keysmngr.lo kw_aes_des.lo list.lo membuf.lo \ - nodeset.lo parser.lo soap.lo strings.lo templates.lo \ - transforms.lo x509.lo xkms.lo xmldsig.lo xmlenc.lo xmlsec.lo \ - xmltree.lo xpath.lo xslt.lo $(am__objects_1) + nodeset.lo parser.lo relationship.lo soap.lo strings.lo \ + templates.lo transforms.lo x509.lo xmldsig.lo xmlenc.lo \ + xmlsec.lo xmltree.lo xpath.lo xslt.lo $(am__objects_1) libxmlsec1_la_OBJECTS = $(am_libxmlsec1_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent +am__v_lt_1 = libxmlsec1_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libxmlsec1_la_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -106,37 +173,60 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = SOURCES = $(libxmlsec1_la_SOURCES) DIST_SOURCES = $(libxmlsec1_la_SOURCES) -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-dvi-recursive install-exec-recursive \ - install-html-recursive install-info-recursive \ - install-pdf-recursive install-ps-recursive install-recursive \ - installcheck-recursive installdirs-recursive pdf-recursive \ - ps-recursive uninstall-recursive +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive -AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ - $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -198,6 +288,10 @@ GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@ GNUTLS_LIBS = @GNUTLS_LIBS@ GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@ GREP = @GREP@ +GTKDOC_MKDB = @GTKDOC_MKDB@ +GTKDOC_MKHTML = @GTKDOC_MKHTML@ +GTKDOC_MKTMPL = @GTKDOC_MKTMPL@ +GTKDOC_SCAN = @GTKDOC_SCAN@ HELP2MAN = @HELP2MAN@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -217,6 +311,7 @@ LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@ LIBXSLT_CONFIG = @LIBXSLT_CONFIG@ LIBXSLT_LIBS = @LIBXSLT_LIBS@ LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@ +LIBXSLT_PC_FILE_COND = @LIBXSLT_PC_FILE_COND@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ @@ -255,6 +350,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ @@ -271,7 +367,6 @@ XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@ XMLSEC_CFLAGS = @XMLSEC_CFLAGS@ XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@ XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@ -XMLSEC_CRYPTO = @XMLSEC_CRYPTO@ XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@ XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@ XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ @@ -279,6 +374,7 @@ XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@ XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@ XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@ XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@ +XMLSEC_DEFAULT_CRYPTO = @XMLSEC_DEFAULT_CRYPTO@ XMLSEC_DEFINES = @XMLSEC_DEFINES@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@ XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@ @@ -298,6 +394,7 @@ XMLSEC_NO_DSA = @XMLSEC_NO_DSA@ XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@ XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@ XMLSEC_NO_GOST = @XMLSEC_NO_GOST@ +XMLSEC_NO_GOST2012 = @XMLSEC_NO_GOST2012@ XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@ XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@ XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@ @@ -312,7 +409,6 @@ XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@ XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@ XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@ XMLSEC_NO_X509 = @XMLSEC_NO_X509@ -XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@ XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@ XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@ XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@ @@ -327,6 +423,7 @@ XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@ XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@ XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@ XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@ +XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -381,8 +478,9 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ NULL = SUBDIRS = . $(XMLSEC_CRYPTO_LIST) -INCLUDES = \ +AM_CFLAGS = \ -DPACKAGE=\"@PACKAGE@\" \ + -DXMLSEC_DEFAULT_CRYPTO=\"@XMLSEC_DEFAULT_CRYPTO@\" \ -I../include \ -I$(top_srcdir)/include \ $(XMLSEC_DEFINES) \ @@ -423,12 +521,12 @@ libxmlsec1_la_SOURCES = \ membuf.c \ nodeset.c \ parser.c \ + relationship.c \ soap.c \ strings.c \ templates.c \ transforms.c \ x509.c \ - xkms.c \ xmldsig.c \ xmlenc.c \ xmlsec.c \ @@ -464,7 +562,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -482,9 +579,9 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -492,6 +589,8 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } @@ -507,12 +606,15 @@ uninstall-libLTLIBRARIES: clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(lib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + libxmlsec1.la: $(libxmlsec1_la_OBJECTS) $(libxmlsec1_la_DEPENDENCIES) $(EXTRA_libxmlsec1_la_DEPENDENCIES) $(AM_V_CCLD)$(libxmlsec1_la_LINK) -rpath $(libdir) $(libxmlsec1_la_OBJECTS) $(libxmlsec1_la_LIBADD) $(LIBS) @@ -540,12 +642,12 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/membuf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nodeset.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/relationship.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/soap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/templates.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transforms.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xkms.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xmldsig.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xmlenc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xmlsec.Plo@am__quote@ @@ -554,22 +656,25 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xslt.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< @@ -581,22 +686,25 @@ clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd -# into them and run `make' without going through this Makefile. -# To change the values of `make' variables: instead of editing Makefiles, -# (1) if the variable is set in `config.status', edit `config.status' -# (which will cause the Makefiles to be regenerated when you run `make'); -# (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ @@ -611,57 +719,12 @@ $(RECURSIVE_TARGETS): $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" -$(RECURSIVE_CLEAN_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ - done; \ - rev="$$rev ."; \ - target=`echo $@ | sed s/-recursive//`; \ - for subdir in $$rev; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done && test -z "$$fail" -tags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ - done -ctags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ - done +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ @@ -677,12 +740,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -694,15 +752,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $$unique; \ fi; \ fi -ctags: CTAGS -CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -711,6 +765,21 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -747,13 +816,10 @@ distdir: $(DISTFILES) done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ @@ -882,24 +948,24 @@ ps-am: uninstall-am: uninstall-libLTLIBRARIES -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ - install-am install-strip tags-recursive - -.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \ - distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-libLTLIBRARIES install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \ - uninstall-libLTLIBRARIES +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-generic clean-libLTLIBRARIES \ + clean-libtool cscopelist-am ctags ctags-am distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-libLTLIBRARIES install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES + +.PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. @@ -5,7 +5,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -220,6 +220,52 @@ xmlSecKeyDataGost2001GetKlass(void) { } /** + * xmlSecKeyDataGostR3410_2012_256GetKlass: + * + * The GOST R 34.10-2012 256 bit key data klass. + * + * Returns: GOST R 34.10-2012 256 bit key data klass or NULL if an error occurs + * (xmlsec-crypto library is not loaded or the GOST R 34.10-2012 key data + * klass is not implemented). + */ +xmlSecKeyDataId +xmlSecKeyDataGostR3410_2012_256GetKlass(void) { + if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataGostR3410_2012_256GetKlass == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "keyDataGostR3410_2012_256Id", + XMLSEC_ERRORS_R_NOT_IMPLEMENTED, + XMLSEC_ERRORS_NO_MESSAGE); + return(xmlSecKeyDataIdUnknown); + } + + return(xmlSecCryptoDLGetFunctions()->keyDataGostR3410_2012_256GetKlass()); +} + +/** + * xmlSecKeyDataGostR3410_2012_512GetKlass: + * + * The GOST R 34.10-2012 512 bit key data klass. + * + * Returns: GOST R 34.10-2012 512 bit key data klass or NULL if an error occurs + * (xmlsec-crypto library is not loaded or the GOST R 34.10-2012 key data + * klass is not implemented). + */ +xmlSecKeyDataId +xmlSecKeyDataGostR3410_2012_512GetKlass(void) { + if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataGostR3410_2012_512GetKlass == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "keyDataGostR3410_2012_512Id", + XMLSEC_ERRORS_R_NOT_IMPLEMENTED, + XMLSEC_ERRORS_NO_MESSAGE); + return(xmlSecKeyDataIdUnknown); + } + + return(xmlSecCryptoDLGetFunctions()->keyDataGostR3410_2012_512GetKlass()); +} + +/** * xmlSecKeyDataHmacGetKlass: * * The HMAC key data klass. @@ -713,6 +759,52 @@ xmlSecTransformGost2001GostR3411_94GetKlass(void) { } /** + * xmlSecTransformGostR3410_2012GostR3411_2012_256GetKlass: + * + * The GOST R 34.10-2012 - GOST R 34.11-2012 256 bit signature transform klass. + * + * Returns: GOST R 34.10-2012 - GOST R 34.11-2012 256 bit signature transform klass or NULL if an error + * occurs (the xmlsec-crypto library is not loaded or this transform is not + * implemented). + */ +xmlSecTransformId +xmlSecTransformGostR3410_2012GostR3411_2012_256GetKlass(void) { + if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3410_2012GostR3411_2012_256GetKlass == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "transformGostR3410_2012GostR3411_2012_256Id", + XMLSEC_ERRORS_R_NOT_IMPLEMENTED, + XMLSEC_ERRORS_NO_MESSAGE); + return(xmlSecTransformIdUnknown); + } + + return(xmlSecCryptoDLGetFunctions()->transformGostR3410_2012GostR3411_2012_256GetKlass()); +} + +/** + * xmlSecTransformGostR3410_2012GostR3411_2012_512GetKlass: + * + * The GOST R 34.10-2012 - GOST R 34.11-2012 512 bit signature transform klass. + * + * Returns: GOST R 34.10-2012 - GOST R 34.11-2012 512 bit signature transform klass or NULL if an error + * occurs (the xmlsec-crypto library is not loaded or this transform is not + * implemented). + */ +xmlSecTransformId +xmlSecTransformGostR3410_2012GostR3411_2012_512GetKlass(void) { + if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3410_2012GostR3411_2012_512GetKlass == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "transformGostR3410_2012GostR3411_2012_512Id", + XMLSEC_ERRORS_R_NOT_IMPLEMENTED, + XMLSEC_ERRORS_NO_MESSAGE); + return(xmlSecTransformIdUnknown); + } + + return(xmlSecCryptoDLGetFunctions()->transformGostR3410_2012GostR3411_2012_512GetKlass()); +} + +/** * xmlSecTransformHmacMd5GetKlass: * * The HMAC-MD5 transform klass. @@ -1149,7 +1241,52 @@ xmlSecTransformGostR3411_94GetKlass(void) { return(xmlSecCryptoDLGetFunctions()->transformGostR3411_94GetKlass()); } +/** + * xmlSecTransformGostR3411_2012_256GetKlass: + * + * GOST R 34.11-2012 256 bit digest transform klass. + * + * Returns: pointer to GOST R 34.11-2012 256 bit digest transform klass or NULL if an error + * occurs (the xmlsec-crypto library is not loaded or this transform is not + * implemented). + */ + +xmlSecTransformId +xmlSecTransformGostR3411_2012_256GetKlass(void) { + if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3411_2012_256GetKlass == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "transformGostR3411_2012_256Id", + XMLSEC_ERRORS_R_NOT_IMPLEMENTED, + XMLSEC_ERRORS_NO_MESSAGE); + return(xmlSecTransformIdUnknown); + } + + return(xmlSecCryptoDLGetFunctions()->transformGostR3411_2012_256GetKlass()); +} + +/** + * xmlSecTransformGostR3411_2012_512GetKlass: + * + * GOST R 34.11-2012 512 bit digest transform klass. + * + * Returns: pointer to GOST R 34.11-2012 512 bit digest transform klass or NULL if an error + * occurs (the xmlsec-crypto library is not loaded or this transform is not + * implemented). + */ +xmlSecTransformId +xmlSecTransformGostR3411_2012_512GetKlass(void) { + if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3411_2012_512GetKlass == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "transformGostR3411_2012_512Id", + XMLSEC_ERRORS_R_NOT_IMPLEMENTED, + XMLSEC_ERRORS_NO_MESSAGE); + return(xmlSecTransformIdUnknown); + } + return(xmlSecCryptoDLGetFunctions()->transformGostR3411_2012_512GetKlass()); +} /** * xmlSecTransformSha1GetKlass: * diff --git a/src/base64.c b/src/base64.c index 53e66945..a78f8164 100644 --- a/src/base64.c +++ b/src/base64.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -161,7 +161,7 @@ xmlSecBase64CtxCreate(int encode, int columns) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecBase64Ctx)=%d", - sizeof(xmlSecBase64Ctx)); + (int)sizeof(xmlSecBase64Ctx)); return(NULL); } @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (C) 2003 Cordys R&D BV, All rights reserved. */ #include "globals.h" diff --git a/src/buffer.c b/src/buffer.c index 0efbfed2..55a95dda 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -67,7 +67,7 @@ xmlSecBufferCreate(xmlSecSize size) { NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecBuffer)=%d", sizeof(xmlSecBuffer)); + "sizeof(xmlSecBuffer)=%d", (int)sizeof(xmlSecBuffer)); return(NULL); } @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -5,7 +5,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -89,7 +89,7 @@ XMLSEC_PTR_TO_FUNC_IMPL(xmlSecCryptoGetFunctionsCallback) static xmlSecCryptoDLLibraryPtr xmlSecCryptoDLLibraryCreate(const xmlChar* name) { xmlSecCryptoDLLibraryPtr lib; - xmlSecCryptoGetFunctionsCallback * getFunctions; + xmlSecCryptoGetFunctionsCallback * getFunctions = NULL; xmlSecAssert2(name != NULL, NULL); @@ -102,7 +102,7 @@ xmlSecCryptoDLLibraryCreate(const xmlChar* name) { NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(lib)); + "size=%d", (int)sizeof(lib)); return(NULL); } memset(lib, 0, sizeof(xmlSecCryptoDLLibrary)); @@ -429,9 +429,10 @@ xmlSecCryptoDLShutdown(void) { /** * xmlSecCryptoDLLoadLibrary: - * @crypto: the desired crypto library name ("openssl", "nss", ...). + * @crypto: the desired crypto library name ("openssl", "nss", ...). If NULL + * then the default crypto engine will be used. * - * Loads the xmlsec-<crypto> library. This function is NOT thread safe, + * Loads the xmlsec-$crypto library. This function is NOT thread safe, * application MUST NOT call #xmlSecCryptoDLLoadLibrary, #xmlSecCryptoDLGetLibraryFunctions, * and #xmlSecCryptoDLUnloadLibrary functions from multiple threads. * @@ -442,9 +443,8 @@ xmlSecCryptoDLLoadLibrary(const xmlChar* crypto) { xmlSecCryptoDLFunctionsPtr functions; int ret; - xmlSecAssert2(crypto != NULL, -1); - - functions = xmlSecCryptoDLGetLibraryFunctions(crypto); + /* if crypto is not specified, then used default */ + functions = xmlSecCryptoDLGetLibraryFunctions((crypto != NULL ) ? crypto : xmlSecGetDefaultCrypto()); if(functions == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, @@ -463,6 +463,7 @@ xmlSecCryptoDLLoadLibrary(const xmlChar* crypto) { XMLSEC_ERRORS_NO_MESSAGE); return(-1); } + return(0); } @@ -470,7 +471,7 @@ xmlSecCryptoDLLoadLibrary(const xmlChar* crypto) { * xmlSecCryptoDLGetLibraryFunctions: * @crypto: the desired crypto library name ("openssl", "nss", ...). * - * Loads the xmlsec-<crypto> library and gets global crypto functions/transforms/keys data/keys store + * Loads the xmlsec-$crypto library and gets global crypto functions/transforms/keys data/keys store * table. This function is NOT thread safe, application MUST NOT call #xmlSecCryptoDLLoadLibrary, * #xmlSecCryptoDLGetLibraryFunctions, and #xmlSecCryptoDLUnloadLibrary functions from multiple threads. * @@ -523,7 +524,7 @@ xmlSecCryptoDLGetLibraryFunctions(const xmlChar* crypto) { * xmlSecCryptoDLUnloadLibrary: * @crypto: the desired crypto library name ("openssl", "nss", ...). * - * Unloads the xmlsec-<crypto> library. All pointers to this library + * Unloads the xmlsec-$crypto library. All pointers to this library * functions tables became invalid. This function is NOT thread safe, * application MUST NOT call #xmlSecCryptoDLLoadLibrary, #xmlSecCryptoDLGetLibraryFunctions, * and #xmlSecCryptoDLUnloadLibrary functions from multiple threads. @@ -650,7 +651,22 @@ xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFuncti XMLSEC_ERRORS_NO_MESSAGE); return(-1); } - if((functions->keyDataHmacGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataHmacGetKlass()) < 0)) { + if((functions->keyDataGostR3410_2012_256GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataGostR3410_2012_256GetKlass()) < 0)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGostR3410_2012_256GetKlass())), + "xmlSecKeyDataIdsRegister", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + if((functions->keyDataGostR3410_2012_512GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataGostR3410_2012_512GetKlass()) < 0)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGostR3410_2012_512GetKlass())), + "xmlSecKeyDataIdsRegister", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } if((functions->keyDataHmacGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataHmacGetKlass()) < 0)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataHmacGetKlass())), "xmlSecKeyDataIdsRegister", @@ -770,6 +786,24 @@ xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFuncti return(-1); } + if((functions->transformGostR3410_2012GostR3411_2012_256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3410_2012GostR3411_2012_256GetKlass()) < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3410_2012GostR3411_2012_256GetKlass())), + "xmlSecTransformIdsRegister", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + if((functions->transformGostR3410_2012GostR3411_2012_512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3410_2012GostR3411_2012_512GetKlass()) < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3410_2012GostR3411_2012_512GetKlass())), + "xmlSecTransformIdsRegister", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + if((functions->transformDsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDsaSha1GetKlass()) < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDsaSha1GetKlass())), @@ -1004,6 +1038,23 @@ xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFuncti return(-1); } + if((functions->transformGostR3411_2012_256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3411_2012_256GetKlass()) < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3411_2012_256GetKlass())), + "xmlSecTransformIdsRegister", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + if((functions->transformGostR3411_2012_512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3411_2012_512GetKlass()) < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3411_2012_512GetKlass())), + "xmlSecTransformIdsRegister", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } if((functions->transformSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha1GetKlass()) < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha1GetKlass())), diff --git a/src/enveloped.c b/src/enveloped.c index 8047d318..ae11c16e 100644 --- a/src/enveloped.c +++ b/src/enveloped.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -73,10 +73,11 @@ static xmlSecTransformKlass xmlSecTransformEnvelopedKlass = { * result from replacing T with an XPath transform containing the following * XPath parameter element: * - * <XPath xmlns:dsig="&dsig;"> - * count(ancestor-or-self::dsig:Signature | - * here()/ancestor::dsig:Signature[1]) > - * count(ancestor-or-self::dsig:Signature)</XPath> + * <XPath xmlns:dsig="..."> + * count(ancestor-or-self::dsig:Signature | + * here()/ancestor::dsig:Signature[1]) > + * count(ancestor-or-self::dsig:Signature) + * </XPath> * * The input and output requirements of this transform are identical to * those of the XPath transform, but may only be applied to a node-set from diff --git a/src/errors.c b/src/errors.c index c9886d36..2ff1f42a 100644 --- a/src/errors.c +++ b/src/errors.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gcrypt/Makefile.in b/src/gcrypt/Makefile.in index 325e5cf8..b08d9074 100644 --- a/src/gcrypt/Makefile.in +++ b/src/gcrypt/Makefile.in @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,61 @@ @SET_MAKE@ VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -36,14 +90,14 @@ build_triplet = @build@ host_triplet = @host@ @SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c subdir = src/gcrypt -DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -82,7 +136,9 @@ am__libxmlsec1_gcrypt_la_SOURCES_DIST = app.c asn1.h asn1.c ciphers.c \ crypto.c digests.c hmac.c kw_aes.c kw_des.c symkeys.c \ asymkeys.c signatures.c globals.h ../strings.c am__objects_1 = -@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_gcrypt_la-strings.lo +am__dirstamp = $(am__leading_dot)dirstamp +@SHAREDLIB_HACK_TRUE@am__objects_2 = \ +@SHAREDLIB_HACK_TRUE@ ../libxmlsec1_gcrypt_la-strings.lo am_libxmlsec1_gcrypt_la_OBJECTS = libxmlsec1_gcrypt_la-app.lo \ libxmlsec1_gcrypt_la-asn1.lo libxmlsec1_gcrypt_la-ciphers.lo \ libxmlsec1_gcrypt_la-crypto.lo libxmlsec1_gcrypt_la-digests.lo \ @@ -95,10 +151,23 @@ libxmlsec1_gcrypt_la_OBJECTS = $(am_libxmlsec1_gcrypt_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent +am__v_lt_1 = libxmlsec1_gcrypt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libxmlsec1_gcrypt_la_LDFLAGS) \ $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -111,24 +180,43 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = SOURCES = $(libxmlsec1_gcrypt_la_SOURCES) DIST_SOURCES = $(am__libxmlsec1_gcrypt_la_SOURCES_DIST) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -165,6 +253,10 @@ GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@ GNUTLS_LIBS = @GNUTLS_LIBS@ GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@ GREP = @GREP@ +GTKDOC_MKDB = @GTKDOC_MKDB@ +GTKDOC_MKHTML = @GTKDOC_MKHTML@ +GTKDOC_MKTMPL = @GTKDOC_MKTMPL@ +GTKDOC_SCAN = @GTKDOC_SCAN@ HELP2MAN = @HELP2MAN@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -184,6 +276,7 @@ LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@ LIBXSLT_CONFIG = @LIBXSLT_CONFIG@ LIBXSLT_LIBS = @LIBXSLT_LIBS@ LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@ +LIBXSLT_PC_FILE_COND = @LIBXSLT_PC_FILE_COND@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ @@ -222,6 +315,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ @@ -238,7 +332,6 @@ XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@ XMLSEC_CFLAGS = @XMLSEC_CFLAGS@ XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@ XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@ -XMLSEC_CRYPTO = @XMLSEC_CRYPTO@ XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@ XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@ XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ @@ -246,6 +339,7 @@ XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@ XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@ XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@ XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@ +XMLSEC_DEFAULT_CRYPTO = @XMLSEC_DEFAULT_CRYPTO@ XMLSEC_DEFINES = @XMLSEC_DEFINES@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@ XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@ @@ -265,6 +359,7 @@ XMLSEC_NO_DSA = @XMLSEC_NO_DSA@ XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@ XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@ XMLSEC_NO_GOST = @XMLSEC_NO_GOST@ +XMLSEC_NO_GOST2012 = @XMLSEC_NO_GOST2012@ XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@ XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@ XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@ @@ -279,7 +374,6 @@ XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@ XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@ XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@ XMLSEC_NO_X509 = @XMLSEC_NO_X509@ -XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@ XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@ XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@ XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@ @@ -294,6 +388,7 @@ XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@ XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@ XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@ XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@ +XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -400,7 +495,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/gcrypt/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/gcrypt/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -418,9 +512,9 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -428,6 +522,8 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } @@ -443,21 +539,35 @@ uninstall-libLTLIBRARIES: clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(lib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +../$(am__dirstamp): + @$(MKDIR_P) .. + @: > ../$(am__dirstamp) +../$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ../$(DEPDIR) + @: > ../$(DEPDIR)/$(am__dirstamp) +../libxmlsec1_gcrypt_la-strings.lo: ../$(am__dirstamp) \ + ../$(DEPDIR)/$(am__dirstamp) + libxmlsec1-gcrypt.la: $(libxmlsec1_gcrypt_la_OBJECTS) $(libxmlsec1_gcrypt_la_DEPENDENCIES) $(EXTRA_libxmlsec1_gcrypt_la_DEPENDENCIES) $(AM_V_CCLD)$(libxmlsec1_gcrypt_la_LINK) -rpath $(libdir) $(libxmlsec1_gcrypt_la_OBJECTS) $(libxmlsec1_gcrypt_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f ../*.$(OBJEXT) + -rm -f ../*.lo distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@../$(DEPDIR)/libxmlsec1_gcrypt_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-app.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-asn1.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-asymkeys.Plo@am__quote@ @@ -468,26 +578,28 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-kw_aes.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-kw_des.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-signatures.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-symkeys.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< @@ -569,39 +681,29 @@ libxmlsec1_gcrypt_la-signatures.lo: signatures.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c -libxmlsec1_gcrypt_la-strings.lo: ../strings.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-strings.Tpo -c -o libxmlsec1_gcrypt_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-strings.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-strings.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='libxmlsec1_gcrypt_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ +../libxmlsec1_gcrypt_la-strings.lo: ../strings.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ../libxmlsec1_gcrypt_la-strings.lo -MD -MP -MF ../$(DEPDIR)/libxmlsec1_gcrypt_la-strings.Tpo -c -o ../libxmlsec1_gcrypt_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ../$(DEPDIR)/libxmlsec1_gcrypt_la-strings.Tpo ../$(DEPDIR)/libxmlsec1_gcrypt_la-strings.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='../libxmlsec1_gcrypt_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ../libxmlsec1_gcrypt_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs + -rm -rf ../.libs ../_libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -613,15 +715,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $$unique; \ fi; \ fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -630,6 +728,21 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -697,6 +810,8 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f ../$(DEPDIR)/$(am__dirstamp) + -rm -f ../$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -707,7 +822,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -rf ../$(DEPDIR) ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -753,7 +868,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -rf ../$(DEPDIR) ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -774,19 +889,21 @@ uninstall-am: uninstall-libLTLIBRARIES .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am \ - install-libLTLIBRARIES install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libLTLIBRARIES install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-libLTLIBRARIES + tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES + +.PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/gcrypt/app.c b/src/gcrypt/app.c index ab95f6dd..dd5d7706 100644 --- a/src/gcrypt/app.c +++ b/src/gcrypt/app.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gcrypt/asn1.c b/src/gcrypt/asn1.c index b1388420..cec6364d 100644 --- a/src/gcrypt/asn1.c +++ b/src/gcrypt/asn1.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -304,9 +304,11 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, case 3: /* Public RSA */ type = xmlSecGCryptDerKeyTypePublicRsa; + break; case 5: /* Public DSA */ type = xmlSecGCryptDerKeyTypePublicDsa; + break; case 6: /* Private DSA */ type = xmlSecGCryptDerKeyTypePrivateDsa; diff --git a/src/gcrypt/asn1.h b/src/gcrypt/asn1.h index d05b5305..b4485a4f 100644 --- a/src/gcrypt/asn1.h +++ b/src/gcrypt/asn1.h @@ -6,13 +6,13 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef __XMLSEC_GCRYPT_ASN1_H__ #define __XMLSEC_GCRYPT_ASN1_H__ #ifndef XMLSEC_PRIVATE -#error "gcrypt/asn1.h file contains private xmlsec-gcrypt definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries" +#error "gcrypt/asn1.h file contains private xmlsec-gcrypt definitions and should not be used outside xmlsec or xmlsec-$crypto libraries" #endif /* XMLSEC_PRIVATE */ #ifdef __cplusplus diff --git a/src/gcrypt/asymkeys.c b/src/gcrypt/asymkeys.c index 8f0cec88..b2256145 100644 --- a/src/gcrypt/asymkeys.c +++ b/src/gcrypt/asymkeys.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gcrypt/ciphers.c b/src/gcrypt/ciphers.c index 6192b8b2..76c1d5a9 100644 --- a/src/gcrypt/ciphers.c +++ b/src/gcrypt/ciphers.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gcrypt/crypto.c b/src/gcrypt/crypto.c index 11def388..d02eb597 100644 --- a/src/gcrypt/crypto.c +++ b/src/gcrypt/crypto.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gcrypt/digests.c b/src/gcrypt/digests.c index dcbe4c7f..d947446f 100644 --- a/src/gcrypt/digests.c +++ b/src/gcrypt/digests.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gcrypt/globals.h b/src/gcrypt/globals.h index 7bc03c1c..3da464d2 100644 --- a/src/gcrypt/globals.h +++ b/src/gcrypt/globals.h @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef __XMLSEC_GLOBALS_H__ #define __XMLSEC_GLOBALS_H__ diff --git a/src/gcrypt/hmac.c b/src/gcrypt/hmac.c index 192cb17b..631b4704 100644 --- a/src/gcrypt/hmac.c +++ b/src/gcrypt/hmac.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_HMAC #include "globals.h" diff --git a/src/gcrypt/kw_aes.c b/src/gcrypt/kw_aes.c index 38ac8956..32bc5cce 100644 --- a/src/gcrypt/kw_aes.c +++ b/src/gcrypt/kw_aes.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_AES #include "globals.h" diff --git a/src/gcrypt/kw_des.c b/src/gcrypt/kw_des.c index b93eb9f5..67e76c56 100644 --- a/src/gcrypt/kw_des.c +++ b/src/gcrypt/kw_des.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_DES #include "globals.h" diff --git a/src/gcrypt/signatures.c b/src/gcrypt/signatures.c index c49638e4..1d3f77a4 100644 --- a/src/gcrypt/signatures.c +++ b/src/gcrypt/signatures.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gcrypt/symkeys.c b/src/gcrypt/symkeys.c index 88272fe3..ecd8368b 100644 --- a/src/gcrypt/symkeys.c +++ b/src/gcrypt/symkeys.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/globals.h b/src/globals.h index 31a57d6b..5cc7070f 100644 --- a/src/globals.h +++ b/src/globals.h @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef __XMLSEC_GLOBALS_H__ diff --git a/src/gnutls/Makefile.in b/src/gnutls/Makefile.in index f4351c16..490ba4e9 100644 --- a/src/gnutls/Makefile.in +++ b/src/gnutls/Makefile.in @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,61 @@ @SET_MAKE@ VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -36,14 +90,14 @@ build_triplet = @build@ host_triplet = @host@ @SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c subdir = src/gnutls -DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -83,7 +137,9 @@ am__libxmlsec1_gnutls_la_SOURCES_DIST = app.c ciphers.c crypto.c \ signatures.c x509utils.h x509utils.c x509.c x509vfy.c \ globals.h ../strings.c am__objects_1 = -@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_gnutls_la-strings.lo +am__dirstamp = $(am__leading_dot)dirstamp +@SHAREDLIB_HACK_TRUE@am__objects_2 = \ +@SHAREDLIB_HACK_TRUE@ ../libxmlsec1_gnutls_la-strings.lo am_libxmlsec1_gnutls_la_OBJECTS = libxmlsec1_gnutls_la-app.lo \ libxmlsec1_gnutls_la-ciphers.lo libxmlsec1_gnutls_la-crypto.lo \ libxmlsec1_gnutls_la-digests.lo libxmlsec1_gnutls_la-hmac.lo \ @@ -98,10 +154,23 @@ libxmlsec1_gnutls_la_OBJECTS = $(am_libxmlsec1_gnutls_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent +am__v_lt_1 = libxmlsec1_gnutls_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libxmlsec1_gnutls_la_LDFLAGS) \ $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -114,24 +183,43 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = SOURCES = $(libxmlsec1_gnutls_la_SOURCES) DIST_SOURCES = $(am__libxmlsec1_gnutls_la_SOURCES_DIST) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -168,6 +256,10 @@ GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@ GNUTLS_LIBS = @GNUTLS_LIBS@ GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@ GREP = @GREP@ +GTKDOC_MKDB = @GTKDOC_MKDB@ +GTKDOC_MKHTML = @GTKDOC_MKHTML@ +GTKDOC_MKTMPL = @GTKDOC_MKTMPL@ +GTKDOC_SCAN = @GTKDOC_SCAN@ HELP2MAN = @HELP2MAN@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -187,6 +279,7 @@ LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@ LIBXSLT_CONFIG = @LIBXSLT_CONFIG@ LIBXSLT_LIBS = @LIBXSLT_LIBS@ LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@ +LIBXSLT_PC_FILE_COND = @LIBXSLT_PC_FILE_COND@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ @@ -225,6 +318,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ @@ -241,7 +335,6 @@ XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@ XMLSEC_CFLAGS = @XMLSEC_CFLAGS@ XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@ XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@ -XMLSEC_CRYPTO = @XMLSEC_CRYPTO@ XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@ XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@ XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ @@ -249,6 +342,7 @@ XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@ XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@ XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@ XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@ +XMLSEC_DEFAULT_CRYPTO = @XMLSEC_DEFAULT_CRYPTO@ XMLSEC_DEFINES = @XMLSEC_DEFINES@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@ XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@ @@ -268,6 +362,7 @@ XMLSEC_NO_DSA = @XMLSEC_NO_DSA@ XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@ XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@ XMLSEC_NO_GOST = @XMLSEC_NO_GOST@ +XMLSEC_NO_GOST2012 = @XMLSEC_NO_GOST2012@ XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@ XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@ XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@ @@ -282,7 +377,6 @@ XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@ XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@ XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@ XMLSEC_NO_X509 = @XMLSEC_NO_X509@ -XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@ XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@ XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@ XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@ @@ -297,6 +391,7 @@ XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@ XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@ XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@ XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@ +XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -406,7 +501,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/gnutls/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/gnutls/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -424,9 +518,9 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -434,6 +528,8 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } @@ -449,21 +545,35 @@ uninstall-libLTLIBRARIES: clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(lib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +../$(am__dirstamp): + @$(MKDIR_P) .. + @: > ../$(am__dirstamp) +../$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ../$(DEPDIR) + @: > ../$(DEPDIR)/$(am__dirstamp) +../libxmlsec1_gnutls_la-strings.lo: ../$(am__dirstamp) \ + ../$(DEPDIR)/$(am__dirstamp) + libxmlsec1-gnutls.la: $(libxmlsec1_gnutls_la_OBJECTS) $(libxmlsec1_gnutls_la_DEPENDENCIES) $(EXTRA_libxmlsec1_gnutls_la_DEPENDENCIES) $(AM_V_CCLD)$(libxmlsec1_gnutls_la_LINK) -rpath $(libdir) $(libxmlsec1_gnutls_la_OBJECTS) $(libxmlsec1_gnutls_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f ../*.$(OBJEXT) + -rm -f ../*.lo distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@../$(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-app.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Plo@am__quote@ @@ -473,29 +583,31 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-signatures.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< @@ -591,39 +703,29 @@ libxmlsec1_gnutls_la-x509vfy.lo: x509vfy.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c -libxmlsec1_gnutls_la-strings.lo: ../strings.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo -c -o libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='libxmlsec1_gnutls_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ +../libxmlsec1_gnutls_la-strings.lo: ../strings.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ../libxmlsec1_gnutls_la-strings.lo -MD -MP -MF ../$(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo -c -o ../libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ../$(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo ../$(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='../libxmlsec1_gnutls_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ../libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs + -rm -rf ../.libs ../_libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -635,15 +737,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $$unique; \ fi; \ fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -652,6 +750,21 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -719,6 +832,8 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f ../$(DEPDIR)/$(am__dirstamp) + -rm -f ../$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -729,7 +844,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -rf ../$(DEPDIR) ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -775,7 +890,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -rf ../$(DEPDIR) ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -796,19 +911,21 @@ uninstall-am: uninstall-libLTLIBRARIES .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am \ - install-libLTLIBRARIES install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libLTLIBRARIES install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-libLTLIBRARIES + tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES + +.PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/gnutls/app.c b/src/gnutls/app.c index 856257f3..042f311c 100644 --- a/src/gnutls/app.c +++ b/src/gnutls/app.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gnutls/asymkeys.c b/src/gnutls/asymkeys.c index 6ac68a78..de9d3fe6 100644 --- a/src/gnutls/asymkeys.c +++ b/src/gnutls/asymkeys.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gnutls/ciphers.c b/src/gnutls/ciphers.c index eacfede6..e38fa7db 100644 --- a/src/gnutls/ciphers.c +++ b/src/gnutls/ciphers.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gnutls/crypto.c b/src/gnutls/crypto.c index 83175e69..0921f2c5 100644 --- a/src/gnutls/crypto.c +++ b/src/gnutls/crypto.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gnutls/digests.c b/src/gnutls/digests.c index 2df20706..94f3aa6a 100644 --- a/src/gnutls/digests.c +++ b/src/gnutls/digests.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gnutls/globals.h b/src/gnutls/globals.h index b49e2404..1f9f35c0 100644 --- a/src/gnutls/globals.h +++ b/src/gnutls/globals.h @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef __XMLSEC_GLOBALS_H__ #define __XMLSEC_GLOBALS_H__ diff --git a/src/gnutls/hmac.c b/src/gnutls/hmac.c index 5d1acfc2..76568052 100644 --- a/src/gnutls/hmac.c +++ b/src/gnutls/hmac.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_HMAC #include "globals.h" diff --git a/src/gnutls/kw_aes.c b/src/gnutls/kw_aes.c index 63f8a6be..4186374e 100644 --- a/src/gnutls/kw_aes.c +++ b/src/gnutls/kw_aes.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_AES #include "globals.h" diff --git a/src/gnutls/kw_des.c b/src/gnutls/kw_des.c index 5d2a2e55..79660bd5 100644 --- a/src/gnutls/kw_des.c +++ b/src/gnutls/kw_des.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_DES #include "globals.h" diff --git a/src/gnutls/signatures.c b/src/gnutls/signatures.c index 98d1f832..136644c1 100644 --- a/src/gnutls/signatures.c +++ b/src/gnutls/signatures.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gnutls/symkeys.c b/src/gnutls/symkeys.c index b1521d62..74727eeb 100644 --- a/src/gnutls/symkeys.c +++ b/src/gnutls/symkeys.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gnutls/x509.c b/src/gnutls/x509.c index 52d46ab4..d043bc72 100644 --- a/src/gnutls/x509.c +++ b/src/gnutls/x509.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gnutls/x509utils.c b/src/gnutls/x509utils.c index 0dc70003..2ab4df23 100644 --- a/src/gnutls/x509utils.c +++ b/src/gnutls/x509utils.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/gnutls/x509utils.h b/src/gnutls/x509utils.h index b939b248..39549941 100644 --- a/src/gnutls/x509utils.h +++ b/src/gnutls/x509utils.h @@ -7,13 +7,13 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef __XMLSEC_GNUTLS_X509UTILS_H__ #define __XMLSEC_GNUTLS_X509UTILS_H__ #ifndef XMLSEC_PRIVATE -#error "gnutls/x509utils.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries" +#error "gnutls/x509utils.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-$crypto libraries" #endif /* XMLSEC_PRIVATE */ #ifdef __cplusplus @@ -67,7 +67,7 @@ void xmlSecGnuTLSX509CertDebugXmlDump (gnutls_x509_crt * ************************************************************************/ gnutls_x509_crl_t xmlSecGnuTLSX509CrlDup (gnutls_x509_crl_t src); -xmlChar * xmlSecGnuTLSX509CrLGetIssuerDN (gnutls_x509_crl_t crl); +xmlChar * xmlSecGnuTLSX509CrlGetIssuerDN (gnutls_x509_crl_t crl); gnutls_x509_crl_t xmlSecGnuTLSX509CrlRead (const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFormat format); diff --git a/src/gnutls/x509vfy.c b/src/gnutls/x509vfy.c index fd15c5ac..f302d8fc 100644 --- a/src/gnutls/x509vfy.c +++ b/src/gnutls/x509vfy.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -66,7 +66,7 @@ xmlSecIOCallbackCreate(xmlInputMatchCallback matchFunc, xmlInputOpenCallback ope NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecIOCallback)=%d", - sizeof(xmlSecIOCallback)); + (int)sizeof(xmlSecIOCallback)); return(NULL); } memset(callbacks, 0, sizeof(xmlSecIOCallback)); @@ -433,6 +433,35 @@ xmlSecTransformInputURIOpen(xmlSecTransformPtr transform, const xmlChar *uri) { return(0); } + +/** + * xmlSecTransformInputURIClose: + * @transform: the pointer to IO transform. + * + * Closes the given @transform and frees up resourses. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecTransformInputURIClose(xmlSecTransformPtr transform) { + xmlSecInputURICtxPtr ctx; + + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformInputURIId), -1); + + ctx = xmlSecTransformInputUriGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + /* close if still open and mark as closed */ + if((ctx->clbksCtx != NULL) && (ctx->clbks != NULL) && (ctx->clbks->closecallback != NULL)) { + (ctx->clbks->closecallback)(ctx->clbksCtx); + ctx->clbksCtx = NULL; + ctx->clbks = NULL; + } + + /* done */ + return(0); +} + static int xmlSecTransformInputURIInitialize(xmlSecTransformPtr transform) { xmlSecInputURICtxPtr ctx; @@ -448,17 +477,27 @@ xmlSecTransformInputURIInitialize(xmlSecTransformPtr transform) { static void xmlSecTransformInputURIFinalize(xmlSecTransformPtr transform) { - xmlSecInputURICtxPtr ctx; + xmlSecInputURICtxPtr ctx; + int ret; xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformInputURIId)); ctx = xmlSecTransformInputUriGetCtx(transform); xmlSecAssert(ctx != NULL); - if((ctx->clbksCtx != NULL) && (ctx->clbks != NULL) && (ctx->clbks->closecallback != NULL)) { - (ctx->clbks->closecallback)(ctx->clbksCtx); - } + ret = xmlSecTransformInputURIClose(transform); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformInputURIClose", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "ret=%d", ret); + /* ignore the error */ + /* return; */ + } + memset(ctx, 0, sizeof(xmlSecInputURICtx)); + return; } static int diff --git a/src/keyinfo.c b/src/keyinfo.c index 00390fa7..958492f1 100644 --- a/src/keyinfo.c +++ b/src/keyinfo.c @@ -39,7 +39,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -227,7 +227,7 @@ xmlSecKeyInfoCtxCreate(xmlSecKeysMngrPtr keysMngr) { NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(xmlSecKeyInfoCtx)); + "size=%d", (int)sizeof(xmlSecKeyInfoCtx)); return(NULL); } @@ -761,7 +761,16 @@ xmlSecKeyDataNameXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, /* finally set key name if it is not there */ if(xmlSecKeyGetName(key) == NULL) { - xmlSecKeySetName(key, newName); + ret = xmlSecKeySetName(key, newName); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeySetName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(newName); + return(-1); + } } xmlFree(newName); return(0); @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -112,7 +112,7 @@ xmlSecKeyUseWithCreate(const xmlChar* application, const xmlChar* identifier) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecKeyUseWith)=%d", - sizeof(xmlSecKeyUseWith)); + (int)sizeof(xmlSecKeyUseWith)); return(NULL); } memset(keyUseWith, 0, sizeof(xmlSecKeyUseWith)); @@ -548,7 +548,7 @@ xmlSecKeyCreate(void) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecKey)=%d", - sizeof(xmlSecKey)); + (int)sizeof(xmlSecKey)); return(NULL); } memset(key, 0, sizeof(xmlSecKey)); diff --git a/src/keysdata.c b/src/keysdata.c index de854ba6..30c800df 100644 --- a/src/keysdata.c +++ b/src/keysdata.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -255,7 +255,7 @@ xmlSecKeyDataDuplicate(xmlSecKeyDataPtr data) { } ret = (data->id->duplicate)(newData, data); - if(newData == NULL) { + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "id->duplicate", diff --git a/src/keysmngr.c b/src/keysmngr.c index 31a03e97..5315203a 100644 --- a/src/keysmngr.c +++ b/src/keysmngr.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -53,7 +53,7 @@ xmlSecKeysMngrCreate(void) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecKeysMngr)=%d", - sizeof(xmlSecKeysMngr)); + (int)sizeof(xmlSecKeysMngr)); return(NULL); } memset(mngr, 0, sizeof(xmlSecKeysMngr)); diff --git a/src/kw_aes_des.c b/src/kw_aes_des.c index 022e720a..7eb74b05 100644 --- a/src/kw_aes_des.c +++ b/src/kw_aes_des.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/kw_aes_des.h b/src/kw_aes_des.h index 46e85273..19c98513 100644 --- a/src/kw_aes_des.h +++ b/src/kw_aes_des.h @@ -9,13 +9,13 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin, All rights reserved. + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef __XMLSEC_KT_AES_DES_H__ #define __XMLSEC_KT_AES_DES_H__ #ifndef XMLSEC_PRIVATE -#error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries" +#error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-$crypto libraries" #endif /* XMLSEC_PRIVATE */ #ifdef __cplusplus @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -65,7 +65,7 @@ xmlSecPtrListCreate(xmlSecPtrListId id) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecPtrList)=%d", - sizeof(xmlSecPtrList)); + (int)sizeof(xmlSecPtrList)); return(NULL); } @@ -479,7 +479,7 @@ xmlSecPtrListEnsureSize(xmlSecPtrListPtr list, xmlSecSize size) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecPtr)*%d=%d", - newSize, sizeof(xmlSecPtr) * newSize); + newSize, (int)(sizeof(xmlSecPtr) * newSize)); return(-1); } diff --git a/src/membuf.c b/src/membuf.c index eb78156c..24cca3da 100644 --- a/src/membuf.c +++ b/src/membuf.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/mscrypto/Makefile.in b/src/mscrypto/Makefile.in index 83c8f03a..d542fe4f 100644 --- a/src/mscrypto/Makefile.in +++ b/src/mscrypto/Makefile.in @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,61 @@ @SET_MAKE@ VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -36,14 +90,14 @@ build_triplet = @build@ host_triplet = @host@ @SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c subdir = src/mscrypto -DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -83,8 +137,9 @@ am__libxmlsec1_mscrypto_la_SOURCES_DIST = globals.h private.h app.c \ kw_aes.c kw_des.c kt_rsa.c signatures.c symkeys.c x509.c \ x509vfy.c csp_calg.h csp_oid.h xmlsec-mingw.h ../strings.c am__objects_1 = +am__dirstamp = $(am__leading_dot)dirstamp @SHAREDLIB_HACK_TRUE@am__objects_2 = \ -@SHAREDLIB_HACK_TRUE@ libxmlsec1_mscrypto_la-strings.lo +@SHAREDLIB_HACK_TRUE@ ../libxmlsec1_mscrypto_la-strings.lo am_libxmlsec1_mscrypto_la_OBJECTS = libxmlsec1_mscrypto_la-app.lo \ libxmlsec1_mscrypto_la-certkeys.lo \ libxmlsec1_mscrypto_la-ciphers.lo \ @@ -104,10 +159,23 @@ libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent +am__v_lt_1 = libxmlsec1_mscrypto_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libxmlsec1_mscrypto_la_LDFLAGS) \ $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -120,24 +188,43 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = SOURCES = $(libxmlsec1_mscrypto_la_SOURCES) DIST_SOURCES = $(am__libxmlsec1_mscrypto_la_SOURCES_DIST) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -174,6 +261,10 @@ GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@ GNUTLS_LIBS = @GNUTLS_LIBS@ GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@ GREP = @GREP@ +GTKDOC_MKDB = @GTKDOC_MKDB@ +GTKDOC_MKHTML = @GTKDOC_MKHTML@ +GTKDOC_MKTMPL = @GTKDOC_MKTMPL@ +GTKDOC_SCAN = @GTKDOC_SCAN@ HELP2MAN = @HELP2MAN@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -193,6 +284,7 @@ LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@ LIBXSLT_CONFIG = @LIBXSLT_CONFIG@ LIBXSLT_LIBS = @LIBXSLT_LIBS@ LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@ +LIBXSLT_PC_FILE_COND = @LIBXSLT_PC_FILE_COND@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ @@ -231,6 +323,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ @@ -247,7 +340,6 @@ XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@ XMLSEC_CFLAGS = @XMLSEC_CFLAGS@ XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@ XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@ -XMLSEC_CRYPTO = @XMLSEC_CRYPTO@ XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@ XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@ XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ @@ -255,6 +347,7 @@ XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@ XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@ XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@ XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@ +XMLSEC_DEFAULT_CRYPTO = @XMLSEC_DEFAULT_CRYPTO@ XMLSEC_DEFINES = @XMLSEC_DEFINES@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@ XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@ @@ -274,6 +367,7 @@ XMLSEC_NO_DSA = @XMLSEC_NO_DSA@ XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@ XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@ XMLSEC_NO_GOST = @XMLSEC_NO_GOST@ +XMLSEC_NO_GOST2012 = @XMLSEC_NO_GOST2012@ XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@ XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@ XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@ @@ -288,7 +382,6 @@ XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@ XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@ XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@ XMLSEC_NO_X509 = @XMLSEC_NO_X509@ -XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@ XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@ XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@ XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@ @@ -303,6 +396,7 @@ XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@ XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@ XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@ XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@ +XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -411,7 +505,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/mscrypto/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/mscrypto/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -429,9 +522,9 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -439,6 +532,8 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } @@ -454,21 +549,35 @@ uninstall-libLTLIBRARIES: clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(lib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +../$(am__dirstamp): + @$(MKDIR_P) .. + @: > ../$(am__dirstamp) +../$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ../$(DEPDIR) + @: > ../$(DEPDIR)/$(am__dirstamp) +../libxmlsec1_mscrypto_la-strings.lo: ../$(am__dirstamp) \ + ../$(DEPDIR)/$(am__dirstamp) + libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES) $(EXTRA_libxmlsec1_mscrypto_la_DEPENDENCIES) $(AM_V_CCLD)$(libxmlsec1_mscrypto_la_LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f ../*.$(OBJEXT) + -rm -f ../*.lo distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@../$(DEPDIR)/libxmlsec1_mscrypto_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-app.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Plo@am__quote@ @@ -480,28 +589,30 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-kw_aes.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-kw_des.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< @@ -604,39 +715,29 @@ libxmlsec1_mscrypto_la-x509vfy.lo: x509vfy.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c -libxmlsec1_mscrypto_la-strings.lo: ../strings.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Tpo -c -o libxmlsec1_mscrypto_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='libxmlsec1_mscrypto_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ +../libxmlsec1_mscrypto_la-strings.lo: ../strings.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ../libxmlsec1_mscrypto_la-strings.lo -MD -MP -MF ../$(DEPDIR)/libxmlsec1_mscrypto_la-strings.Tpo -c -o ../libxmlsec1_mscrypto_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ../$(DEPDIR)/libxmlsec1_mscrypto_la-strings.Tpo ../$(DEPDIR)/libxmlsec1_mscrypto_la-strings.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='../libxmlsec1_mscrypto_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ../libxmlsec1_mscrypto_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs + -rm -rf ../.libs ../_libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -648,15 +749,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $$unique; \ fi; \ fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -665,6 +762,21 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -732,6 +844,8 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f ../$(DEPDIR)/$(am__dirstamp) + -rm -f ../$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -742,7 +856,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -rf ../$(DEPDIR) ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -788,7 +902,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -rf ../$(DEPDIR) ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -809,19 +923,21 @@ uninstall-am: uninstall-libLTLIBRARIES .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am \ - install-libLTLIBRARIES install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libLTLIBRARIES install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-libLTLIBRARIES + tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES + +.PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/mscrypto/app.c b/src/mscrypto/app.c index 92894d90..bcb0ea19 100644 --- a/src/mscrypto/app.c +++ b/src/mscrypto/app.c @@ -5,7 +5,7 @@ * distribution for preciese wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -622,7 +622,7 @@ xmlSecMSCryptoAppPkcs12LoadMemory(const xmlSecByte* data, goto done; } - hCertStore = PFXImportCertStore(&pfx, wcPwd, CRYPT_EXPORTABLE); + hCertStore = PFXImportCertStore(&pfx, wcPwd, CRYPT_EXPORTABLE | PKCS12_NO_PERSIST_KEY); if (NULL == hCertStore) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c index 12c2e404..1cf0e554 100644 --- a/src/mscrypto/certkeys.c +++ b/src/mscrypto/certkeys.c @@ -5,7 +5,7 @@ * distribution for preciese wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/mscrypto/ciphers.c b/src/mscrypto/ciphers.c index ea2edcd5..2ac3da03 100644 --- a/src/mscrypto/ciphers.c +++ b/src/mscrypto/ciphers.c @@ -5,7 +5,7 @@ * distribution for preciese wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c index 82ab101d..aea9685e 100644 --- a/src/mscrypto/crypto.c +++ b/src/mscrypto/crypto.c @@ -5,7 +5,7 @@ * distribution for preciese wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru). */ #include "globals.h" diff --git a/src/mscrypto/globals.h b/src/mscrypto/globals.h index 2b88d5dd..35cbf242 100644 --- a/src/mscrypto/globals.h +++ b/src/mscrypto/globals.h @@ -22,18 +22,5 @@ #define IN_XMLSEC_CRYPTO #define XMLSEC_PRIVATE -/* OpenSSL 0.9.6 and 0.9.7 do not have SHA 224/256/384/512 */ -#if defined(XMLSEC_OPENSSL_096) || defined(XMLSEC_OPENSSL_097) -#define XMLSEC_NO_SHA224 1 -#define XMLSEC_NO_SHA256 1 -#define XMLSEC_NO_SHA384 1 -#define XMLSEC_NO_SHA512 1 -#endif /* defined(XMLSEC_OPENSSL_096) || defined(XMLSEC_OPENSSL_097) */ - -/* OpenSSL 0.9.6 does not have AES */ -#if defined(XMLSEC_OPENSSL_096) -#define XMLSEC_NO_AES 1 -#endif /* XMLSEC_OPENSSL_096 */ - #endif /* ! __XMLSEC_GLOBALS_H__ */ diff --git a/src/mscrypto/hmac.c b/src/mscrypto/hmac.c index e8709838..36370247 100644 --- a/src/mscrypto/hmac.c +++ b/src/mscrypto/hmac.c @@ -13,7 +13,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_HMAC #include "globals.h" diff --git a/src/mscrypto/keysstore.c b/src/mscrypto/keysstore.c index 33f0cd27..8ead554c 100644 --- a/src/mscrypto/keysstore.c +++ b/src/mscrypto/keysstore.c @@ -13,7 +13,7 @@ * distribution for precise wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/mscrypto/kw_aes.c b/src/mscrypto/kw_aes.c index 14e96d5a..71ac447d 100644 --- a/src/mscrypto/kw_aes.c +++ b/src/mscrypto/kw_aes.c @@ -5,7 +5,7 @@ * distribution for preciese wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/mscrypto/kw_des.c b/src/mscrypto/kw_des.c index 6ef356d4..227e76d5 100644 --- a/src/mscrypto/kw_des.c +++ b/src/mscrypto/kw_des.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_DES #include "globals.h" diff --git a/src/mscrypto/private.h b/src/mscrypto/private.h index 11479bff..37e7b9a4 100644 --- a/src/mscrypto/private.h +++ b/src/mscrypto/private.h @@ -7,13 +7,13 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2010 Aleksey Sanin, All rights reserved. + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef __XMLSEC_MSCRYPTO_PRIVATE_H__ #define __XMLSEC_MSCRYPTO_PRIVATE_H__ #ifndef XMLSEC_PRIVATE -#error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries" +#error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-$crypto libraries" #endif /* XMLSEC_PRIVATE */ #if defined(__MINGW32__) diff --git a/src/mscrypto/signatures.c b/src/mscrypto/signatures.c index 2c51f09a..1806dd22 100644 --- a/src/mscrypto/signatures.c +++ b/src/mscrypto/signatures.c @@ -5,7 +5,7 @@ * distribution for preciese wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru). */ #include "globals.h" diff --git a/src/mscrypto/x509.c b/src/mscrypto/x509.c index 5ae025f6..0f687695 100644 --- a/src/mscrypto/x509.c +++ b/src/mscrypto/x509.c @@ -8,7 +8,7 @@ * distribution for preciese wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -1928,6 +1928,7 @@ xmlSecMSCryptoX509NameWrite(PCERT_NAME_BLOB nm) { return(NULL); } + xmlFree(resT); return(res); } diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c index cf317877..899cb6e3 100644 --- a/src/mscrypto/x509vfy.c +++ b/src/mscrypto/x509vfy.c @@ -8,7 +8,7 @@ * distribution for preciese wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -1183,10 +1183,12 @@ xmlSecMSCryptoX509GetCertName(const xmlChar * name) { "xmlSecMSCryptoConvertUtf8ToTstr", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(name2); return(NULL); } /* done */ + xmlFree(name2); return(res); } diff --git a/src/mscrypto/xmlsec-mingw.h b/src/mscrypto/xmlsec-mingw.h index ef5d2ae4..da7d1d0b 100644 --- a/src/mscrypto/xmlsec-mingw.h +++ b/src/mscrypto/xmlsec-mingw.h @@ -11,7 +11,7 @@ #define __XMLSEC_MSCRYPTO_XMLSEC_MINGW_H__ #ifndef XMLSEC_PRIVATE -#error "xmlsec-mingw.h file contains private xmlsec definitions for mingw build and should not be used outside xmlsec or xmlsec-<crypto> libraries" +#error "xmlsec-mingw.h file contains private xmlsec definitions for mingw build and should not be used outside xmlsec or xmlsec-$crypto libraries" #endif /* XMLSEC_PRIVATE */ diff --git a/src/nodeset.c b/src/nodeset.c index 04ae8105..800f1507 100644 --- a/src/nodeset.c +++ b/src/nodeset.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -57,7 +57,7 @@ xmlSecNodeSetCreate(xmlDocPtr doc, xmlNodeSetPtr nodes, xmlSecNodeSetType type) NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecNodeSet)=%d", - sizeof(xmlSecNodeSet)); + (int)sizeof(xmlSecNodeSet)); return(NULL); } memset(nset, 0, sizeof(xmlSecNodeSet)); diff --git a/src/nss/Makefile.in b/src/nss/Makefile.in index e799b8ee..5a1393d1 100644 --- a/src/nss/Makefile.in +++ b/src/nss/Makefile.in @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,61 @@ @SET_MAKE@ VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -36,14 +90,14 @@ build_triplet = @build@ host_triplet = @host@ @SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c subdir = src/nss -DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -83,7 +137,8 @@ am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \ x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ ../strings.c am__objects_1 = -@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo +am__dirstamp = $(am__leading_dot)dirstamp +@SHAREDLIB_HACK_TRUE@am__objects_2 = ../libxmlsec1_nss_la-strings.lo am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \ libxmlsec1_nss_la-bignum.lo libxmlsec1_nss_la-ciphers.lo \ libxmlsec1_nss_la-crypto.lo libxmlsec1_nss_la-digests.lo \ @@ -97,10 +152,23 @@ libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent +am__v_lt_1 = libxmlsec1_nss_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libxmlsec1_nss_la_LDFLAGS) $(LDFLAGS) \ -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -113,24 +181,43 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = SOURCES = $(libxmlsec1_nss_la_SOURCES) DIST_SOURCES = $(am__libxmlsec1_nss_la_SOURCES_DIST) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -167,6 +254,10 @@ GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@ GNUTLS_LIBS = @GNUTLS_LIBS@ GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@ GREP = @GREP@ +GTKDOC_MKDB = @GTKDOC_MKDB@ +GTKDOC_MKHTML = @GTKDOC_MKHTML@ +GTKDOC_MKTMPL = @GTKDOC_MKTMPL@ +GTKDOC_SCAN = @GTKDOC_SCAN@ HELP2MAN = @HELP2MAN@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -186,6 +277,7 @@ LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@ LIBXSLT_CONFIG = @LIBXSLT_CONFIG@ LIBXSLT_LIBS = @LIBXSLT_LIBS@ LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@ +LIBXSLT_PC_FILE_COND = @LIBXSLT_PC_FILE_COND@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ @@ -224,6 +316,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ @@ -240,7 +333,6 @@ XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@ XMLSEC_CFLAGS = @XMLSEC_CFLAGS@ XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@ XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@ -XMLSEC_CRYPTO = @XMLSEC_CRYPTO@ XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@ XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@ XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ @@ -248,6 +340,7 @@ XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@ XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@ XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@ XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@ +XMLSEC_DEFAULT_CRYPTO = @XMLSEC_DEFAULT_CRYPTO@ XMLSEC_DEFINES = @XMLSEC_DEFINES@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@ XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@ @@ -267,6 +360,7 @@ XMLSEC_NO_DSA = @XMLSEC_NO_DSA@ XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@ XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@ XMLSEC_NO_GOST = @XMLSEC_NO_GOST@ +XMLSEC_NO_GOST2012 = @XMLSEC_NO_GOST2012@ XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@ XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@ XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@ @@ -281,7 +375,6 @@ XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@ XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@ XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@ XMLSEC_NO_X509 = @XMLSEC_NO_X509@ -XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@ XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@ XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@ XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@ @@ -296,6 +389,7 @@ XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@ XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@ XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@ XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@ +XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -402,7 +496,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nss/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/nss/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -420,9 +513,9 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -430,6 +523,8 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } @@ -445,21 +540,35 @@ uninstall-libLTLIBRARIES: clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(lib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +../$(am__dirstamp): + @$(MKDIR_P) .. + @: > ../$(am__dirstamp) +../$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ../$(DEPDIR) + @: > ../$(DEPDIR)/$(am__dirstamp) +../libxmlsec1_nss_la-strings.lo: ../$(am__dirstamp) \ + ../$(DEPDIR)/$(am__dirstamp) + libxmlsec1-nss.la: $(libxmlsec1_nss_la_OBJECTS) $(libxmlsec1_nss_la_DEPENDENCIES) $(EXTRA_libxmlsec1_nss_la_DEPENDENCIES) $(AM_V_CCLD)$(libxmlsec1_nss_la_LINK) -rpath $(libdir) $(libxmlsec1_nss_la_OBJECTS) $(libxmlsec1_nss_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f ../*.$(OBJEXT) + -rm -f ../*.lo distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@../$(DEPDIR)/libxmlsec1_nss_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-app.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-bignum.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-ciphers.Plo@am__quote@ @@ -472,28 +581,30 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-kw_des.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-pkikeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-signatures.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< @@ -603,39 +714,29 @@ libxmlsec1_nss_la-kw_aes.lo: kw_aes.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c -libxmlsec1_nss_la-strings.lo: ../strings.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-strings.Tpo -c -o libxmlsec1_nss_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-strings.Tpo $(DEPDIR)/libxmlsec1_nss_la-strings.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='libxmlsec1_nss_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ +../libxmlsec1_nss_la-strings.lo: ../strings.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ../libxmlsec1_nss_la-strings.lo -MD -MP -MF ../$(DEPDIR)/libxmlsec1_nss_la-strings.Tpo -c -o ../libxmlsec1_nss_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ../$(DEPDIR)/libxmlsec1_nss_la-strings.Tpo ../$(DEPDIR)/libxmlsec1_nss_la-strings.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='../libxmlsec1_nss_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ../libxmlsec1_nss_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs + -rm -rf ../.libs ../_libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -647,15 +748,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $$unique; \ fi; \ fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -664,6 +761,21 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -731,6 +843,8 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f ../$(DEPDIR)/$(am__dirstamp) + -rm -f ../$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -741,7 +855,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -rf ../$(DEPDIR) ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -787,7 +901,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -rf ../$(DEPDIR) ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -808,19 +922,21 @@ uninstall-am: uninstall-libLTLIBRARIES .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am \ - install-libLTLIBRARIES install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libLTLIBRARIES install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-libLTLIBRARIES + tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES + +.PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/nss/app.c b/src/nss/app.c index dabe36d1..0a9046fc 100644 --- a/src/nss/app.c +++ b/src/nss/app.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ #include "globals.h" diff --git a/src/nss/ciphers.c b/src/nss/ciphers.c index 54bd2af2..cf679368 100644 --- a/src/nss/ciphers.c +++ b/src/nss/ciphers.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ #include "globals.h" diff --git a/src/nss/crypto.c b/src/nss/crypto.c index 7137f1c4..ea79519f 100644 --- a/src/nss/crypto.c +++ b/src/nss/crypto.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ #include "globals.h" diff --git a/src/nss/digests.c b/src/nss/digests.c index 8063b443..2a81375c 100644 --- a/src/nss/digests.c +++ b/src/nss/digests.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ #include "globals.h" diff --git a/src/nss/globals.h b/src/nss/globals.h index 770b6dba..065c3e8f 100644 --- a/src/nss/globals.h +++ b/src/nss/globals.h @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef __XMLSEC_GLOBALS_H__ #define __XMLSEC_GLOBALS_H__ diff --git a/src/nss/hmac.c b/src/nss/hmac.c index ae7e67ef..79fbf40d 100644 --- a/src/nss/hmac.c +++ b/src/nss/hmac.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ #ifndef XMLSEC_NO_HMAC diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c index f07e44be..057fc454 100644 --- a/src/nss/keysstore.c +++ b/src/nss/keysstore.c @@ -271,7 +271,7 @@ xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert2((*ss == NULL), -1); + xmlSecAssert2(((ss == NULL) || (*ss == NULL)), -1); *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); if(*ss == NULL) { diff --git a/src/nss/kw_aes.c b/src/nss/kw_aes.c index 0438e306..cea884eb 100644 --- a/src/nss/kw_aes.c +++ b/src/nss/kw_aes.c @@ -8,7 +8,7 @@ * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. - * Copyright (C) 2010 Aleksey Sanin, All rights reserved. + * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_AES diff --git a/src/nss/kw_des.c b/src/nss/kw_des.c index e75f69c9..4025d35e 100644 --- a/src/nss/kw_des.c +++ b/src/nss/kw_des.c @@ -8,7 +8,7 @@ * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_DES #include "globals.h" diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c index ae9e29b4..5ede4ccb 100644 --- a/src/nss/pkikeys.c +++ b/src/nss/pkikeys.c @@ -752,6 +752,15 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } handle = PK11_ImportPublicKey(slot, pubkey, PR_FALSE); + if(handle == CK_INVALID_HANDLE) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_ImportPublicKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + ret = -1; + goto done; + } data = xmlSecKeyDataCreate(id); if(data == NULL ) { diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c index 3da7a694..b98dd493 100644 --- a/src/nss/symkeys.c +++ b/src/nss/symkeys.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c index fdb866fe..9e957fea 100644 --- a/src/nss/x509vfy.c +++ b/src/nss/x509vfy.c @@ -233,7 +233,8 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, NULL, XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", - cert->subjectName); + (cert != NULL) ? cert->subjectName : "(NULL)" + ); break; case SEC_ERROR_EXPIRED_CERTIFICATE: xmlSecError(XMLSEC_ERRORS_HERE, @@ -241,7 +242,8 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, NULL, XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, "cert with subject name %s has expired", - cert->subjectName); + (cert != NULL) ? cert->subjectName : "(NULL)" + ); break; case SEC_ERROR_REVOKED_CERTIFICATE: xmlSecError(XMLSEC_ERRORS_HERE, @@ -249,15 +251,16 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, NULL, XMLSEC_ERRORS_R_CERT_REVOKED, "cert with subject name %s has been revoked", - cert->subjectName); + (cert != NULL) ? cert->subjectName : "(NULL)" + ); break; default: xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), NULL, XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - "cert with subject name %s could not be verified, errcode %d", - cert->subjectName, + "cert with subject name %s could not be verified, errcode %d", + (cert != NULL) ? cert->subjectName : "(NULL)", PORT_GetError()); break; } @@ -690,11 +693,10 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { } memcpy(p, value, valueLen); p+=valueLen; - if (len > 0) + if (len > 0) { *p++=','; + } } - } else { - valueLen = 0; } if(len > 0) { ++str; --len; diff --git a/src/openssl/Makefile.am b/src/openssl/Makefile.am index 23c225a1..309a44b2 100644 --- a/src/openssl/Makefile.am +++ b/src/openssl/Makefile.am @@ -25,6 +25,7 @@ libxmlsec1_openssl_la_SOURCES =\ crypto.c \ digests.c \ evp.c \ + evp_signatures.c \ hmac.c \ kw_aes.c \ kw_des.c \ diff --git a/src/openssl/Makefile.in b/src/openssl/Makefile.in index fd16efd0..c6cd744b 100644 --- a/src/openssl/Makefile.in +++ b/src/openssl/Makefile.in @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,61 @@ @SET_MAKE@ VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -36,14 +90,14 @@ build_triplet = @build@ host_triplet = @host@ @SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c subdir = src/openssl -DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -79,14 +133,18 @@ am__installdirs = "$(DESTDIR)$(libdir)" LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = am__libxmlsec1_openssl_la_SOURCES_DIST = app.c bn.c ciphers.c crypto.c \ - digests.c evp.c hmac.c kw_aes.c kw_des.c kt_rsa.c signatures.c \ - symkeys.c x509.c x509vfy.c globals.h ../strings.c + digests.c evp.c evp_signatures.c hmac.c kw_aes.c kw_des.c \ + kt_rsa.c signatures.c symkeys.c x509.c x509vfy.c globals.h \ + ../strings.c am__objects_1 = -@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_openssl_la-strings.lo +am__dirstamp = $(am__leading_dot)dirstamp +@SHAREDLIB_HACK_TRUE@am__objects_2 = \ +@SHAREDLIB_HACK_TRUE@ ../libxmlsec1_openssl_la-strings.lo am_libxmlsec1_openssl_la_OBJECTS = libxmlsec1_openssl_la-app.lo \ libxmlsec1_openssl_la-bn.lo libxmlsec1_openssl_la-ciphers.lo \ libxmlsec1_openssl_la-crypto.lo \ libxmlsec1_openssl_la-digests.lo libxmlsec1_openssl_la-evp.lo \ + libxmlsec1_openssl_la-evp_signatures.lo \ libxmlsec1_openssl_la-hmac.lo libxmlsec1_openssl_la-kw_aes.lo \ libxmlsec1_openssl_la-kw_des.lo \ libxmlsec1_openssl_la-kt_rsa.lo \ @@ -98,10 +156,23 @@ libxmlsec1_openssl_la_OBJECTS = $(am_libxmlsec1_openssl_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent +am__v_lt_1 = libxmlsec1_openssl_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libxmlsec1_openssl_la_LDFLAGS) \ $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -114,24 +185,43 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = SOURCES = $(libxmlsec1_openssl_la_SOURCES) DIST_SOURCES = $(am__libxmlsec1_openssl_la_SOURCES_DIST) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -168,6 +258,10 @@ GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@ GNUTLS_LIBS = @GNUTLS_LIBS@ GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@ GREP = @GREP@ +GTKDOC_MKDB = @GTKDOC_MKDB@ +GTKDOC_MKHTML = @GTKDOC_MKHTML@ +GTKDOC_MKTMPL = @GTKDOC_MKTMPL@ +GTKDOC_SCAN = @GTKDOC_SCAN@ HELP2MAN = @HELP2MAN@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -187,6 +281,7 @@ LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@ LIBXSLT_CONFIG = @LIBXSLT_CONFIG@ LIBXSLT_LIBS = @LIBXSLT_LIBS@ LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@ +LIBXSLT_PC_FILE_COND = @LIBXSLT_PC_FILE_COND@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ @@ -225,6 +320,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ @@ -241,7 +337,6 @@ XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@ XMLSEC_CFLAGS = @XMLSEC_CFLAGS@ XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@ XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@ -XMLSEC_CRYPTO = @XMLSEC_CRYPTO@ XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@ XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@ XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ @@ -249,6 +344,7 @@ XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@ XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@ XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@ XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@ +XMLSEC_DEFAULT_CRYPTO = @XMLSEC_DEFAULT_CRYPTO@ XMLSEC_DEFINES = @XMLSEC_DEFINES@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@ XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@ @@ -268,6 +364,7 @@ XMLSEC_NO_DSA = @XMLSEC_NO_DSA@ XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@ XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@ XMLSEC_NO_GOST = @XMLSEC_NO_GOST@ +XMLSEC_NO_GOST2012 = @XMLSEC_NO_GOST2012@ XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@ XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@ XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@ @@ -282,7 +379,6 @@ XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@ XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@ XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@ XMLSEC_NO_X509 = @XMLSEC_NO_X509@ -XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@ XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@ XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@ XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@ @@ -297,6 +393,7 @@ XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@ XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@ XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@ XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@ +XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -369,8 +466,9 @@ libxmlsec1_openssl_la_CPPFLAGS = \ $(NULL) libxmlsec1_openssl_la_SOURCES = app.c bn.c ciphers.c crypto.c \ - digests.c evp.c hmac.c kw_aes.c kw_des.c kt_rsa.c signatures.c \ - symkeys.c x509.c x509vfy.c globals.h $(NULL) $(am__append_1) + digests.c evp.c evp_signatures.c hmac.c kw_aes.c kw_des.c \ + kt_rsa.c signatures.c symkeys.c x509.c x509vfy.c globals.h \ + $(NULL) $(am__append_1) libxmlsec1_openssl_la_LIBADD = \ $(OPENSSL_LIBS) \ $(LIBXSLT_LIBS) \ @@ -402,7 +500,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/openssl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/openssl/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -420,9 +517,9 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -430,6 +527,8 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } @@ -445,54 +544,71 @@ uninstall-libLTLIBRARIES: clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(lib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +../$(am__dirstamp): + @$(MKDIR_P) .. + @: > ../$(am__dirstamp) +../$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ../$(DEPDIR) + @: > ../$(DEPDIR)/$(am__dirstamp) +../libxmlsec1_openssl_la-strings.lo: ../$(am__dirstamp) \ + ../$(DEPDIR)/$(am__dirstamp) + libxmlsec1-openssl.la: $(libxmlsec1_openssl_la_OBJECTS) $(libxmlsec1_openssl_la_DEPENDENCIES) $(EXTRA_libxmlsec1_openssl_la_DEPENDENCIES) $(AM_V_CCLD)$(libxmlsec1_openssl_la_LINK) -rpath $(libdir) $(libxmlsec1_openssl_la_OBJECTS) $(libxmlsec1_openssl_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f ../*.$(OBJEXT) + -rm -f ../*.lo distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@../$(DEPDIR)/libxmlsec1_openssl_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-app.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-bn.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-ciphers.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-crypto.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-digests.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-evp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-evp_signatures.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-hmac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-kw_des.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-signatures.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-strings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-symkeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-x509.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< @@ -539,6 +655,13 @@ libxmlsec1_openssl_la-evp.lo: evp.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-evp.lo `test -f 'evp.c' || echo '$(srcdir)/'`evp.c +libxmlsec1_openssl_la-evp_signatures.lo: evp_signatures.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-evp_signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-evp_signatures.Tpo -c -o libxmlsec1_openssl_la-evp_signatures.lo `test -f 'evp_signatures.c' || echo '$(srcdir)/'`evp_signatures.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-evp_signatures.Tpo $(DEPDIR)/libxmlsec1_openssl_la-evp_signatures.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp_signatures.c' object='libxmlsec1_openssl_la-evp_signatures.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-evp_signatures.lo `test -f 'evp_signatures.c' || echo '$(srcdir)/'`evp_signatures.c + libxmlsec1_openssl_la-hmac.lo: hmac.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-hmac.Tpo -c -o libxmlsec1_openssl_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-hmac.Tpo $(DEPDIR)/libxmlsec1_openssl_la-hmac.Plo @@ -595,39 +718,29 @@ libxmlsec1_openssl_la-x509vfy.lo: x509vfy.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c -libxmlsec1_openssl_la-strings.lo: ../strings.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-strings.Tpo -c -o libxmlsec1_openssl_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-strings.Tpo $(DEPDIR)/libxmlsec1_openssl_la-strings.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='libxmlsec1_openssl_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ +../libxmlsec1_openssl_la-strings.lo: ../strings.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ../libxmlsec1_openssl_la-strings.lo -MD -MP -MF ../$(DEPDIR)/libxmlsec1_openssl_la-strings.Tpo -c -o ../libxmlsec1_openssl_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ../$(DEPDIR)/libxmlsec1_openssl_la-strings.Tpo ../$(DEPDIR)/libxmlsec1_openssl_la-strings.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='../libxmlsec1_openssl_la-strings.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ../libxmlsec1_openssl_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs + -rm -rf ../.libs ../_libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -639,15 +752,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $$unique; \ fi; \ fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -656,6 +765,21 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -723,6 +847,8 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f ../$(DEPDIR)/$(am__dirstamp) + -rm -f ../$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -733,7 +859,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -rf ../$(DEPDIR) ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -779,7 +905,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -rf ../$(DEPDIR) ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -800,19 +926,21 @@ uninstall-am: uninstall-libLTLIBRARIES .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am \ - install-libLTLIBRARIES install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libLTLIBRARIES install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-libLTLIBRARIES + tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES + +.PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/openssl/README b/src/openssl/README index 0f1c625d..e33b0b0a 100644 --- a/src/openssl/README +++ b/src/openssl/README @@ -1,6 +1,6 @@ WHAT VERSION OF OPENSSL? ------------------------------------------------------------------------ -OpenSSL 0.9.6 is supported but some functionality requires 0.9.7 or greater. +OpenSSL 0.9.8 or later is required KEYS MANAGER ------------------------------------------------------------------------ @@ -9,9 +9,3 @@ OpenSSL does not have a keys or certificates storage implementation. The default xmlsec-openssl key manager uses a simple keys store from xmlsec core library based on plain keys list. Trusted/untrusted certificates are stored in STACK_OF(X509) structures. - -KNOWN ISSUES. ------------------------------------------------------------------------- -1) One day we might decide to drop OpenSSL 0.9.6 supprot and remove all -these ifdef's to simplify the code. - diff --git a/src/openssl/app.c b/src/openssl/app.c index 4f8f79e6..373e03a8 100644 --- a/src/openssl/app.c +++ b/src/openssl/app.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -19,6 +19,7 @@ #include <openssl/pem.h> #include <openssl/pkcs12.h> #include <openssl/conf.h> +#include <openssl/engine.h> #include <xmlsec/xmlsec.h> #include <xmlsec/keys.h> @@ -96,6 +97,7 @@ xmlSecOpenSSLAppInit(const char* config) { int xmlSecOpenSSLAppShutdown(void) { xmlSecOpenSSLAppSaveRANDFile(NULL); + RAND_cleanup(); EVP_cleanup(); @@ -103,14 +105,21 @@ xmlSecOpenSSLAppShutdown(void) { X509_TRUST_cleanup(); #endif /* XMLSEC_NO_X509 */ -#ifndef XMLSEC_OPENSSL_096 + ENGINE_cleanup(); + CONF_modules_unload(1); + CRYPTO_cleanup_all_ex_data(); -#endif /* XMLSEC_OPENSSL_096 */ /* finally cleanup errors */ +#if defined(XMLSEC_OPENSSL_100) || defined(XMLSEC_OPENSSL_110) + ERR_remove_thread_state(NULL); +#else ERR_remove_state(0); +#endif /* defined(XMLSEC_OPENSSL_100) || defined(XMLSEC_OPENSSL_110) */ + ERR_free_strings(); + /* done */ return(0); } @@ -255,7 +264,7 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, } if(pKey == NULL) { /* go to start of the file and try to read public key */ - BIO_reset(bio); + (void)BIO_reset(bio); pKey = PEM_read_bio_PUBKEY(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); @@ -274,7 +283,7 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, pKey = d2i_PrivateKey_bio(bio, NULL); if(pKey == NULL) { /* go to start of the file and try to read public key */ - BIO_reset(bio); + (void)BIO_reset(bio); pKey = d2i_PUBKEY_bio(bio, NULL); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, diff --git a/src/openssl/bn.c b/src/openssl/bn.c index dfeae6ea..db186d11 100644 --- a/src/openssl/bn.c +++ b/src/openssl/bn.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/openssl/ciphers.c b/src/openssl/ciphers.c index 1b600625..c93f06b9 100644 --- a/src/openssl/ciphers.c +++ b/src/openssl/ciphers.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -21,10 +21,11 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> -/* this is not defined in OpenSSL 0.9.6 */ -#ifndef EVP_MAX_BLOCK_LENGTH -#define EVP_MAX_BLOCK_LENGTH 32 -#endif /* EVP_MAX_BLOCK_LENGTH */ +/* new API from OpenSSL 1.1.0 */ +#if !defined(XMLSEC_OPENSSL_110) +#define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) +#endif /* !defined(XMLSEC_OPENSSL_110) */ + /************************************************************************** * @@ -36,25 +37,33 @@ typedef struct _xmlSecOpenSSLEvpBlockCipherCtx xmlSecOpenSSLEvpBlockCip struct _xmlSecOpenSSLEvpBlockCipherCtx { const EVP_CIPHER* cipher; xmlSecKeyDataId keyId; - EVP_CIPHER_CTX cipherCtx; + EVP_CIPHER_CTX* cipherCtx; int keyInitialized; int ctxInitialized; xmlSecByte key[EVP_MAX_KEY_LENGTH]; xmlSecByte iv[EVP_MAX_IV_LENGTH]; - xmlSecByte pad[EVP_MAX_BLOCK_LENGTH]; + xmlSecByte pad[2*EVP_MAX_BLOCK_LENGTH]; }; + static int xmlSecOpenSSLEvpBlockCipherCtxInit (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx); +static int xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, + const xmlSecByte * in, + int inSize, + xmlSecBufferPtr out, + const xmlChar* cipherName, + int final); static int xmlSecOpenSSLEvpBlockCipherCtxUpdate (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx); static int xmlSecOpenSSLEvpBlockCipherCtxFinal (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx); @@ -69,6 +78,7 @@ xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->cipher != NULL, -1); + xmlSecAssert2(ctx->cipherCtx != NULL, -1); xmlSecAssert2(ctx->keyInitialized != 0, -1); xmlSecAssert2(ctx->ctxInitialized == 0, -1); xmlSecAssert2(in != NULL, -1); @@ -126,7 +136,7 @@ xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, } /* set iv */ - ret = EVP_CipherInit(&(ctx->cipherCtx), ctx->cipher, ctx->key, ctx->iv, encrypt); + ret = EVP_CipherInit(ctx->cipherCtx, ctx->cipher, ctx->key, ctx->iv, encrypt); if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(cipherName), @@ -140,84 +150,59 @@ xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, /* * The padding used in XML Enc does not follow RFC 1423 - * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7 - * it is possible to disable padding and do it by yourself - * For OpenSSL 0.9.6 you have interop problems + * and is not supported by OpenSSL. However, it is possible + * to disable padding and do it by yourself + * + * https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-Alg-Block */ -#ifndef XMLSEC_OPENSSL_096 - EVP_CIPHER_CTX_set_padding(&(ctx->cipherCtx), 0); -#endif /* XMLSEC_OPENSSL_096 */ + EVP_CIPHER_CTX_set_padding(ctx->cipherCtx, 0); + return(0); } static int -xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, xmlSecBufferPtr out, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { - int blockLen, fixLength = 0, outLen = 0; - xmlSecSize inSize, outSize; +xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, + const xmlSecByte * in, + int inSize, + xmlSecBufferPtr out, + const xmlChar* cipherName, + int final) { xmlSecByte* outBuf; + xmlSecSize outSize; + int blockLen, outLen = 0; int ret; xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cipher != NULL, -1); + xmlSecAssert2(ctx->cipherCtx != NULL, -1); xmlSecAssert2(ctx->keyInitialized != 0, -1); xmlSecAssert2(ctx->ctxInitialized != 0, -1); xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(inSize > 0, -1); xmlSecAssert2(out != NULL, -1); - xmlSecAssert2(transformCtx != NULL, -1); + /* OpenSSL docs: If the pad parameter is zero then no padding is performed, the total amount of + * data encrypted or decrypted must then be a multiple of the block size or an error will occur. + */ blockLen = EVP_CIPHER_block_size(ctx->cipher); xmlSecAssert2(blockLen > 0, -1); + xmlSecAssert2((inSize % blockLen) == 0, -1); - inSize = xmlSecBufferGetSize(in); + /* prepare: ensure we have enough space (+blockLen for final) */ outSize = xmlSecBufferGetSize(out); - - if(inSize == 0) { - /* wait for more data */ - return(0); - } - - /* OpenSSL docs: The amount of data written depends on the block - * alignment of the encrypted data: as a result the amount of data - * written may be anything from zero bytes to (inl + cipher_block_size - 1). - */ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(cipherName), "xmlSecBufferSetMaxSize", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + inSize + blockLen); + "size=%d", (int)(outSize + inSize + blockLen)); return(-1); } - outBuf = xmlSecBufferGetData(out) + outSize; - - /* - * The padding used in XML Enc does not follow RFC 1423 - * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7 - * it is possible to disable padding and do it by yourself - * For OpenSSL 0.9.6 you have interop problems. - * - * The logic below is copied from EVP_DecryptUpdate() function. - * This is a hack but it's the only way I can provide binary - * compatibility with previous versions of xmlsec. - * This needs to be fixed in the next XMLSEC API refresh. - */ -#ifndef XMLSEC_OPENSSL_096 - if(!ctx->cipherCtx.encrypt) { - if(ctx->cipherCtx.final_used) { - memcpy(outBuf, ctx->cipherCtx.final, blockLen); - outBuf += blockLen; - fixLength = 1; - } else { - fixLength = 0; - } - } -#endif /* XMLSEC_OPENSSL_096 */ + outBuf = xmlSecBufferGetData(out) + outSize; /* encrypt/decrypt */ - ret = EVP_CipherUpdate(&(ctx->cipherCtx), outBuf, &outLen, xmlSecBufferGetData(in), inSize); + ret = EVP_CipherUpdate(ctx->cipherCtx, outBuf, &outLen, in, inSize); if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(cipherName), @@ -226,27 +211,24 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } + xmlSecAssert2(outLen == inSize, -1); -#ifndef XMLSEC_OPENSSL_096 - if(!ctx->cipherCtx.encrypt) { - /* - * The logic below is copied from EVP_DecryptUpdate() function. - * This is a hack but it's the only way I can provide binary - * compatibility with previous versions of xmlsec. - * This needs to be fixed in the next XMLSEC API refresh. - */ - if (blockLen > 1 && !ctx->cipherCtx.buf_len) { - outLen -= blockLen; - ctx->cipherCtx.final_used = 1; - memcpy(ctx->cipherCtx.final, &outBuf[outLen], blockLen); - } else { - ctx->cipherCtx.final_used = 0; - } - if (fixLength) { - outLen += blockLen; + /* finalize transform if needed */ + if(final != 0) { + int outLen2 = 0; + + ret = EVP_CipherFinal(ctx->cipherCtx, outBuf + outLen, &outLen2); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "EVP_CipherFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } + + outLen += outLen2; } -#endif /* XMLSEC_OPENSSL_096 */ /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + outLen); @@ -255,166 +237,226 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecErrorsSafeString(cipherName), "xmlSecBufferSetSize", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + "size=%d", (int)(outSize + outLen)); + return(-1); + } + + /* done */ + return (0); +} + +static int +xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) { + xmlSecSize inSize, blockLen, inBlocksLen; + xmlSecByte* inBuf; + int ret; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cipherCtx != NULL, -1); + xmlSecAssert2(ctx->keyInitialized != 0, -1); + xmlSecAssert2(ctx->ctxInitialized != 0, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + blockLen = EVP_CIPHER_block_size(ctx->cipher); + xmlSecAssert2(blockLen > 0, -1); + + inSize = xmlSecBufferGetSize(in); + if(inSize <= blockLen) { + /* wait for more data: we want to make sure we keep the last chunk in tmp buffer for + * padding check/removal on decryption + */ + return(0); + } + + /* OpenSSL docs: If the pad parameter is zero then no padding is performed, the total amount of + * data encrypted or decrypted must then be a multiple of the block size or an error will occur. + * + * We process all complete blocks from the input + */ + inBlocksLen = blockLen * (inSize / blockLen); + if(inBlocksLen == inSize) { + inBlocksLen -= blockLen; /* ensure we keep the last block around for Final() call to add/check/remove padding */ + } + xmlSecAssert2(inBlocksLen > 0, -1); + + inBuf = xmlSecBufferGetData(in); + ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, inBuf, inBlocksLen, out, cipherName, 0); /* not final */ + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + NULL); return(-1); } /* remove the processed block from input */ - ret = xmlSecBufferRemoveHead(in, inSize); + ret = xmlSecBufferRemoveHead(in, inBlocksLen); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(cipherName), "xmlSecBufferRemoveHead", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + "size=%d", (int)inSize); return(-1); } + + /* just a double check */ + inSize = xmlSecBufferGetSize(in); + xmlSecAssert2(inSize > 0, -1); + xmlSecAssert2(inSize <= blockLen, -1); + + /* done */ return(0); } static int xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) { - int blockLen, outLen = 0, outLen2 = 0; - xmlSecSize outSize; + xmlSecSize inSize, outSize, blockLen; + xmlSecByte* inBuf; xmlSecByte* outBuf; int ret; xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cipher != NULL, -1); + xmlSecAssert2(ctx->cipherCtx != NULL, -1); xmlSecAssert2(ctx->keyInitialized != 0, -1); xmlSecAssert2(ctx->ctxInitialized != 0, -1); + xmlSecAssert2(in != NULL, -1); xmlSecAssert2(out != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); blockLen = EVP_CIPHER_block_size(ctx->cipher); xmlSecAssert2(blockLen > 0, -1); + xmlSecAssert2(blockLen <= EVP_MAX_BLOCK_LENGTH, -1); - outSize = xmlSecBufferGetSize(out); - - /* OpenSSL docs: The encrypted final data is written to out which should - * have sufficient space for one cipher block. We might have to write - * one more block with padding - */ - ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + 2 * blockLen); - return(-1); - } - outBuf = xmlSecBufferGetData(out) + outSize; + /* not more than one block left */ + inSize = xmlSecBufferGetSize(in); + inBuf = xmlSecBufferGetData(in); + xmlSecAssert2(inSize <= blockLen, -1); /* * The padding used in XML Enc does not follow RFC 1423 - * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7 - * it is possible to disable padding and do it by yourself - * For OpenSSL 0.9.6 you have interop problems. + * and is not supported by OpenSSL. However, it is possible + * to disable padding and do it by yourself * - * The logic below is copied from EVP_DecryptFinal() function. - * This is a hack but it's the only way I can provide binary - * compatibility with previous versions of xmlsec. - * This needs to be fixed in the next XMLSEC API refresh. + * https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-Alg-Block */ -#ifndef XMLSEC_OPENSSL_096 - if(ctx->cipherCtx.encrypt) { - int padLen; - - xmlSecAssert2(blockLen <= EVP_MAX_BLOCK_LENGTH, -1); + if(EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) { + xmlSecSize padLen; - padLen = blockLen - ctx->cipherCtx.buf_len; + /* figure out pad length, if it is 0 (i.e. inSize == blockLen) then set it to blockLen */ + padLen = blockLen - inSize; + if(padLen == 0) { + padLen = blockLen; + } xmlSecAssert2(padLen > 0, -1); + xmlSecAssert2(inSize + padLen <= sizeof(ctx->pad), -1); + + /* we can have inSize == 0 if there were no data at all, otherwise -- copy the data */ + if(inSize > 0) { + memcpy(ctx->pad, inBuf, inSize); + } /* generate random padding */ if(padLen > 1) { - ret = RAND_bytes(ctx->pad, padLen - 1); + ret = RAND_bytes(ctx->pad + inSize, padLen - 1); if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(cipherName), "RAND_bytes", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", padLen - 1); + "size=%d", (int)(padLen - 1)); return(-1); } } - ctx->pad[padLen - 1] = padLen; - /* write padding */ - ret = EVP_CipherUpdate(&(ctx->cipherCtx), outBuf, &outLen, ctx->pad, padLen); - if(ret != 1) { + /* set the last byte to the pad length */ + ctx->pad[inSize + padLen - 1] = padLen; + + /* update the last 1 or 2 blocks with padding */ + ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, ctx->pad, inSize + padLen, out, cipherName, 1); /* final */ + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(cipherName), - "EVP_CipherUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + "xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + NULL); return(-1); } - outBuf += outLen; - } -#endif /* XMLSEC_OPENSSL_096 */ + } else { + xmlSecSize padLen; - /* finalize transform */ - ret = EVP_CipherFinal(&(ctx->cipherCtx), outBuf, &outLen2); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, + /* update the last one block with padding */ + ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, inBuf, inSize, out, cipherName, 1); /* final */ + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + NULL); + return(-1); + } + + /* we expect at least one block in the output -- the one we just decrypted */ + outBuf = xmlSecBufferGetData(out); + outSize = xmlSecBufferGetSize(out); + if(outSize < blockLen) { + xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(cipherName), - "EVP_CipherFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "outSize=%d;blockLen=%d", + (int)outSize, (int)blockLen); + return(-1); + } - /* - * The padding used in XML Enc does not follow RFC 1423 - * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7 - * it is possible to disable padding and do it by yourself - * For OpenSSL 0.9.6 you have interop problems. - * - * The logic below is copied from EVP_DecryptFinal() function. - * This is a hack but it's the only way I can provide binary - * compatibility with previous versions of xmlsec. - * This needs to be fixed in the next XMLSEC API refresh. - */ -#ifndef XMLSEC_OPENSSL_096 - if(!ctx->cipherCtx.encrypt) { - /* we instructed openssl to do not use padding so there - * should be no final block - */ - xmlSecAssert2(outLen2 == 0, -1); - xmlSecAssert2(ctx->cipherCtx.buf_len == 0, -1); - xmlSecAssert2(ctx->cipherCtx.final_used, -1); - - if(blockLen > 1) { - outLen2 = blockLen - ctx->cipherCtx.final[blockLen - 1]; - if(outLen2 > 0) { - memcpy(outBuf, ctx->cipherCtx.final, outLen2); - } else if(outLen2 < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "padding=%d;buffer=%d", - ctx->cipherCtx.final[blockLen - 1], blockLen); - return(-1); - } + /* get the pad length from the last byte */ + padLen = (xmlSecSize)(outBuf[outSize - 1]); + if(padLen > blockLen) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "padLen=%d;blockLen=%d", + (int)padLen, (int)blockLen); + return(-1); + } + xmlSecAssert2(padLen <= outSize, -1); + + /* remove the padding */ + ret = xmlSecBufferRemoveTail(out, padLen); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(cipherName), + "xmlSecBufferRemoveTail", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", (int)padLen); + return(-1); } } -#endif /* XMLSEC_OPENSSL_096 */ - /* set correct output buffer size */ - ret = xmlSecBufferSetSize(out, outSize + outLen + outLen2); + /* remove the processed block from input */ + ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", + "xmlSecBufferRemoveHead", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen + outLen2); + "size=%d", (int)inSize); return(-1); } + /* done */ return(0); } @@ -505,7 +547,18 @@ xmlSecOpenSSLEvpBlockCipherInitialize(xmlSecTransformPtr transform) { return(-1); } - EVP_CIPHER_CTX_init(&(ctx->cipherCtx)); + /* create cipher ctx */ + ctx->cipherCtx = EVP_CIPHER_CTX_new(); + if(ctx->cipherCtx == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_CIPHER_CTX_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* done */ return(0); } @@ -519,7 +572,10 @@ xmlSecOpenSSLEvpBlockCipherFinalize(xmlSecTransformPtr transform) { ctx = xmlSecOpenSSLEvpBlockCipherGetCtx(transform); xmlSecAssert(ctx != NULL); - EVP_CIPHER_CTX_cleanup(&(ctx->cipherCtx)); + if(ctx->cipherCtx != NULL) { + EVP_CIPHER_CTX_free(ctx->cipherCtx); + } + memset(ctx, 0, sizeof(xmlSecOpenSSLEvpBlockCipherCtx)); } @@ -584,7 +640,7 @@ xmlSecOpenSSLEvpBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key NULL, XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, "keySize=%d;expected=%d", - xmlSecBufferGetSize(buffer), cipherKeyLen); + (int)xmlSecBufferGetSize(buffer), (int)cipherKeyLen); return(-1); } @@ -654,9 +710,7 @@ xmlSecOpenSSLEvpBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSe } if(last != 0) { - /* by now there should be no input */ - xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); - ret = xmlSecOpenSSLEvpBlockCipherCtxFinal(ctx, out, + ret = xmlSecOpenSSLEvpBlockCipherCtxFinal(ctx, in, out, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { @@ -668,6 +722,9 @@ xmlSecOpenSSLEvpBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSe return(-1); } transform->status = xmlSecTransformStatusFinished; + + /* by now there should be no input */ + xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); } } else if(transform->status == xmlSecTransformStatusFinished) { /* the only way we can get here is if there is no input */ @@ -680,7 +737,7 @@ xmlSecOpenSSLEvpBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSe xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + "status=%d", (int)(transform->status)); return(-1); } diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c index eba1a323..b70eb731 100644 --- a/src/openssl/crypto.c +++ b/src/openssl/crypto.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -80,7 +80,12 @@ xmlSecCryptoGetFunctions_openssl(void) { #ifndef XMLSEC_NO_GOST gXmlSecOpenSSLFunctions->keyDataGost2001GetKlass = xmlSecOpenSSLKeyDataGost2001GetKlass; -#endif /* XMLSEC_NO_GOST*/ +#endif /* XMLSEC_NO_GOST */ + +#ifndef XMLSEC_NO_GOST2012 + gXmlSecOpenSSLFunctions->keyDataGostR3410_2012_256GetKlass = xmlSecOpenSSLKeyDataGostR3410_2012_256GetKlass; + gXmlSecOpenSSLFunctions->keyDataGostR3410_2012_512GetKlass = xmlSecOpenSSLKeyDataGostR3410_2012_512GetKlass; +#endif /* XMLSEC_NO_GOST2012 */ #ifndef XMLSEC_NO_HMAC gXmlSecOpenSSLFunctions->keyDataHmacGetKlass = xmlSecOpenSSLKeyDataHmacGetKlass; @@ -166,13 +171,17 @@ xmlSecCryptoGetFunctions_openssl(void) { /******************************* GOST ********************************/ #ifndef XMLSEC_NO_GOST - gXmlSecOpenSSLFunctions->transformGost2001GostR3411_94GetKlass = xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass; -#endif /* XMLSEC_NO_GOST */ - -#ifndef XMLSEC_NO_GOST + gXmlSecOpenSSLFunctions->transformGost2001GostR3411_94GetKlass = xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass; gXmlSecOpenSSLFunctions->transformGostR3411_94GetKlass = xmlSecOpenSSLTransformGostR3411_94GetKlass; #endif /* XMLSEC_NO_GOST */ +#ifndef XMLSEC_NO_GOST2012 + gXmlSecOpenSSLFunctions->transformGostR3410_2012GostR3411_2012_256GetKlass = xmlSecOpenSSLTransformGostR3410_2012GostR3411_2012_256GetKlass; + gXmlSecOpenSSLFunctions->transformGostR3410_2012GostR3411_2012_512GetKlass = xmlSecOpenSSLTransformGostR3410_2012GostR3411_2012_512GetKlass; + gXmlSecOpenSSLFunctions->transformGostR3411_2012_256GetKlass = xmlSecOpenSSLTransformGostR3411_2012_256GetKlass; + gXmlSecOpenSSLFunctions->transformGostR3411_2012_512GetKlass = xmlSecOpenSSLTransformGostR3411_2012_512GetKlass; +#endif /* XMLSEC_NO_GOST2012 */ + /******************************* HMAC ********************************/ #ifndef XMLSEC_NO_HMAC diff --git a/src/openssl/digests.c b/src/openssl/digests.c index fa26fa65..1d00a1b7 100644 --- a/src/openssl/digests.c +++ b/src/openssl/digests.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -20,6 +20,16 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> +/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html): + * + * EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1. + */ +#if !defined(XMLSEC_OPENSSL_110) +#define EVP_MD_CTX_new() EVP_MD_CTX_create() +#define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy((x)) +#endif /* !defined(XMLSEC_OPENSSL_110) */ + + /************************************************************************** * * Internal OpenSSL Digest CTX @@ -28,7 +38,7 @@ typedef struct _xmlSecOpenSSLDigestCtx xmlSecOpenSSLDigestCtx, *xmlSecOpenSSLDigestCtxPtr; struct _xmlSecOpenSSLDigestCtx { const EVP_MD* digest; - EVP_MD_CTX digestCtx; + EVP_MD_CTX* digestCtx; xmlSecByte dgst[EVP_MAX_MD_SIZE]; xmlSecSize dgstSize; /* dgst size in bytes */ }; @@ -108,6 +118,15 @@ xmlSecOpenSSLEvpDigestCheckId(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_GOST*/ +#ifndef XMLSEC_NO_GOST2012 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3411_2012_256Id)) { + return(1); + } else + + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3411_2012_512Id)) { + return(1); + } else +#endif /* XMLSEC_NO_GOST2012 */ { return(0); @@ -174,6 +193,20 @@ xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_GOST if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3411_94Id)) { ctx->digest = EVP_get_digestbyname("md_gost94"); + if (!ctx->digest) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_TRANSFORM, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else +#endif /* XMLSEC_NO_GOST */ + +#ifndef XMLSEC_NO_GOST2012 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3411_2012_256Id)) { + ctx->digest = EVP_get_digestbyname("md_gost12_256"); if (!ctx->digest) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -184,7 +217,20 @@ xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) { return(-1); } } else -#endif /* XMLSEC_NO_GOST*/ + + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3411_2012_512Id)) { + ctx->digest = EVP_get_digestbyname("md_gost12_512"); + if (!ctx->digest) + { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_TRANSFORM, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else +#endif /* XMLSEC_NO_GOST2012 */ { xmlSecError(XMLSEC_ERRORS_HERE, @@ -195,10 +241,18 @@ xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) { return(-1); } -#ifndef XMLSEC_OPENSSL_096 - EVP_MD_CTX_init(&(ctx->digestCtx)); -#endif /* XMLSEC_OPENSSL_096 */ + /* create digest CTX */ + ctx->digestCtx = EVP_MD_CTX_new(); + if(ctx->digestCtx == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_MD_CTX_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + /* done */ return(0); } @@ -212,9 +266,10 @@ xmlSecOpenSSLEvpDigestFinalize(xmlSecTransformPtr transform) { ctx = xmlSecOpenSSLEvpDigestGetCtx(transform); xmlSecAssert(ctx != NULL); -#ifndef XMLSEC_OPENSSL_096 - EVP_MD_CTX_cleanup(&(ctx->digestCtx)); -#endif /* XMLSEC_OPENSSL_096 */ + if(ctx->digestCtx != NULL) { + EVP_MD_CTX_free(ctx->digestCtx); + } + memset(ctx, 0, sizeof(xmlSecOpenSSLDigestCtx)); } @@ -280,10 +335,10 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran ctx = xmlSecOpenSSLEvpDigestGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->digest != NULL, -1); + xmlSecAssert2(ctx->digestCtx != NULL, -1); if(transform->status == xmlSecTransformStatusNone) { -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_DigestInit(&(ctx->digestCtx), ctx->digest); + ret = EVP_DigestInit(ctx->digestCtx, ctx->digest); if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), @@ -292,9 +347,6 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran XMLSEC_ERRORS_NO_MESSAGE); return(-1); } -#else /* XMLSEC_OPENSSL_096 */ - EVP_DigestInit(&(ctx->digestCtx), ctx->digest); -#endif /* XMLSEC_OPENSSL_096 */ transform->status = xmlSecTransformStatusWorking; } @@ -303,8 +355,7 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran inSize = xmlSecBufferGetSize(in); if(inSize > 0) { -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); + ret = EVP_DigestUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), @@ -313,9 +364,6 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran "size=%d", inSize); return(-1); } -#else /* XMLSEC_OPENSSL_096 */ - EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); -#endif /* XMLSEC_OPENSSL_096 */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { @@ -332,8 +380,7 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1); -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &dgstSize); + ret = EVP_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize); if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), @@ -342,9 +389,6 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran XMLSEC_ERRORS_NO_MESSAGE); return(-1); } -#else /* XMLSEC_OPENSSL_096 */ - EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &dgstSize); -#endif /* XMLSEC_OPENSSL_096 */ xmlSecAssert2(dgstSize > 0, -1); ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize); @@ -745,3 +789,91 @@ xmlSecOpenSSLTransformGostR3411_94GetKlass(void) { } #endif /* XMLSEC_NO_GOST*/ +#ifndef XMLSEC_NO_GOST2012 + +/****************************************************************************** + * + * GOST R 34.11-2012 256 bit + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecOpenSSLGostR3411_2012_256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecOpenSSLEvpDigestSize, /* size_t objSize */ + + xmlSecNameGostR3411_2012_256, /* const xmlChar* name; */ + xmlSecHrefGostR3411_2012_256, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformGostR3411_2012_256GetKlass: + * + * GOST R 34.11-2012 256 bit digest transform klass. + * + * Returns: pointer to GOST R 34.11-2012 256 bit digest transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformGostR3411_2012_256GetKlass(void) { + return(&xmlSecOpenSSLGostR3411_2012_256Klass); +} + +/****************************************************************************** + * + * GOST R 34.11-2012 512 bit + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecOpenSSLGostR3411_2012_512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecOpenSSLEvpDigestSize, /* size_t objSize */ + + xmlSecNameGostR3411_2012_512, /* const xmlChar* name; */ + xmlSecHrefGostR3411_2012_512, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformGostR3411_2012_512GetKlass: + * + * GOST R 34.11-2012 512 bit digest transform klass. + * + * Returns: pointer to GOST R 34.11-2012 512 bit digest transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformGostR3411_2012_512GetKlass(void) { + return(&xmlSecOpenSSLGostR3411_2012_512Klass); +} + +#endif /* XMLSEC_NO_GOST2012 */ + diff --git a/src/openssl/evp.c b/src/openssl/evp.c index 9cb52dc2..328602bc 100644 --- a/src/openssl/evp.c +++ b/src/openssl/evp.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -250,6 +250,7 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) { } break; #endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_GOST case NID_id_GostR3410_2001: data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGost2001Id); @@ -263,6 +264,33 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) { } break; #endif /* XMLSEC_NO_GOST */ + +#ifndef XMLSEC_NO_GOST2012 + case NID_id_GostR3410_2012_256: + data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGostR3410_2012_256Id); + if(data == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "xmlSecOpenSSLKeyDataGostR3410_2012_256Id"); + return(NULL); + } + break; + + case NID_id_GostR3410_2012_512: + data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGostR3410_2012_512Id); + if(data == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "xmlSecOpenSSLKeyDataGostR3410_2012_512Id"); + return(NULL); + } + break; +#endif /* XMLSEC_NO_GOST2012 */ + default: xmlSecError(XMLSEC_ERRORS_HERE, NULL, @@ -914,16 +942,27 @@ xmlSecOpenSSLKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), -1); xmlSecAssert2(sizeBits > 0, -1); - dsa = DSA_generate_parameters(sizeBits, NULL, 0, &counter_ret, &h_ret, NULL, NULL); + dsa = DSA_new(); if(dsa == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "DSA_generate_parameters", + "DSA_new", XMLSEC_ERRORS_R_CRYPTO_FAILED, "size=%d", sizeBits); return(-1); } + ret = DSA_generate_parameters_ex(dsa, sizeBits, NULL, 0, &counter_ret, &h_ret, NULL); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "DSA_generate_parameters_ex", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "size=%d", sizeBits); + DSA_free(dsa); + return(-1); + } + ret = DSA_generate_key(dsa); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -1060,8 +1099,8 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataEcdsaKlass = { NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ NULL, /* xmlSecKeyDataBinReadMethod binRead; */ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ @@ -1225,7 +1264,8 @@ static xmlSecSize xmlSecOpenSSLKeyDataEcdsaGetSize(xmlSecKeyDataPtr data) { const EC_GROUP *group; const EC_KEY *ecdsa; - BIGNUM order; + BIGNUM * order; + xmlSecSize res; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), 0); @@ -1244,16 +1284,30 @@ xmlSecOpenSSLKeyDataEcdsaGetSize(xmlSecKeyDataPtr data) { return(0); } - if(EC_GROUP_get_order(group, &order, NULL) != 1) { + order = BN_new(); + if(order == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BN_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(0); + } + + if(EC_GROUP_get_order(group, order, NULL) != 1) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "EC_GROUP_get_order", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + BN_free(order); return(0); } - return(BN_num_bytes(&order)); + res = BN_num_bytes(order); + BN_free(order); + + return(res); } static void @@ -1758,19 +1812,55 @@ xmlSecOpenSSLKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, static int xmlSecOpenSSLKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { + BIGNUM* e; RSA* rsa; int ret; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), -1); xmlSecAssert2(sizeBits > 0, -1); - rsa = RSA_generate_key(sizeBits, 3, NULL, NULL); + /* create exponent */ + e = BN_new(); + if(e == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "BN_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "sizeBits=%d", sizeBits); + return(-1); + } + + ret = BN_set_word(e, RSA_F4); + if(ret != 1){ + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "BN_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "sizeBits=%d", sizeBits); + BN_free(e); + return(-1); + } + + rsa = RSA_new(); if(rsa == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "RSA_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "sizeBits=%d", sizeBits); + BN_free(e); + return(-1); + } + + ret = RSA_generate_key_ex(rsa, sizeBits, e, NULL); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "RSA_generate_key", XMLSEC_ERRORS_R_CRYPTO_FAILED, "sizeBits=%d", sizeBits); + RSA_free(rsa); + BN_free(e); return(-1); } @@ -1782,9 +1872,14 @@ xmlSecOpenSSLKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); RSA_free(rsa); + BN_free(e); return(-1); } + /* cleanup (don't release rsa since xmlSecKeyDataPtr data owns it now */ + BN_free(e); + + /* done */ return(0); } @@ -1798,7 +1893,7 @@ xmlSecOpenSSLKeyDataRsaGetType(xmlSecKeyDataPtr data) { if((rsa != NULL) && (rsa->n != NULL) && (rsa->e != NULL)) { if(rsa->d != NULL) { return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); - } else if(rsa->engine != NULL) { + } else if((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) { /* * !!! HACK !!! Also see DSA key * We assume here that engine *always* has private key. @@ -1844,14 +1939,12 @@ xmlSecOpenSSLKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { fprintf(output, "<RSAKeyValue size=\"%d\" />\n", xmlSecOpenSSLKeyDataRsaGetSize(data)); } - #endif /* XMLSEC_NO_RSA */ - #ifndef XMLSEC_NO_GOST /************************************************************************** * - * GOST2001 xml key representation processing. Contain errors. + * GOST2001 xml key representation processing * *************************************************************************/ static int xmlSecOpenSSLKeyDataGost2001Initialize(xmlSecKeyDataPtr data); @@ -1887,17 +1980,17 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataGost2001Klass = { /* get info */ xmlSecOpenSSLKeyDataGost2001GetType, /* xmlSecKeyDataGetTypeMethod getType; */ xmlSecOpenSSLKeyDataGost2001GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ - NULL, /* xmlSecKeyDataBinReadMethod binRead; */ - NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ xmlSecOpenSSLKeyDataGost2001DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ - xmlSecOpenSSLKeyDataGost2001DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + xmlSecOpenSSLKeyDataGost2001DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ NULL, /* void* reserved0; */ @@ -1941,9 +2034,9 @@ xmlSecOpenSSLKeyDataGost2001Finalize(xmlSecKeyDataPtr data) { static xmlSecKeyDataType xmlSecOpenSSLKeyDataGost2001GetType(xmlSecKeyDataPtr data) { - /* Now I don't know how to find whether we have both private and public key - or the public only*/ - return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); + /* Now I don't know how to find whether we have both private and public key + or the public only*/ + return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); } static xmlSecSize @@ -1970,6 +2063,258 @@ xmlSecOpenSSLKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { fprintf(output, "<GOST2001KeyValue size=\"%d\" />\n", xmlSecOpenSSLKeyDataGost2001GetSize(data)); } +#endif /* XMLSEC_NO_GOST */ + +#ifndef XMLSEC_NO_GOST2012 + +/************************************************************************** + * + * GOST R 34.10-2012 256 bit xml key representation processing + * + *************************************************************************/ +static int xmlSecOpenSSLKeyDataGostR3410_2012_256Initialize(xmlSecKeyDataPtr data); +static int xmlSecOpenSSLKeyDataGostR3410_2012_256Duplicate(xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecOpenSSLKeyDataGostR3410_2012_256Finalize(xmlSecKeyDataPtr data); + +static xmlSecKeyDataType xmlSecOpenSSLKeyDataGostR3410_2012_256GetType(xmlSecKeyDataPtr data); +static xmlSecSize xmlSecOpenSSLKeyDataGostR3410_2012_256GetSize(xmlSecKeyDataPtr data); +static void xmlSecOpenSSLKeyDataGostR3410_2012_256DebugDump(xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecOpenSSLKeyDataGostR3410_2012_256DebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); + +static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataGostR3410_2012_256Klass = { + sizeof(xmlSecKeyDataKlass), + xmlSecOpenSSLEvpKeyDataSize, + + /* data */ + xmlSecNameGostR3410_2012_256KeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefGostR3410_2012_256KeyValue, /* const xmlChar* href; */ + xmlSecNodeGostR3410_2012_256KeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecOpenSSLKeyDataGostR3410_2012_256Initialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecOpenSSLKeyDataGostR3410_2012_256Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecOpenSSLKeyDataGostR3410_2012_256Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecOpenSSLKeyDataGostR3410_2012_256Generate,*/ /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecOpenSSLKeyDataGostR3410_2012_256GetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecOpenSSLKeyDataGostR3410_2012_256GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecOpenSSLKeyDataGostR3410_2012_256DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecOpenSSLKeyDataGostR3410_2012_256DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLKeyDataGostR3410_2012_256GetKlass: + * + * The GOST R 34.10-2012 256 bit key data klass. + * + * Returns: pointer to GOST R 34.10-2012 256 bit key data klass. + */ +xmlSecKeyDataId +xmlSecOpenSSLKeyDataGostR3410_2012_256GetKlass(void) { + return(&xmlSecOpenSSLKeyDataGostR3410_2012_256Klass); +} + + +static int +xmlSecOpenSSLKeyDataGostR3410_2012_256Initialize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGostR3410_2012_256Id), -1); + + return(xmlSecOpenSSLEvpKeyDataInitialize(data)); +} + +static int +xmlSecOpenSSLKeyDataGostR3410_2012_256Duplicate(xmlSecKeyDataPtr dst, +xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataGostR3410_2012_256Id), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataGostR3410_2012_256Id), -1); + + return(xmlSecOpenSSLEvpKeyDataDuplicate(dst, src)); +} + +static void +xmlSecOpenSSLKeyDataGostR3410_2012_256Finalize(xmlSecKeyDataPtr data) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGostR3410_2012_256Id)); + + xmlSecOpenSSLEvpKeyDataFinalize(data); +} + +static xmlSecKeyDataType +xmlSecOpenSSLKeyDataGostR3410_2012_256GetType(xmlSecKeyDataPtr data) { + /* Now I don't know how to find whether we have both private and public key + or the public only*/ + return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); +} + +static xmlSecSize +xmlSecOpenSSLKeyDataGostR3410_2012_256GetSize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGostR3410_2012_256Id), 0); + + return 512; +} + +static void +xmlSecOpenSSLKeyDataGostR3410_2012_256DebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGostR3410_2012_256Id)); + xmlSecAssert(output != NULL); + + fprintf(output, "=== gost key: size = %d\n", + xmlSecOpenSSLKeyDataGostR3410_2012_256GetSize(data)); +} + +static void +xmlSecOpenSSLKeyDataGostR3410_2012_256DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGostR3410_2012_256Id)); + xmlSecAssert(output != NULL); + + fprintf(output, "<GOST2012_256KeyValue size=\"%d\" />\n", + xmlSecOpenSSLKeyDataGostR3410_2012_256GetSize(data)); +} + + + + +/************************************************************************** + * + * GOST R 34.10-2012 512 bit xml key representation processing + * + *************************************************************************/ +static int xmlSecOpenSSLKeyDataGostR3410_2012_512Initialize(xmlSecKeyDataPtr data); +static int xmlSecOpenSSLKeyDataGostR3410_2012_512Duplicate(xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecOpenSSLKeyDataGostR3410_2012_512Finalize(xmlSecKeyDataPtr data); + +static xmlSecKeyDataType xmlSecOpenSSLKeyDataGostR3410_2012_512GetType(xmlSecKeyDataPtr data); +static xmlSecSize xmlSecOpenSSLKeyDataGostR3410_2012_512GetSize(xmlSecKeyDataPtr data); +static void xmlSecOpenSSLKeyDataGostR3410_2012_512DebugDump(xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecOpenSSLKeyDataGostR3410_2012_512DebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); + +static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataGostR3410_2012_512Klass = { + sizeof(xmlSecKeyDataKlass), + xmlSecOpenSSLEvpKeyDataSize, + + /* data */ + xmlSecNameGostR3410_2012_512KeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefGostR3410_2012_512KeyValue, /* const xmlChar* href; */ + xmlSecNodeGostR3410_2012_512KeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecOpenSSLKeyDataGostR3410_2012_512Initialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecOpenSSLKeyDataGostR3410_2012_512Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecOpenSSLKeyDataGostR3410_2012_512Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecOpenSSLKeyDataGostR3410_2012_512Generate,*/ /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecOpenSSLKeyDataGostR3410_2012_512GetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecOpenSSLKeyDataGostR3410_2012_512GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecOpenSSLKeyDataGostR3410_2012_512DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecOpenSSLKeyDataGostR3410_2012_512DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLKeyDataGostR3410_2012_512GetKlass: + * + * The GOST R 34.10-2012 512 bit key data klass. + * + * Returns: pointer to GOST R 34.10-2012 512 bit key data klass. + */ +xmlSecKeyDataId +xmlSecOpenSSLKeyDataGostR3410_2012_512GetKlass(void) { + return(&xmlSecOpenSSLKeyDataGostR3410_2012_512Klass); +} + + +static int +xmlSecOpenSSLKeyDataGostR3410_2012_512Initialize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGostR3410_2012_512Id), -1); + + return(xmlSecOpenSSLEvpKeyDataInitialize(data)); +} + +static int +xmlSecOpenSSLKeyDataGostR3410_2012_512Duplicate(xmlSecKeyDataPtr dst, +xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataGostR3410_2012_512Id), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataGostR3410_2012_512Id), -1); + + return(xmlSecOpenSSLEvpKeyDataDuplicate(dst, src)); +} + +static void +xmlSecOpenSSLKeyDataGostR3410_2012_512Finalize(xmlSecKeyDataPtr data) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGostR3410_2012_512Id)); + + xmlSecOpenSSLEvpKeyDataFinalize(data); +} + +static xmlSecKeyDataType +xmlSecOpenSSLKeyDataGostR3410_2012_512GetType(xmlSecKeyDataPtr data) { + /* Now I don't know how to find whether we have both private and public key + or the public only*/ + return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); +} + +static xmlSecSize +xmlSecOpenSSLKeyDataGostR3410_2012_512GetSize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGostR3410_2012_512Id), 0); + + return 1024; +} + +static void +xmlSecOpenSSLKeyDataGostR3410_2012_512DebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGostR3410_2012_512Id)); + xmlSecAssert(output != NULL); + + fprintf(output, "=== gost key: size = %d\n", + xmlSecOpenSSLKeyDataGostR3410_2012_512GetSize(data)); +} + +static void +xmlSecOpenSSLKeyDataGostR3410_2012_512DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGostR3410_2012_512Id)); + xmlSecAssert(output != NULL); + + fprintf(output, "<GOST2012_512KeyValue size=\"%d\" />\n", + xmlSecOpenSSLKeyDataGostR3410_2012_512GetSize(data)); +} -#endif /* XMLSEC_NO_GOST*/ +#endif /* XMLSEC_NO_GOST2012 */ diff --git a/src/openssl/evp_signatures.c b/src/openssl/evp_signatures.c new file mode 100644 index 00000000..4dc493ca --- /dev/null +++ b/src/openssl/evp_signatures.c @@ -0,0 +1,1034 @@ +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + */ +#include "globals.h" + +#include <string.h> + +#include <openssl/evp.h> +#include <openssl/rand.h> +#include <openssl/sha.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> + +#include <xmlsec/openssl/crypto.h> +#include <xmlsec/openssl/evp.h> + +/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html): + * + * EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1. + */ +#if !defined(XMLSEC_OPENSSL_110) +#define EVP_MD_CTX_new() EVP_MD_CTX_create() +#define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy((x)) +#define EVP_MD_CTX_md_data(x) ((x)->md_data) +#endif /* !defined(XMLSEC_OPENSSL_110) */ + + +/************************************************************************** + * + * Internal OpenSSL evp signatures ctx + * + *****************************************************************************/ +typedef struct _xmlSecOpenSSLEvpSignatureCtx xmlSecOpenSSLEvpSignatureCtx, + *xmlSecOpenSSLEvpSignatureCtxPtr; +struct _xmlSecOpenSSLEvpSignatureCtx { + const EVP_MD* digest; + EVP_MD_CTX* digestCtx; + xmlSecKeyDataId keyId; + EVP_PKEY* pKey; +}; + +/****************************************************************************** + * + * EVP Signature transforms + * + * xmlSecOpenSSLEvpSignatureCtx is located after xmlSecTransform + * + *****************************************************************************/ +#define xmlSecOpenSSLEvpSignatureSize \ + (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLEvpSignatureCtx)) +#define xmlSecOpenSSLEvpSignatureGetCtx(transform) \ + ((xmlSecOpenSSLEvpSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) + +static int xmlSecOpenSSLEvpSignatureCheckId (xmlSecTransformPtr transform); +static int xmlSecOpenSSLEvpSignatureInitialize (xmlSecTransformPtr transform); +static void xmlSecOpenSSLEvpSignatureFinalize (xmlSecTransformPtr transform); +static int xmlSecOpenSSLEvpSignatureSetKeyReq (xmlSecTransformPtr transform, + xmlSecKeyReqPtr keyReq); +static int xmlSecOpenSSLEvpSignatureSetKey (xmlSecTransformPtr transform, + xmlSecKeyPtr key); +static int xmlSecOpenSSLEvpSignatureVerify (xmlSecTransformPtr transform, + const xmlSecByte* data, + xmlSecSize dataSize, + xmlSecTransformCtxPtr transformCtx); +static int xmlSecOpenSSLEvpSignatureExecute (xmlSecTransformPtr transform, + int last, + xmlSecTransformCtxPtr transformCtx); + +static int +xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) { + +#ifndef XMLSEC_NO_RSA + +#ifndef XMLSEC_NO_MD5 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaMd5Id)) { + return(1); + } else +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_RIPEMD160 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaRipemd160Id)) { + return(1); + } else +#endif /* XMLSEC_NO_RIPEMD160 */ + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha1Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha224Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA224 */ + +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha256Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha384Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha512Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_RSA */ + +#ifndef XMLSEC_NO_GOST + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGost2001GostR3411_94Id)) { + return(1); + } else +#endif /* XMLSEC_NO_GOST */ + +#ifndef XMLSEC_NO_GOST2012 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3410_2012GostR3411_2012_256Id)) { + return(1); + } else + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3410_2012GostR3411_2012_512Id)) { + return(1); + } else +#endif /* XMLSEC_NO_GOST2012 */ + + { + return(0); + } + + return(0); +} + +static int +xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { + xmlSecOpenSSLEvpSignatureCtxPtr ctx; + + xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + + ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx)); + +#ifndef XMLSEC_NO_RSA + +#ifndef XMLSEC_NO_MD5 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaMd5Id)) { + ctx->digest = EVP_md5(); + ctx->keyId = xmlSecOpenSSLKeyDataRsaId; + } else +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_RIPEMD160 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaRipemd160Id)) { + ctx->digest = EVP_ripemd160(); + ctx->keyId = xmlSecOpenSSLKeyDataRsaId; + } else +#endif /* XMLSEC_NO_RIPEMD160 */ + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha1Id)) { + ctx->digest = EVP_sha1(); + ctx->keyId = xmlSecOpenSSLKeyDataRsaId; + } else +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha224Id)) { + ctx->digest = EVP_sha224(); + ctx->keyId = xmlSecOpenSSLKeyDataRsaId; + } else +#endif /* XMLSEC_NO_SHA224 */ + +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha256Id)) { + ctx->digest = EVP_sha256(); + ctx->keyId = xmlSecOpenSSLKeyDataRsaId; + } else +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha384Id)) { + ctx->digest = EVP_sha384(); + ctx->keyId = xmlSecOpenSSLKeyDataRsaId; + } else +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha512Id)) { + ctx->digest = EVP_sha512(); + ctx->keyId = xmlSecOpenSSLKeyDataRsaId; + } else +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_RSA */ + +#ifndef XMLSEC_NO_GOST + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGost2001GostR3411_94Id)) { + ctx->keyId = xmlSecOpenSSLKeyDataGost2001Id; + ctx->digest = EVP_get_digestbyname("md_gost94"); + if (!ctx->digest) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_TRANSFORM, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else +#endif /* XMLSEC_NO_GOST */ + +#ifndef XMLSEC_NO_GOST2012 + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3410_2012GostR3411_2012_256Id)) { + ctx->keyId = xmlSecOpenSSLKeyDataGostR3410_2012_256Id; + ctx->digest = EVP_get_digestbyname("md_gost12_256"); + if (!ctx->digest) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_TRANSFORM, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else + + if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3410_2012GostR3411_2012_512Id)) { + ctx->keyId = xmlSecOpenSSLKeyDataGostR3410_2012_512Id; + ctx->digest = EVP_get_digestbyname("md_gost12_512"); + if (!ctx->digest) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_TRANSFORM, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else +#endif /* XMLSEC_NO_GOST2012 */ + + if(1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_TRANSFORM, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* create digest CTX */ + ctx->digestCtx = EVP_MD_CTX_new(); + if(ctx->digestCtx == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_MD_CTX_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* done */ + return(0); +} + +static void +xmlSecOpenSSLEvpSignatureFinalize(xmlSecTransformPtr transform) { + xmlSecOpenSSLEvpSignatureCtxPtr ctx; + + xmlSecAssert(xmlSecOpenSSLEvpSignatureCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize)); + + ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + xmlSecAssert(ctx != NULL); + + if(ctx->pKey != NULL) { + EVP_PKEY_free(ctx->pKey); + } + + if(ctx->digestCtx != NULL) { + EVP_MD_CTX_free(ctx->digestCtx); + } + + memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx)); +} + +static int +xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecOpenSSLEvpSignatureCtxPtr ctx; + xmlSecKeyDataPtr value; + EVP_PKEY* pKey; + + xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(key != NULL, -1); + + ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->digest != NULL, -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); + + value = xmlSecKeyGetValue(key); + xmlSecAssert2(value != NULL, -1); + + pKey = xmlSecOpenSSLEvpKeyDataGetEvp(value); + if(pKey == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecOpenSSLEvpKeyDataGetEvp", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + if(ctx->pKey != NULL) { + EVP_PKEY_free(ctx->pKey); + } + + ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey); + if(ctx->pKey == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecOpenSSLEvpKeyDup", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + return(0); +} + +static int +xmlSecOpenSSLEvpSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecOpenSSLEvpSignatureCtxPtr ctx; + + xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(keyReq != NULL, -1); + + ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + + keyReq->keyId = ctx->keyId; + if(transform->operation == xmlSecTransformOperationSign) { + keyReq->keyType = xmlSecKeyDataTypePrivate; + keyReq->keyUsage = xmlSecKeyUsageSign; + } else { + keyReq->keyType = xmlSecKeyDataTypePublic; + keyReq->keyUsage = xmlSecKeyUsageVerify; + } + return(0); +} + + +static int +xmlSecOpenSSLEvpSignatureVerify(xmlSecTransformPtr transform, + const xmlSecByte* data, xmlSecSize dataSize, + xmlSecTransformCtxPtr transformCtx) { + xmlSecOpenSSLEvpSignatureCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1); + xmlSecAssert2(data != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->digestCtx != NULL, -1); + + ret = EVP_VerifyFinal(ctx->digestCtx, (xmlSecByte*)data, dataSize, ctx->pKey); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_VerifyFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } else if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_VerifyFinal", + XMLSEC_ERRORS_R_DATA_NOT_MATCH, + "signature do not match"); + transform->status = xmlSecTransformStatusFail; + return(0); + } + + transform->status = xmlSecTransformStatusOk; + return(0); +} + +static int +xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecOpenSSLEvpSignatureCtxPtr ctx; + xmlSecBufferPtr in, out; + xmlSecSize inSize; + xmlSecSize outSize; + int ret; + + xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + in = &(transform->inBuf); + out = &(transform->outBuf); + inSize = xmlSecBufferGetSize(in); + outSize = xmlSecBufferGetSize(out); + + ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->digest != NULL, -1); + xmlSecAssert2(ctx->digestCtx != NULL, -1); + xmlSecAssert2(ctx->pKey != NULL, -1); + + if(transform->status == xmlSecTransformStatusNone) { + xmlSecAssert2(outSize == 0, -1); + + if(transform->operation == xmlSecTransformOperationSign) { + ret = EVP_SignInit(ctx->digestCtx, ctx->digest); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_SignInit", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else { + ret = EVP_VerifyInit(ctx->digestCtx, ctx->digest); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_VerifyInit", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + transform->status = xmlSecTransformStatusWorking; + } + + if((transform->status == xmlSecTransformStatusWorking) && (inSize > 0)) { + xmlSecAssert2(outSize == 0, -1); + + if(transform->operation == xmlSecTransformOperationSign) { + ret = EVP_SignUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_SignUpdate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else { + ret = EVP_VerifyUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_VerifyUpdate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + ret = xmlSecBufferRemoveHead(in, inSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecBufferRemoveHead", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { + xmlSecAssert2(outSize == 0, -1); + if(transform->operation == xmlSecTransformOperationSign) { + unsigned int signSize; + + /* for rsa signatures we get size from EVP_PKEY_size() */ + signSize = EVP_PKEY_size(ctx->pKey); + ret = xmlSecBufferSetMaxSize(out, signSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecBufferSetMaxSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%u", signSize); + return(-1); + } + + ret = EVP_SignFinal(ctx->digestCtx, xmlSecBufferGetData(out), &signSize, ctx->pKey); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_SignFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ret = xmlSecBufferSetSize(out, signSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%u", signSize); + return(-1); + } + } + transform->status = xmlSecTransformStatusFinished; + } + + if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) { + /* the only way we can get here is if there is no input */ + xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_STATUS, + "status=%d", transform->status); + return(-1); + } + + return(0); +} + + +#ifndef XMLSEC_NO_RSA + +#ifndef XMLSEC_NO_MD5 +/**************************************************************************** + * + * RSA-MD5 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecOpenSSLRsaMd5Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaMd5, /* const xmlChar* name; */ + xmlSecHrefRsaMd5, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformRsaMd5GetKlass: + * + * The RSA-MD5 signature transform klass. + * + * Returns: RSA-MD5 signature transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformRsaMd5GetKlass(void) { + return(&xmlSecOpenSSLRsaMd5Klass); +} + +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_RIPEMD160 +/**************************************************************************** + * + * RSA-RIPEMD160 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecOpenSSLRsaRipemd160Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaRipemd160, /* const xmlChar* name; */ + xmlSecHrefRsaRipemd160, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformRsaRipemd160GetKlass: + * + * The RSA-RIPEMD160 signature transform klass. + * + * Returns: RSA-RIPEMD160 signature transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformRsaRipemd160GetKlass(void) { + return(&xmlSecOpenSSLRsaRipemd160Klass); +} + +#endif /* XMLSEC_NO_RIPEMD160 */ + +#ifndef XMLSEC_NO_SHA1 +/**************************************************************************** + * + * RSA-SHA1 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecOpenSSLRsaSha1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha1, /* const xmlChar* name; */ + xmlSecHrefRsaSha1, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformRsaSha1GetKlass: + * + * The RSA-SHA1 signature transform klass. + * + * Returns: RSA-SHA1 signature transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformRsaSha1GetKlass(void) { + return(&xmlSecOpenSSLRsaSha1Klass); +} + +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA224 +/**************************************************************************** + * + * RSA-SHA224 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecOpenSSLRsaSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha224, /* const xmlChar* name; */ + xmlSecHrefRsaSha224, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformRsaSha224GetKlass: + * + * The RSA-SHA224 signature transform klass. + * + * Returns: RSA-SHA224 signature transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformRsaSha224GetKlass(void) { + return(&xmlSecOpenSSLRsaSha224Klass); +} + +#endif /* XMLSEC_NO_SHA224 */ + +#ifndef XMLSEC_NO_SHA256 +/**************************************************************************** + * + * RSA-SHA256 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecOpenSSLRsaSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha256, /* const xmlChar* name; */ + xmlSecHrefRsaSha256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformRsaSha256GetKlass: + * + * The RSA-SHA256 signature transform klass. + * + * Returns: RSA-SHA256 signature transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformRsaSha256GetKlass(void) { + return(&xmlSecOpenSSLRsaSha256Klass); +} + +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 +/**************************************************************************** + * + * RSA-SHA384 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecOpenSSLRsaSha384Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha384, /* const xmlChar* name; */ + xmlSecHrefRsaSha384, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformRsaSha384GetKlass: + * + * The RSA-SHA384 signature transform klass. + * + * Returns: RSA-SHA384 signature transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformRsaSha384GetKlass(void) { + return(&xmlSecOpenSSLRsaSha384Klass); +} + +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 +/**************************************************************************** + * + * RSA-SHA512 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecOpenSSLRsaSha512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha512, /* const xmlChar* name; */ + xmlSecHrefRsaSha512, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformRsaSha512GetKlass: + * + * The RSA-SHA512 signature transform klass. + * + * Returns: RSA-SHA512 signature transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformRsaSha512GetKlass(void) { + return(&xmlSecOpenSSLRsaSha512Klass); +} + +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_RSA */ + +#ifndef XMLSEC_NO_GOST +/**************************************************************************** + * + * GOST2001-GOSTR3411_94 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecOpenSSLGost2001GostR3411_94Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameGost2001GostR3411_94, /* const xmlChar* name; */ + xmlSecHrefGost2001GostR3411_94, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass: + * + * The GOST2001-GOSTR3411_94 signature transform klass. + * + * Returns: GOST2001-GOSTR3411_94 signature transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass(void) { + return(&xmlSecOpenSSLGost2001GostR3411_94Klass); +} +#endif /* XMLSEC_NO_GOST */ + +#ifndef XMLSEC_NO_GOST2012 + +/**************************************************************************** + * + * GOST R 34.10-2012 - GOST R 34.11-2012 256 bit signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecOpenSSLGostR3410_2012GostR3411_2012_256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameGostR3410_2012GostR3411_2012_256, /* const xmlChar* name; */ + xmlSecHrefGostR3410_2012GostR3411_2012_256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformGost3410_2012GostR3411_2012_256GetKlass: + * + * The GOST R 34.10-2012 - GOST R 34.11-2012 256 bit signature transform klass. + * + * Returns: GOST R 34.10-2012 - GOST R 34.11-2012 256 bit signature transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformGostR3410_2012GostR3411_2012_256GetKlass(void) { + return(&xmlSecOpenSSLGostR3410_2012GostR3411_2012_256Klass); +} + + +/**************************************************************************** + * + * GOST R 34.10-2012 - GOST R 34.11-2012 512 bit signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecOpenSSLGostR3410_2012GostR3411_2012_512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameGostR3410_2012GostR3411_2012_512, /* const xmlChar* name; */ + xmlSecHrefGostR3410_2012GostR3411_2012_512, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecOpenSSLTransformGost3410_2012GostR3411_2012_512GetKlass: + * + * The GOST R 34.10-2012 - GOST R 34.11-2012 512 bit signature transform klass. + * + * Returns: GOST R 34.10-2012 - GOST R 34.11-2012 512 bit signature transform klass. + */ +xmlSecTransformId +xmlSecOpenSSLTransformGostR3410_2012GostR3411_2012_512GetKlass(void) { + return(&xmlSecOpenSSLGostR3410_2012GostR3411_2012_512Klass); +} + +#endif /* XMLSEC_NO_GOST2012 */ + + diff --git a/src/openssl/globals.h b/src/openssl/globals.h index 770b6dba..065c3e8f 100644 --- a/src/openssl/globals.h +++ b/src/openssl/globals.h @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef __XMLSEC_GLOBALS_H__ #define __XMLSEC_GLOBALS_H__ diff --git a/src/openssl/hmac.c b/src/openssl/hmac.c index bad1ac03..edfc3af4 100644 --- a/src/openssl/hmac.c +++ b/src/openssl/hmac.c @@ -13,7 +13,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_HMAC #include "globals.h" @@ -33,6 +33,16 @@ #include <xmlsec/openssl/crypto.h> +/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/hmac.html): + * + * HMAC_CTX_new() and HMAC_CTX_free() are new in OpenSSL version 1.1. + */ +#if !defined(XMLSEC_OPENSSL_110) +#define HMAC_CTX_new() ((HMAC_CTX*)calloc(1, sizeof(HMAC_CTX))) +#define HMAC_CTX_free(x) { HMAC_CTX_cleanup((x)); free((x)); } +#endif /* !defined(XMLSEC_OPENSSL_110) */ + + /* sizes in bits */ #define XMLSEC_OPENSSL_MIN_HMAC_SIZE 80 #define XMLSEC_OPENSSL_MAX_HMAC_SIZE (EVP_MAX_MD_SIZE * 8) @@ -75,7 +85,7 @@ void xmlSecOpenSSLHmacSetMinOutputLength(int min_length) typedef struct _xmlSecOpenSSLHmacCtx xmlSecOpenSSLHmacCtx, *xmlSecOpenSSLHmacCtxPtr; struct _xmlSecOpenSSLHmacCtx { const EVP_MD* hmacDgst; - HMAC_CTX hmacCtx; + HMAC_CTX* hmacCtx; int ctxInitialized; xmlSecByte dgst[XMLSEC_OPENSSL_MAX_HMAC_SIZE]; xmlSecSize dgstSize; /* dgst size in bits */ @@ -232,9 +242,18 @@ xmlSecOpenSSLHmacInitialize(xmlSecTransformPtr transform) { return(-1); } -#ifndef XMLSEC_OPENSSL_096 - HMAC_CTX_init(&(ctx->hmacCtx)); -#endif /* XMLSEC_OPENSSL_096 */ + /* create hmac CTX */ + ctx->hmacCtx = HMAC_CTX_new(); + if(ctx->hmacCtx == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "HMAC_CTX_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* done */ return(0); } @@ -248,9 +267,10 @@ xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) { ctx = xmlSecOpenSSLHmacGetCtx(transform); xmlSecAssert(ctx != NULL); -#ifndef XMLSEC_OPENSSL_096 - HMAC_CTX_cleanup(&(ctx->hmacCtx)); -#endif /* XMLSEC_OPENSSL_096 */ + if(ctx->hmacCtx != NULL) { + HMAC_CTX_free(ctx->hmacCtx); + } + memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx)); } @@ -327,6 +347,7 @@ xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecOpenSSLHmacCtxPtr ctx; xmlSecKeyDataPtr value; xmlSecBufferPtr buffer; + int ret; xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); @@ -335,6 +356,7 @@ xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ctx = xmlSecOpenSSLHmacGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->hmacCtx != NULL, -1); xmlSecAssert2(ctx->hmacDgst != NULL, -1); xmlSecAssert2(ctx->ctxInitialized == 0, -1); @@ -354,10 +376,32 @@ xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { } xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); - HMAC_Init(&(ctx->hmacCtx), + +#if (defined(XMLSEC_OPENSSL_098)) + /* no return value in 0.9.8 */ + HMAC_Init_ex(ctx->hmacCtx, + xmlSecBufferGetData(buffer), + xmlSecBufferGetSize(buffer), + ctx->hmacDgst, + NULL); + ret = 1; +#else /* (defined(XMLSEC_OPENSSL_098)) */ + ret = HMAC_Init_ex(ctx->hmacCtx, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), - ctx->hmacDgst); + ctx->hmacDgst, + NULL); +#endif /* (defined(XMLSEC_OPENSSL_098)) */ + + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "HMAC_Init_ex", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + NULL); + return(-1); + } + ctx->ctxInitialized = 1; return(0); } @@ -448,6 +492,7 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform ctx = xmlSecOpenSSLHmacGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->ctxInitialized != 0, -1); + xmlSecAssert2(ctx->hmacCtx != NULL, -1); if(transform->status == xmlSecTransformStatusNone) { /* we should be already initialized when we set key */ @@ -459,7 +504,7 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform inSize = xmlSecBufferGetSize(in); if(inSize > 0) { - HMAC_Update(&(ctx->hmacCtx), xmlSecBufferGetData(in), inSize); + HMAC_Update(ctx->hmacCtx, xmlSecBufferGetData(in), inSize); ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { @@ -475,7 +520,7 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform if(last) { unsigned int dgstSize; - HMAC_Final(&(ctx->hmacCtx), ctx->dgst, &dgstSize); + HMAC_Final(ctx->hmacCtx, ctx->dgst, &dgstSize); xmlSecAssert2(dgstSize > 0, -1); /* check/set the result digest size */ diff --git a/src/openssl/kt_rsa.c b/src/openssl/kt_rsa.c index 1cf1aba1..8d47e427 100644 --- a/src/openssl/kt_rsa.c +++ b/src/openssl/kt_rsa.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -785,8 +785,17 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr } outSize = ret; } else if((transform->operation == xmlSecTransformOperationDecrypt) && (paramsSize != 0)) { - BIGNUM bn; + BIGNUM * bn; + bn = BN_new(); + if(bn == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "BN_new()", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in), xmlSecBufferGetData(out), ctx->pKey->pkey.rsa, RSA_NO_PADDING); @@ -796,6 +805,7 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr "RSA_private_decrypt(RSA_NO_PADDING)", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + BN_free(bn); return(-1); } outSize = ret; @@ -806,28 +816,27 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr * beggining so I have to do decode it back to BIGNUM and dump * buffer again */ - BN_init(&bn); - if(BN_bin2bn(xmlSecBufferGetData(out), outSize, &bn) == NULL) { + if(BN_bin2bn(xmlSecBufferGetData(out), outSize, bn) == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "BN_bin2bn", XMLSEC_ERRORS_R_CRYPTO_FAILED, "size=%d", outSize); - BN_clear_free(&bn); + BN_free(bn); return(-1); } - ret = BN_bn2bin(&bn, xmlSecBufferGetData(out)); + ret = BN_bn2bin(bn, xmlSecBufferGetData(out)); if(ret <= 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "BN_bn2bin", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); - BN_clear_free(&bn); + BN_free(bn); return(-1); } - BN_clear_free(&bn); + BN_free(bn); outSize = ret; ret = RSA_padding_check_PKCS1_OAEP(xmlSecBufferGetData(out), outSize, @@ -845,7 +854,12 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr } outSize = ret; } else { - xmlSecAssert2("we could not be here" == NULL, -1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "Unexpected trasnform operation: %d; paramsSize: %d", + (int)transform->operation, (int)paramsSize); return(-1); } diff --git a/src/openssl/kw_aes.c b/src/openssl/kw_aes.c index 573fb985..8e71148e 100644 --- a/src/openssl/kw_aes.c +++ b/src/openssl/kw_aes.c @@ -7,10 +7,9 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_AES -#ifndef XMLSEC_OPENSSL_096 #include "globals.h" #include <stdlib.h> @@ -508,6 +507,4 @@ xmlSecOpenSSLKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize, return(AES_BLOCK_SIZE); } - -#endif /* XMLSEC_OPENSSL_096 */ #endif /* XMLSEC_NO_AES */ diff --git a/src/openssl/kw_des.c b/src/openssl/kw_des.c index 9d55e107..c9642579 100644 --- a/src/openssl/kw_des.c +++ b/src/openssl/kw_des.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2010 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_DES #include "globals.h" @@ -505,7 +505,7 @@ xmlSecOpenSSLKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, const xmlSecByte *in, xmlSecSize inSize, xmlSecByte *out, xmlSecSize outSize, int enc) { - EVP_CIPHER_CTX cipherCtx; + EVP_CIPHER_CTX * cipherCtx; int updateLen; int finalLen; int ret; @@ -519,42 +519,55 @@ xmlSecOpenSSLKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, xmlSecAssert2(out != NULL, -1); xmlSecAssert2(outSize >= inSize, -1); - EVP_CIPHER_CTX_init(&cipherCtx); - ret = EVP_CipherInit(&cipherCtx, EVP_des_ede3_cbc(), key, iv, enc); + cipherCtx = EVP_CIPHER_CTX_new(); + if(cipherCtx == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "EVP_CIPHER_CTX_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ret = EVP_CipherInit(cipherCtx, EVP_des_ede3_cbc(), key, iv, enc); if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "EVP_CipherInit", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + EVP_CIPHER_CTX_free(cipherCtx); return(-1); } -#ifndef XMLSEC_OPENSSL_096 - EVP_CIPHER_CTX_set_padding(&cipherCtx, 0); -#endif /* XMLSEC_OPENSSL_096 */ + EVP_CIPHER_CTX_set_padding(cipherCtx, 0); - ret = EVP_CipherUpdate(&cipherCtx, out, &updateLen, in, inSize); + ret = EVP_CipherUpdate(cipherCtx, out, &updateLen, in, inSize); if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "EVP_CipherUpdate", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + EVP_CIPHER_CTX_free(cipherCtx); return(-1); } - ret = EVP_CipherFinal(&cipherCtx, out + updateLen, &finalLen); + ret = EVP_CipherFinal(cipherCtx, out + updateLen, &finalLen); if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "EVP_CipherFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + EVP_CIPHER_CTX_free(cipherCtx); return(-1); } - EVP_CIPHER_CTX_cleanup(&cipherCtx); + /* cleanup */ + EVP_CIPHER_CTX_free(cipherCtx); + + /* done */ return(updateLen + finalLen); } diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c index 7e3dbc7d..5cb6f7b8 100644 --- a/src/openssl/signatures.c +++ b/src/openssl/signatures.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -22,92 +22,145 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> +/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html): + * + * EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1. + */ +#if !defined(XMLSEC_OPENSSL_110) +#define EVP_MD_CTX_new() EVP_MD_CTX_create() +#define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy((x)) +#define EVP_MD_CTX_md_data(x) ((x)->md_data) + #ifndef XMLSEC_NO_DSA +/* we expect the r/s to be NOT NULL */ +static void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, ECDSA_SIG *sig) { + if (pr != NULL) { + if(sig->r == NULL) { + sig->r = BN_new(); + } + *pr = sig->r; + } + if (ps != NULL) { + if(sig->s == NULL) { + sig->s = BN_new(); + } + *ps = sig->s; + } +} +#endif /* XMLSEC_NO_ECDSA */ -#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE (20 * 2) +#endif /* !defined(XMLSEC_OPENSSL_110) */ -#ifndef XMLSEC_NO_SHA1 -static const EVP_MD *xmlSecOpenSSLDsaSha1Evp (void); -#endif /* XMLSEC_NO_SHA1 */ +/* Preparation for OpenSSL 1.1.0 compatibility: we expect the r/s to be NOT NULL */ +#ifndef XMLSEC_NO_DSA +static void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, DSA_SIG *sig) { + if (pr != NULL) { + if(sig->r == NULL) { + sig->r = BN_new(); + } + *pr = sig->r; + } + if (ps != NULL) { + if(sig->s == NULL) { + sig->s = BN_new(); + } + *ps = sig->s; + } +} +#endif /* XMLSEC_NO_DSA */ -#ifndef XMLSEC_NO_SHA256 -#ifdef XMLSEC_OPENSSL_100 -static const EVP_MD *xmlSecOpenSSLDsaSha256Evp (void); -#endif /* XMLSEC_OPENSSL_100 */ -#endif /* XMLSEC_NO_SHA256 */ -#endif /* XMLSEC_NO_DSA */ -#ifndef XMLSEC_NO_ECDSA -#define XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE ((512 / 8) * 2) +/************************************************************************** + * + * Internal OpenSSL signatures ctx: forward declarations + * + *****************************************************************************/ +typedef struct _xmlSecOpenSSLSignatureCtx xmlSecOpenSSLSignatureCtx, + *xmlSecOpenSSLSignatureCtxPtr; -#ifndef XMLSEC_NO_SHA1 -static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp (void); -#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_DSA -#ifndef XMLSEC_NO_SHA224 -static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp (void); -#endif /* XMLSEC_NO_SHA224 */ +static int xmlSecOpenSSLSignatureDsaSign (xmlSecOpenSSLSignatureCtxPtr ctx, + xmlSecBufferPtr out); +static int xmlSecOpenSSLSignatureDsaVerify (xmlSecOpenSSLSignatureCtxPtr ctx, + const xmlSecByte* signData, + xmlSecSize signSize); +#endif /* XMLSEC_NO_DSA */ -#ifndef XMLSEC_NO_SHA256 -static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp (void); -#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_ECDSA -#ifndef XMLSEC_NO_SHA384 -static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp (void); -#endif /* XMLSEC_NO_SHA384 */ +static int xmlSecOpenSSLSignatureEcdsaSign (xmlSecOpenSSLSignatureCtxPtr ctx, + xmlSecBufferPtr out); +static int xmlSecOpenSSLSignatureEcdsaVerify (xmlSecOpenSSLSignatureCtxPtr ctx, + const xmlSecByte* signData, + xmlSecSize signSize); -#ifndef XMLSEC_NO_SHA512 -static const EVP_MD *xmlSecOpenSSLEcdsaSha512Evp (void); -#endif /* XMLSEC_NO_SHA512 */ #endif /* XMLSEC_NO_ECDSA */ + + +/************************************************************************** + * + * Sign/verify callbacks + * + *****************************************************************************/ +typedef int (*xmlSecOpenSSLSignatureSignCallback) (xmlSecOpenSSLSignatureCtxPtr ctx, + xmlSecBufferPtr out); +typedef int (*xmlSecOpenSSLSignatureVerifyCallback) (xmlSecOpenSSLSignatureCtxPtr ctx, + const xmlSecByte* signData, + xmlSecSize signSize); + /************************************************************************** * - * Internal OpenSSL evp signatures ctx + * Internal OpenSSL signatures ctx * *****************************************************************************/ -typedef struct _xmlSecOpenSSLEvpSignatureCtx xmlSecOpenSSLEvpSignatureCtx, - *xmlSecOpenSSLEvpSignatureCtxPtr; -struct _xmlSecOpenSSLEvpSignatureCtx { - const EVP_MD* digest; - EVP_MD_CTX digestCtx; - xmlSecKeyDataId keyId; - EVP_PKEY* pKey; +struct _xmlSecOpenSSLSignatureCtx { + const EVP_MD* digest; + EVP_MD_CTX* digestCtx; + xmlSecKeyDataId keyId; + xmlSecOpenSSLSignatureSignCallback signCallback; + xmlSecOpenSSLSignatureVerifyCallback verifyCallback; + EVP_PKEY* pKey; + unsigned char dgst[EVP_MAX_MD_SIZE]; + unsigned int dgstSize; }; + + /****************************************************************************** * - * EVP Signature transforms + * Signature transforms * - * xmlSecOpenSSLEvpSignatureCtx is located after xmlSecTransform + * xmlSecOpenSSLSignatureCtx is located after xmlSecTransform * *****************************************************************************/ -#define xmlSecOpenSSLEvpSignatureSize \ - (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLEvpSignatureCtx)) -#define xmlSecOpenSSLEvpSignatureGetCtx(transform) \ - ((xmlSecOpenSSLEvpSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) - -static int xmlSecOpenSSLEvpSignatureCheckId (xmlSecTransformPtr transform); -static int xmlSecOpenSSLEvpSignatureInitialize (xmlSecTransformPtr transform); -static void xmlSecOpenSSLEvpSignatureFinalize (xmlSecTransformPtr transform); -static int xmlSecOpenSSLEvpSignatureSetKeyReq (xmlSecTransformPtr transform, +#define xmlSecOpenSSLSignatureSize \ + (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLSignatureCtx)) +#define xmlSecOpenSSLSignatureGetCtx(transform) \ + ((xmlSecOpenSSLSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) + +static int xmlSecOpenSSLSignatureCheckId (xmlSecTransformPtr transform); +static int xmlSecOpenSSLSignatureInitialize (xmlSecTransformPtr transform); +static void xmlSecOpenSSLSignatureFinalize (xmlSecTransformPtr transform); +static int xmlSecOpenSSLSignatureSetKeyReq (xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq); -static int xmlSecOpenSSLEvpSignatureSetKey (xmlSecTransformPtr transform, +static int xmlSecOpenSSLSignatureSetKey (xmlSecTransformPtr transform, xmlSecKeyPtr key); -static int xmlSecOpenSSLEvpSignatureVerify (xmlSecTransformPtr transform, +static int xmlSecOpenSSLSignatureVerify (xmlSecTransformPtr transform, const xmlSecByte* data, xmlSecSize dataSize, xmlSecTransformCtxPtr transformCtx); -static int xmlSecOpenSSLEvpSignatureExecute (xmlSecTransformPtr transform, +static int xmlSecOpenSSLSignatureExecute (xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx); static int -xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) { +xmlSecOpenSSLSignatureCheckId(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_DSA #ifndef XMLSEC_NO_SHA1 @@ -158,58 +211,6 @@ xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_ECDSA */ -#ifndef XMLSEC_NO_RSA - -#ifndef XMLSEC_NO_MD5 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaMd5Id)) { - return(1); - } else -#endif /* XMLSEC_NO_MD5 */ - -#ifndef XMLSEC_NO_RIPEMD160 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaRipemd160Id)) { - return(1); - } else -#endif /* XMLSEC_NO_RIPEMD160 */ - -#ifndef XMLSEC_NO_SHA1 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha1Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA1 */ - -#ifndef XMLSEC_NO_SHA224 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha224Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA224 */ - -#ifndef XMLSEC_NO_SHA256 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha256Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA256 */ - -#ifndef XMLSEC_NO_SHA384 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha384Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA384 */ - -#ifndef XMLSEC_NO_SHA512 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha512Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA512 */ - -#endif /* XMLSEC_NO_RSA */ - -#ifndef XMLSEC_NO_GOST - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGost2001GostR3411_94Id)) { - return(1); - } else -#endif /* XMLSEC_NO_GOST*/ - { return(0); } @@ -218,33 +219,36 @@ xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) { } static int -xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; +xmlSecOpenSSLSignatureInitialize(xmlSecTransformPtr transform) { + xmlSecOpenSSLSignatureCtxPtr ctx; + int ret; - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(xmlSecOpenSSLSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize), -1); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); - memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx)); + memset(ctx, 0, sizeof(xmlSecOpenSSLSignatureCtx)); #ifndef XMLSEC_NO_DSA #ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha1Id)) { - ctx->digest = xmlSecOpenSSLDsaSha1Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataDsaId; + ctx->digest = EVP_sha1(); + ctx->keyId = xmlSecOpenSSLKeyDataDsaId; + ctx->signCallback = xmlSecOpenSSLSignatureDsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureDsaVerify; } else #endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_SHA256 -#ifdef XMLSEC_OPENSSL_100 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha256Id)) { - ctx->digest = xmlSecOpenSSLDsaSha256Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataDsaId; + ctx->digest = EVP_sha256(); + ctx->keyId = xmlSecOpenSSLKeyDataDsaId; + ctx->signCallback = xmlSecOpenSSLSignatureDsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureDsaVerify; } else -#endif /* XMLSEC_OPENSSL_100 */ #endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ @@ -253,157 +257,118 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha1Id)) { - ctx->digest = xmlSecOpenSSLEcdsaSha1Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->digest = EVP_sha1(); + ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->signCallback = xmlSecOpenSSLSignatureEcdsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureEcdsaVerify; } else #endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_SHA224 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha224Id)) { - ctx->digest = xmlSecOpenSSLEcdsaSha224Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->digest = EVP_sha224(); + ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->signCallback = xmlSecOpenSSLSignatureEcdsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureEcdsaVerify; } else #endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha256Id)) { - ctx->digest = xmlSecOpenSSLEcdsaSha256Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->digest = EVP_sha256(); + ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->signCallback = xmlSecOpenSSLSignatureEcdsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureEcdsaVerify; } else #endif /* XMLSEC_NO_SHA256 */ #ifndef XMLSEC_NO_SHA384 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha384Id)) { - ctx->digest = xmlSecOpenSSLEcdsaSha384Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->digest = EVP_sha384(); + ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->signCallback = xmlSecOpenSSLSignatureEcdsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureEcdsaVerify; } else #endif /* XMLSEC_NO_SHA384 */ #ifndef XMLSEC_NO_SHA512 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha512Id)) { - ctx->digest = xmlSecOpenSSLEcdsaSha512Evp(); - ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->digest = EVP_sha512(); + ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId; + ctx->signCallback = xmlSecOpenSSLSignatureEcdsaSign; + ctx->verifyCallback = xmlSecOpenSSLSignatureEcdsaVerify; } else #endif /* XMLSEC_NO_SHA512 */ #endif /* XMLSEC_NO_ECDSA */ -#ifndef XMLSEC_NO_RSA - -#ifndef XMLSEC_NO_MD5 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaMd5Id)) { - ctx->digest = EVP_md5(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_MD5 */ - -#ifndef XMLSEC_NO_RIPEMD160 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaRipemd160Id)) { - ctx->digest = EVP_ripemd160(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_RIPEMD160 */ - -#ifndef XMLSEC_NO_SHA1 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha1Id)) { - ctx->digest = EVP_sha1(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_SHA1 */ - -#ifndef XMLSEC_NO_SHA224 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha224Id)) { - ctx->digest = EVP_sha224(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_SHA224 */ - -#ifndef XMLSEC_NO_SHA256 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha256Id)) { - ctx->digest = EVP_sha256(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_SHA256 */ - -#ifndef XMLSEC_NO_SHA384 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha384Id)) { - ctx->digest = EVP_sha384(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_SHA384 */ - -#ifndef XMLSEC_NO_SHA512 - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha512Id)) { - ctx->digest = EVP_sha512(); - ctx->keyId = xmlSecOpenSSLKeyDataRsaId; - } else -#endif /* XMLSEC_NO_SHA512 */ - -#endif /* XMLSEC_NO_RSA */ - -#ifndef XMLSEC_NO_GOST - if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGost2001GostR3411_94Id)) { - ctx->keyId = xmlSecOpenSSLKeyDataGost2001Id; - ctx->digest = EVP_get_digestbyname("md_gost94"); - if (!ctx->digest) - { + if(1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_TRANSFORM, XMLSEC_ERRORS_NO_MESSAGE); return(-1); - } - } else -#endif /* XMLSEC_NO_GOST*/ + } - if(1) { + /* create/init digest CTX */ + ctx->digestCtx = EVP_MD_CTX_new(); + if(ctx->digestCtx == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, + "EVP_MD_CTX_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ret = EVP_DigestInit(ctx->digestCtx, ctx->digest); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_DigestInit", + XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } -#ifndef XMLSEC_OPENSSL_096 - EVP_MD_CTX_init(&(ctx->digestCtx)); -#endif /* XMLSEC_OPENSSL_096 */ + /* done */ return(0); } static void -xmlSecOpenSSLEvpSignatureFinalize(xmlSecTransformPtr transform) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; +xmlSecOpenSSLSignatureFinalize(xmlSecTransformPtr transform) { + xmlSecOpenSSLSignatureCtxPtr ctx; - xmlSecAssert(xmlSecOpenSSLEvpSignatureCheckId(transform)); - xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize)); + xmlSecAssert(xmlSecOpenSSLSignatureCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize)); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert(ctx != NULL); if(ctx->pKey != NULL) { EVP_PKEY_free(ctx->pKey); } -#ifndef XMLSEC_OPENSSL_096 - EVP_MD_CTX_cleanup(&(ctx->digestCtx)); -#endif /* XMLSEC_OPENSSL_096 */ - memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx)); + if(ctx->digestCtx != NULL) { + EVP_MD_CTX_free(ctx->digestCtx); + } + + memset(ctx, 0, sizeof(xmlSecOpenSSLSignatureCtx)); } static int -xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; +xmlSecOpenSSLSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecOpenSSLSignatureCtxPtr ctx; xmlSecKeyDataPtr value; EVP_PKEY* pKey; - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecOpenSSLSignatureCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize), -1); xmlSecAssert2(key != NULL, -1); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->digest != NULL, -1); xmlSecAssert2(ctx->keyId != NULL, -1); @@ -440,15 +405,15 @@ xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) } static int -xmlSecOpenSSLEvpSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; +xmlSecOpenSSLSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecOpenSSLSignatureCtxPtr ctx; - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecOpenSSLSignatureCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize), -1); xmlSecAssert2(keyReq != NULL, -1); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->keyId != NULL, -1); @@ -465,136 +430,95 @@ xmlSecOpenSSLEvpSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPt static int -xmlSecOpenSSLEvpSignatureVerify(xmlSecTransformPtr transform, +xmlSecOpenSSLSignatureVerify(xmlSecTransformPtr transform, const xmlSecByte* data, xmlSecSize dataSize, xmlSecTransformCtxPtr transformCtx) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; + xmlSecOpenSSLSignatureCtxPtr ctx; int ret; - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecOpenSSLSignatureCheckId(transform), -1); xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize), -1); xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1); xmlSecAssert2(data != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->verifyCallback != NULL, -1); + xmlSecAssert2(ctx->dgstSize > 0, -1); - ret = EVP_VerifyFinal(&(ctx->digestCtx), (xmlSecByte*)data, dataSize, ctx->pKey); + ret = (ctx->verifyCallback)(ctx, data, dataSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, + "verifyCallback", + XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); - } else if(ret != 1) { + } + + /* check signature results */ + if(ret == 1) { + transform->status = xmlSecTransformStatusOk; + } else { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyFinal", + "verifyCallback", XMLSEC_ERRORS_R_DATA_NOT_MATCH, "signature do not match"); transform->status = xmlSecTransformStatusFail; - return(0); } - transform->status = xmlSecTransformStatusOk; + /* done */ return(0); } static int -xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { - xmlSecOpenSSLEvpSignatureCtxPtr ctx; +xmlSecOpenSSLSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecOpenSSLSignatureCtxPtr ctx; xmlSecBufferPtr in, out; xmlSecSize inSize; xmlSecSize outSize; int ret; - xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecOpenSSLSignatureCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLSignatureSize), -1); xmlSecAssert2(transformCtx != NULL, -1); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->signCallback != NULL, -1); + xmlSecAssert2(ctx->verifyCallback != NULL, -1); in = &(transform->inBuf); out = &(transform->outBuf); inSize = xmlSecBufferGetSize(in); outSize = xmlSecBufferGetSize(out); - ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform); + ctx = xmlSecOpenSSLSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->digest != NULL, -1); + xmlSecAssert2(ctx->digestCtx != NULL, -1); xmlSecAssert2(ctx->pKey != NULL, -1); if(transform->status == xmlSecTransformStatusNone) { xmlSecAssert2(outSize == 0, -1); - - if(transform->operation == xmlSecTransformOperationSign) { -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_SignInit(&(ctx->digestCtx), ctx->digest); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -#else /* XMLSEC_OPENSSL_096 */ - EVP_SignInit(&(ctx->digestCtx), ctx->digest); -#endif /* XMLSEC_OPENSSL_096 */ - } else { -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_VerifyInit(&(ctx->digestCtx), ctx->digest); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -#else /* XMLSEC_OPENSSL_096 */ - EVP_VerifyInit(&(ctx->digestCtx), ctx->digest); -#endif /* XMLSEC_OPENSSL_096 */ - } transform->status = xmlSecTransformStatusWorking; } if((transform->status == xmlSecTransformStatusWorking) && (inSize > 0)) { xmlSecAssert2(outSize == 0, -1); - if(transform->operation == xmlSecTransformOperationSign) { -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -#else /* XMLSEC_OPENSSL_096 */ - EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); -#endif /* XMLSEC_OPENSSL_096 */ - } else { -#ifndef XMLSEC_OPENSSL_096 - ret = EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -#else /* XMLSEC_OPENSSL_096 */ - EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); -#endif /* XMLSEC_OPENSSL_096 */ + ret = EVP_DigestUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_DigestUpdate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); @@ -610,54 +534,32 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { xmlSecAssert2(outSize == 0, -1); - if(transform->operation == xmlSecTransformOperationSign) { - unsigned int signSize; - /* this is a hack: for rsa signatures - * we get size from EVP_PKEY_size(), - * for dsa signature we use a fixed constant */ - signSize = EVP_PKEY_size(ctx->pKey); -#ifndef XMLSEC_NO_DSA - if(signSize < XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) { - signSize = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE; - } -#endif /* XMLSEC_NO_DSA */ -#ifndef XMLSEC_NO_ECDSA - if(signSize < XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE) { - signSize = XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE; - } -#endif /* XMLSEC_NO_ECDSA */ + ret = EVP_DigestFinal(ctx->digestCtx, ctx->dgst, &ctx->dgstSize); + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "EVP_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + xmlSecAssert2(ctx->dgstSize > 0, -1); - ret = xmlSecBufferSetMaxSize(out, signSize); + /* sign right away, verify will wait till separate call */ + if(transform->operation == xmlSecTransformOperationSign) { + ret = (ctx->signCallback)(ctx, out); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", + "signCallback", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%u", signSize); - return(-1); - } - - ret = EVP_SignFinal(&(ctx->digestCtx), xmlSecBufferGetData(out), &signSize, ctx->pKey); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } - - ret = xmlSecBufferSetSize(out, signSize); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%u", signSize); - return(-1); - } } + + /* done! */ transform->status = xmlSecTransformStatusFinished; } @@ -677,6 +579,7 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT } #ifndef XMLSEC_NO_DSA + /**************************************************************************** * * DSA EVP @@ -704,81 +607,257 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT * ***************************************************************************/ static int -xmlSecOpenSSLDsaEvpSign(int type ATTRIBUTE_UNUSED, - const unsigned char *dgst, unsigned int dlen, - unsigned char *sig, unsigned int *siglen, void *dsa) { - DSA_SIG *s; - int rSize, sSize; - - s = DSA_do_sign(dgst, dlen, dsa); - if(s == NULL) { - *siglen=0; - return(0); +xmlSecOpenSSLSignatureDsaSign(xmlSecOpenSSLSignatureCtxPtr ctx, xmlSecBufferPtr out) { + DSA * dsaKey = NULL; + DSA_SIG *sig = NULL; + BIGNUM *rr = NULL, *ss = NULL; + xmlSecByte *outData; + xmlSecSize dsaSignSize, signHalfSize, rSize, sSize; + int res = -1; + int ret; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pKey != NULL, -1); + xmlSecAssert2(ctx->dgstSize > 0, -1); + xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1); + xmlSecAssert2(out != NULL, -1); + + /* get key */ + dsaKey = EVP_PKEY_get1_DSA(ctx->pKey); + if(dsaKey == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "EVP_PKEY_get1_DSA", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } - rSize = BN_num_bytes(s->r); - sSize = BN_num_bytes(s->s); - if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) || - (sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) { + /* signature size = r + s + 8 bytes, we just need r+s */ + dsaSignSize = DSA_size(dsaKey); + if(dsaSignSize < 8) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, + "DSA_size", + XMLSEC_ERRORS_R_INVALID_SIZE, + "dsaSignSize=%d", (int)dsaSignSize); + goto done; + } + + signHalfSize = (dsaSignSize - 8) / 2; + if(signHalfSize < 4) { + xmlSecError(XMLSEC_ERRORS_HERE, NULL, + "signHalfSize", XMLSEC_ERRORS_R_INVALID_SIZE, - "size(r)=%d or size(s)=%d > %d", - rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2); - DSA_SIG_free(s); - return(0); + "signHalfSize=%d", (int)signHalfSize); + goto done; } - memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE); - BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize); - BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize); - *siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE; + /* calculate signature */ + sig = DSA_do_sign(ctx->dgst, ctx->dgstSize, dsaKey); + if(sig == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_do_sign", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } - DSA_SIG_free(s); - return(1); + /* get signature components */ + DSA_SIG_get0(&rr, &ss, sig); + if((rr == NULL) || (ss == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_SIG_get0", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + rSize = BN_num_bytes(rr); + if(rSize > signHalfSize) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_SIZE, + "rSize=%d > %d", + rSize, signHalfSize); + goto done; + } + sSize = BN_num_bytes(ss); + if(sSize > signHalfSize) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_SIZE, + "sSize=%d > %d", + sSize, signHalfSize); + goto done; + } + + /* allocate buffer */ + ret = xmlSecBufferSetSize(out, 2 * signHalfSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", (int)(2 * signHalfSize)); + goto done; + } + outData = xmlSecBufferGetData(out); + xmlSecAssert2(outData != NULL, -1); + + /* write components */ + xmlSecAssert2((rSize + sSize) <= 2 * signHalfSize, -1); + memset(outData, 0, 2 * signHalfSize); + BN_bn2bin(rr, outData + signHalfSize - rSize); + BN_bn2bin(ss, outData + 2 * signHalfSize - sSize); + + /* success */ + res = 0; + +done: + /* cleanup */ + if(sig != NULL) { + DSA_SIG_free(sig); + } + if(dsaKey != NULL) { + DSA_free(dsaKey); + } + + /* done */ + return(res); } static int -xmlSecOpenSSLDsaEvpVerify(int type ATTRIBUTE_UNUSED, - const unsigned char *dgst, unsigned int dgst_len, - const unsigned char *sigbuf, unsigned int siglen, - void *dsa) { - DSA_SIG *s; - int ret = -1; +xmlSecOpenSSLSignatureDsaVerify(xmlSecOpenSSLSignatureCtxPtr ctx, const xmlSecByte* signData, xmlSecSize signSize) { + DSA * dsaKey = NULL; + DSA_SIG *sig = NULL; + BIGNUM *rr = NULL, *ss = NULL; + xmlSecSize dsaSignSize, signHalfSize; + int res = -1; + int ret; - s = DSA_SIG_new(); - if (s == NULL) { - return(ret); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pKey != NULL, -1); + xmlSecAssert2(ctx->dgstSize > 0, -1); + xmlSecAssert2(signData != NULL, -1); + + /* get key */ + dsaKey = EVP_PKEY_get1_DSA(ctx->pKey); + if(dsaKey == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "EVP_PKEY_get1_DSA", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* signature size = r + s + 8 bytes, we just need r+s */ + dsaSignSize = DSA_size(dsaKey); + if(dsaSignSize < 8) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_size", + XMLSEC_ERRORS_R_INVALID_SIZE, + "dsaSignSize=%d", (int)dsaSignSize); + goto done; + } + + signHalfSize = (dsaSignSize - 8) / 2; + if(signHalfSize < 4) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "signHalfSize", + XMLSEC_ERRORS_R_INVALID_SIZE, + "signHalfSize=%d", (int)signHalfSize); + goto done; } - if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) { + /* check size */ + if(signSize != 2 * signHalfSize) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_SIZE, "invalid length %d (%d expected)", - siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE); + (int)signSize, (int)(2 * signHalfSize)); goto done; } - s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL); - s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2), - XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL); - if((s->r == NULL) || (s->s == NULL)) { + /* create/read signature */ + sig = DSA_SIG_new(); + if (sig == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "BN_bin2bn", + "DSA_SIG_new", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } - ret = DSA_do_verify(dgst, dgst_len, s, dsa); + /* get signature components */ + DSA_SIG_get0(&rr, &ss, sig); + if((rr == NULL) || (ss == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_SIG_get0", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + rr = BN_bin2bn(signData, signHalfSize, rr); + if(rr == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BN_bin2bn(sig->r)", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + ss = BN_bin2bn(signData + signHalfSize, signHalfSize, ss); + if(ss == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BN_bin2bn(sig->s)", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* verify signature */ + ret = DSA_do_verify(ctx->dgst, ctx->dgstSize, sig, dsaKey); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_do_verify", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* return 1 for good signatures and 0 for bad */ + if(ret > 0) { + res = 1; + } else if(ret == 0) { + res = 0; + } done: - DSA_SIG_free(s); - return(ret); + /* cleanup */ + if(sig != NULL) { + DSA_SIG_free(sig); + } + if(dsaKey != NULL) { + DSA_free(dsaKey); + } + + /* done */ + return(res); } #ifndef XMLSEC_NO_SHA1 @@ -791,25 +870,25 @@ done: static xmlSecTransformKlass xmlSecOpenSSLDsaSha1Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameDsaSha1, /* const xmlChar* name; */ xmlSecHrefDsaSha1, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -827,57 +906,6 @@ xmlSecOpenSSLTransformDsaSha1GetKlass(void) { return(&xmlSecOpenSSLDsaSha1Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLDsaSha1EvpInit(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLDsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLDsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLDsaSha1MdEvp = { - NID_dsaWithSHA, - NID_dsaWithSHA, - SHA_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLDsaSha1EvpInit, - xmlSecOpenSSLDsaSha1EvpUpdate, - xmlSecOpenSSLDsaSha1EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA1_Init, - SHA1_Update, - SHA1_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLDsaEvpSign, - xmlSecOpenSSLDsaEvpVerify, - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0}, - SHA_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA_CTX) -#ifdef XMLSEC_OPENSSL_100 - , NULL -#endif /* XMLSEC_OPENSSL_100 */ -}; - -static const EVP_MD *xmlSecOpenSSLDsaSha1Evp(void) -{ - return(&xmlSecOpenSSLDsaSha1MdEvp); -} - #endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_SHA256 @@ -890,25 +918,25 @@ static const EVP_MD *xmlSecOpenSSLDsaSha1Evp(void) static xmlSecTransformKlass xmlSecOpenSSLDsaSha256Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameDsaSha256, /* const xmlChar* name; */ xmlSecHrefDsaSha256, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -926,50 +954,6 @@ xmlSecOpenSSLTransformDsaSha256GetKlass(void) { return(&xmlSecOpenSSLDsaSha256Klass); } -#ifdef XMLSEC_OPENSSL_100 -static int -xmlSecOpenSSLDsaSha256EvpInit(EVP_MD_CTX *ctx) -{ - return SHA256_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLDsaSha256EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA256_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLDsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA256_Final(md,ctx->md_data); -} - -static const EVP_MD xmlSecOpenSSLDsaSha256MdEvp = { - NID_dsa_with_SHA256, - NID_dsa_with_SHA256, - SHA256_DIGEST_LENGTH, - 0, - xmlSecOpenSSLDsaSha256EvpInit, - xmlSecOpenSSLDsaSha256EvpUpdate, - xmlSecOpenSSLDsaSha256EvpFinal, - NULL, - NULL, - xmlSecOpenSSLDsaEvpSign, - xmlSecOpenSSLDsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0}, - SHA256_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA256_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLDsaSha256Evp(void) -{ - return(&xmlSecOpenSSLDsaSha256MdEvp); -} -#endif /* XMLSEC_OPENSSL_100 */ - #endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ @@ -991,26 +975,18 @@ static const EVP_MD *xmlSecOpenSSLDsaSha256Evp(void) * octet-stream conversion MUST be done according to the I2OSP operation * defined in Section 4.1 of RFC 3447 [PKCS1] with the xLen parameter equal * to the size of the base point order of the curve in bytes (32 for the - * P-256 curve). + * P-256 curve and 66 for the P-521 curve). * ***************************************************************************/ -static int -xmlSecOpenSSLEcdsaEvpSign(int type ATTRIBUTE_UNUSED, - const unsigned char *dgst, unsigned int dlen, - unsigned char *sig, unsigned int *siglen, void *ecdsa) { - int rSize, sSize, xLen; +static xmlSecSize +xmlSecOpenSSLSignatureEcdsaSignatureHalfSize(EC_KEY * ecKey) { const EC_GROUP *group; BIGNUM *order = NULL; - ECDSA_SIG *s; - int ret = 0; + xmlSecSize signHalfSize = 0; - s = ECDSA_do_sign(dgst, dlen, ecdsa); - if(s == NULL) { - *siglen = 0; - return(ret); - } + xmlSecAssert2(ecKey != NULL, 0); - group = EC_KEY_get0_group(ecdsa); + group = EC_KEY_get0_group(ecKey); if(group == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, @@ -1039,129 +1015,256 @@ xmlSecOpenSSLEcdsaEvpSign(int type ATTRIBUTE_UNUSED, goto done; } - xLen = BN_num_bytes(order); - if(xLen > (XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2)) { + /* result */ + signHalfSize = BN_num_bytes(order); + +done: + /* cleanup */ + if(order != NULL) { + BN_clear_free(order); + } + + /* done */ + return(signHalfSize); +} + + +static int +xmlSecOpenSSLSignatureEcdsaSign(xmlSecOpenSSLSignatureCtxPtr ctx, xmlSecBufferPtr out) { + EC_KEY * ecKey = NULL; + ECDSA_SIG *sig = NULL; + BIGNUM *rr = NULL, *ss = NULL; + xmlSecByte *outData; + xmlSecSize signHalfSize, rSize, sSize; + int res = -1; + int ret; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pKey != NULL, -1); + xmlSecAssert2(ctx->dgstSize > 0, -1); + xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1); + xmlSecAssert2(out != NULL, -1); + + /* get key */ + ecKey = EVP_PKEY_get1_EC_KEY(ctx->pKey); + if(ecKey == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "EVP_PKEY_get1_DSA", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* calculate signature size */ + signHalfSize = xmlSecOpenSSLSignatureEcdsaSignatureHalfSize(ecKey); + if(signHalfSize <= 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLSignatureEcdsaSignatureHalfSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* sign */ + sig = ECDSA_do_sign(ctx->dgst, ctx->dgstSize, ecKey); + if(sig == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "ECDSA_do_sign", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* get signature components */ + ECDSA_SIG_get0(&rr, &ss, sig); + if((rr == NULL) || (ss == NULL)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "ECDSA_SIG_get0", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + + /* check sizes */ + rSize = BN_num_bytes(rr); + if(rSize > signHalfSize) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_SIZE, - "xLen=%d > %d", - xLen, XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2); + "rSize=%d > %d", + (int)rSize, (int)signHalfSize); goto done; } - rSize = BN_num_bytes(s->r); - sSize = BN_num_bytes(s->s); - if((rSize > xLen) || (sSize > xLen)) { + sSize = BN_num_bytes(ss); + if(sSize > signHalfSize) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_SIZE, - "size(r)=%d or size(s)=%d > %d", - rSize, sSize, xLen); + "sSize=%d > %d", + (int)sSize, (int)signHalfSize); + goto done; + } + + /* allocate buffer */ + ret = xmlSecBufferSetSize(out, 2 * signHalfSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", (int)(2 * signHalfSize)); goto done; } + outData = xmlSecBufferGetData(out); + xmlSecAssert2(outData != NULL, -1); - memset(sig, 0, xLen * 2); - BN_bn2bin(s->r, sig + xLen - rSize); - BN_bn2bin(s->s, sig + (xLen * 2) - sSize); - *siglen = xLen * 2; + /* write components */ + xmlSecAssert2((rSize + sSize) <= 2 * signHalfSize, -1); + memset(outData, 0, 2 * signHalfSize); + BN_bn2bin(rr, outData + signHalfSize - rSize); + BN_bn2bin(ss, outData + 2 * signHalfSize - sSize); - ret = 1; + /* success */ + res = 0; done: - if(order != NULL) { - BN_clear_free(order); + /* cleanup */ + if(sig != NULL) { + ECDSA_SIG_free(sig); + } + if(ecKey != NULL) { + EC_KEY_free(ecKey); } - ECDSA_SIG_free(s); - return(ret); + + /* done */ + return(res); } static int -xmlSecOpenSSLEcdsaEvpVerify(int type ATTRIBUTE_UNUSED, - const unsigned char *dgst, unsigned int dgst_len, - const unsigned char *sigbuf, unsigned int siglen, - void *ecdsa) { - const EC_GROUP *group; - unsigned int xLen; - BIGNUM *order = NULL; - ECDSA_SIG *s; - int ret = -1; +xmlSecOpenSSLSignatureEcdsaVerify(xmlSecOpenSSLSignatureCtxPtr ctx, const xmlSecByte* signData, xmlSecSize signSize) { + EC_KEY * ecKey = NULL; + ECDSA_SIG *sig = NULL; + BIGNUM *rr = NULL, *ss = NULL; + xmlSecSize signHalfSize; + int res = -1; + int ret; - s = ECDSA_SIG_new(); - if (s == NULL) { - return(ret); - } + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pKey != NULL, -1); + xmlSecAssert2(ctx->dgstSize > 0, -1); + xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1); + xmlSecAssert2(signData != NULL, -1); - group = EC_KEY_get0_group(ecdsa); - if(group == NULL) { + /* get key */ + ecKey = EVP_PKEY_get1_EC_KEY(ctx->pKey); + if(ecKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "EC_KEY_get0_group", + "EVP_PKEY_get1_DSA", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } - order = BN_new(); - if(order == NULL) { + /* calculate signature size */ + signHalfSize = xmlSecOpenSSLSignatureEcdsaSignatureHalfSize(ecKey); + if(signHalfSize <= 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "BN_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, + "xmlSecOpenSSLSignatureEcdsaSignatureHalfSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } - if(EC_GROUP_get_order(group, order, NULL) != 1) { + /* check size */ + if(signSize != 2 * signHalfSize) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "EC_GROUP_get_order", + NULL, + XMLSEC_ERRORS_R_INVALID_SIZE, + "invalid length %d (%d expected)", + (int)signSize, (int)(2 * signHalfSize)); + goto done; + } + + /* create/read signature */ + sig = ECDSA_SIG_new(); + if (sig == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "DSA_SIG_new", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } - xLen = BN_num_bytes(order); - if(xLen > (XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2)) { + /* get signature components */ + ECDSA_SIG_get0(&rr, &ss, sig); + if((rr == NULL) || (ss == NULL)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "xLen=%d > %d", - xLen, XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2); + "ECDSA_SIG_get0", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); goto done; } - if(siglen != xLen * 2) { + rr = BN_bin2bn(signData, signHalfSize, rr); + if(rr == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, + "BN_bin2bn(sig->r)", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + ss = BN_bin2bn(signData + signHalfSize, signHalfSize, ss); + if(ss == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "invalid length %d (%d expected)", - siglen, xLen * 2); + "BN_bin2bn(sig->s)", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); goto done; } - s->r = BN_bin2bn(sigbuf, xLen, NULL); - s->s = BN_bin2bn(sigbuf + xLen, xLen, NULL); - if((s->r == NULL) || (s->s == NULL)) { + /* verify signature */ + ret = ECDSA_do_verify(ctx->dgst, ctx->dgstSize, sig, ecKey); + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "BN_bin2bn", + "ECDSA_do_verify", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } - ret = ECDSA_do_verify(dgst, dgst_len, s, ecdsa); + /* return 1 for good signatures and 0 for bad */ + if(ret > 0) { + res = 1; + } else if(ret == 0) { + res = 0; + } done: - if(order != NULL) { - BN_clear_free(order); + /* cleanup */ + if(sig != NULL) { + ECDSA_SIG_free(sig); + } + if(ecKey != NULL) { + EC_KEY_free(ecKey); } - ECDSA_SIG_free(s); - return(ret); + + /* done */ + return(res); } #ifndef XMLSEC_NO_SHA1 @@ -1174,25 +1277,25 @@ done: static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha1Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameEcdsaSha1, /* const xmlChar* name; */ xmlSecHrefEcdsaSha1, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -1210,56 +1313,6 @@ xmlSecOpenSSLTransformEcdsaSha1GetKlass(void) { return(&xmlSecOpenSSLEcdsaSha1Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLEcdsaSha1EvpInit(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLEcdsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLEcdsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLEcdsaSha1MdEvp = { - NID_ecdsa_with_SHA1, - NID_ecdsa_with_SHA1, - SHA_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLEcdsaSha1EvpInit, - xmlSecOpenSSLEcdsaSha1EvpUpdate, - xmlSecOpenSSLEcdsaSha1EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA1_Init, - SHA1_Update, - SHA1_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLEcdsaEvpSign, - xmlSecOpenSSLEcdsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA1,0,0,0}, - SHA_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp(void) -{ - return(&xmlSecOpenSSLEcdsaSha1MdEvp); -} - #endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_SHA224 @@ -1272,25 +1325,25 @@ static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp(void) static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha224Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameEcdsaSha224, /* const xmlChar* name; */ xmlSecHrefEcdsaSha224, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -1308,56 +1361,6 @@ xmlSecOpenSSLTransformEcdsaSha224GetKlass(void) { return(&xmlSecOpenSSLEcdsaSha224Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLEcdsaSha224EvpInit(EVP_MD_CTX *ctx) -{ - return SHA224_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLEcdsaSha224EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA224_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLEcdsaSha224EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA224_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLEcdsaSha224MdEvp = { - NID_ecdsa_with_SHA224, - NID_ecdsa_with_SHA224, - SHA224_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLEcdsaSha224EvpInit, - xmlSecOpenSSLEcdsaSha224EvpUpdate, - xmlSecOpenSSLEcdsaSha224EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA224_Init, - SHA224_Update, - SHA224_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLEcdsaEvpSign, - xmlSecOpenSSLEcdsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA224,0,0,0}, - SHA256_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA256_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp(void) -{ - return(&xmlSecOpenSSLEcdsaSha224MdEvp); -} - #endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 @@ -1370,25 +1373,25 @@ static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp(void) static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha256Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameEcdsaSha256, /* const xmlChar* name; */ xmlSecHrefEcdsaSha256, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -1406,56 +1409,6 @@ xmlSecOpenSSLTransformEcdsaSha256GetKlass(void) { return(&xmlSecOpenSSLEcdsaSha256Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLEcdsaSha256EvpInit(EVP_MD_CTX *ctx) -{ - return SHA256_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLEcdsaSha256EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA256_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLEcdsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA256_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLEcdsaSha256MdEvp = { - NID_ecdsa_with_SHA256, - NID_ecdsa_with_SHA256, - SHA256_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLEcdsaSha256EvpInit, - xmlSecOpenSSLEcdsaSha256EvpUpdate, - xmlSecOpenSSLEcdsaSha256EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA256_Init, - SHA256_Update, - SHA256_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLEcdsaEvpSign, - xmlSecOpenSSLEcdsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA256,0,0,0}, - SHA256_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA256_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp(void) -{ - return(&xmlSecOpenSSLEcdsaSha256MdEvp); -} - #endif /* XMLSEC_NO_SHA256 */ #ifndef XMLSEC_NO_SHA384 @@ -1468,25 +1421,25 @@ static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp(void) static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha384Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameEcdsaSha384, /* const xmlChar* name; */ xmlSecHrefEcdsaSha384, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -1504,56 +1457,6 @@ xmlSecOpenSSLTransformEcdsaSha384GetKlass(void) { return(&xmlSecOpenSSLEcdsaSha384Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLEcdsaSha384EvpInit(EVP_MD_CTX *ctx) -{ - return SHA384_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLEcdsaSha384EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA384_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLEcdsaSha384EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA384_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLEcdsaSha384MdEvp = { - NID_ecdsa_with_SHA384, - NID_ecdsa_with_SHA384, - SHA384_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLEcdsaSha384EvpInit, - xmlSecOpenSSLEcdsaSha384EvpUpdate, - xmlSecOpenSSLEcdsaSha384EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA384_Init, - SHA384_Update, - SHA384_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLEcdsaEvpSign, - xmlSecOpenSSLEcdsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA384,0,0,0}, - SHA512_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA512_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp(void) -{ - return(&xmlSecOpenSSLEcdsaSha384MdEvp); -} - #endif /* XMLSEC_NO_SHA384 */ #ifndef XMLSEC_NO_SHA512 @@ -1566,25 +1469,25 @@ static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp(void) static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha512Klass = { /* klass/object sizes */ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ + xmlSecOpenSSLSignatureSize, /* xmlSecSize objSize */ xmlSecNameEcdsaSha512, /* const xmlChar* name; */ xmlSecHrefEcdsaSha512, /* const xmlChar* href; */ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecOpenSSLSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ NULL, /* xmlSecTransformNodeReadMethod readNode; */ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecOpenSSLSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecOpenSSLSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecOpenSSLSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + xmlSecOpenSSLSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ NULL, /* void* reserved0; */ NULL, /* void* reserved1; */ @@ -1602,440 +1505,10 @@ xmlSecOpenSSLTransformEcdsaSha512GetKlass(void) { return(&xmlSecOpenSSLEcdsaSha512Klass); } -#ifndef XMLSEC_OPENSSL_096 -static int -xmlSecOpenSSLEcdsaSha512EvpInit(EVP_MD_CTX *ctx) -{ - return SHA512_Init(ctx->md_data); -} - -static int -xmlSecOpenSSLEcdsaSha512EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA512_Update(ctx->md_data,data,count); -} - -static int -xmlSecOpenSSLEcdsaSha512EvpFinal(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA512_Final(md,ctx->md_data); -} -#endif /* XMLSEC_OPENSSL_096 */ - -static const EVP_MD xmlSecOpenSSLEcdsaSha512MdEvp = { - NID_ecdsa_with_SHA512, - NID_ecdsa_with_SHA512, - SHA512_DIGEST_LENGTH, -#ifndef XMLSEC_OPENSSL_096 - 0, - xmlSecOpenSSLEcdsaSha512EvpInit, - xmlSecOpenSSLEcdsaSha512EvpUpdate, - xmlSecOpenSSLEcdsaSha512EvpFinal, - NULL, - NULL, -#else /* XMLSEC_OPENSSL_096 */ - SHA512_Init, - SHA512_Update, - SHA512_Final, -#endif /* XMLSEC_OPENSSL_096 */ - xmlSecOpenSSLEcdsaEvpSign, - xmlSecOpenSSLEcdsaEvpVerify, - /* XXX-MAK: This worries me, not sure that the keys are right. */ - {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA512,0,0,0}, - SHA512_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA512_CTX), - NULL -}; - -static const EVP_MD *xmlSecOpenSSLEcdsaSha512Evp(void) -{ - return(&xmlSecOpenSSLEcdsaSha512MdEvp); -} - #endif /* XMLSEC_NO_SHA512 */ #endif /* XMLSEC_NO_ECDSA */ -#ifndef XMLSEC_NO_RSA - -#ifndef XMLSEC_NO_MD5 -/**************************************************************************** - * - * RSA-MD5 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaMd5Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaMd5, /* const xmlChar* name; */ - xmlSecHrefRsaMd5, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaMd5GetKlass: - * - * The RSA-MD5 signature transform klass. - * - * Returns: RSA-MD5 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaMd5GetKlass(void) { - return(&xmlSecOpenSSLRsaMd5Klass); -} - -#endif /* XMLSEC_NO_MD5 */ - -#ifndef XMLSEC_NO_RIPEMD160 -/**************************************************************************** - * - * RSA-RIPEMD160 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaRipemd160Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaRipemd160, /* const xmlChar* name; */ - xmlSecHrefRsaRipemd160, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaRipemd160GetKlass: - * - * The RSA-RIPEMD160 signature transform klass. - * - * Returns: RSA-RIPEMD160 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaRipemd160GetKlass(void) { - return(&xmlSecOpenSSLRsaRipemd160Klass); -} - -#endif /* XMLSEC_NO_RIPEMD160 */ - -#ifndef XMLSEC_NO_SHA1 -/**************************************************************************** - * - * RSA-SHA1 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaSha1Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha1, /* const xmlChar* name; */ - xmlSecHrefRsaSha1, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaSha1GetKlass: - * - * The RSA-SHA1 signature transform klass. - * - * Returns: RSA-SHA1 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaSha1GetKlass(void) { - return(&xmlSecOpenSSLRsaSha1Klass); -} - -#endif /* XMLSEC_NO_SHA1 */ - -#ifndef XMLSEC_NO_SHA224 -/**************************************************************************** - * - * RSA-SHA224 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaSha224Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha224, /* const xmlChar* name; */ - xmlSecHrefRsaSha224, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaSha224GetKlass: - * - * The RSA-SHA224 signature transform klass. - * - * Returns: RSA-SHA224 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaSha224GetKlass(void) { - return(&xmlSecOpenSSLRsaSha224Klass); -} - -#endif /* XMLSEC_NO_SHA224 */ - -#ifndef XMLSEC_NO_SHA256 -/**************************************************************************** - * - * RSA-SHA256 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaSha256Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha256, /* const xmlChar* name; */ - xmlSecHrefRsaSha256, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaSha256GetKlass: - * - * The RSA-SHA256 signature transform klass. - * - * Returns: RSA-SHA256 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaSha256GetKlass(void) { - return(&xmlSecOpenSSLRsaSha256Klass); -} - -#endif /* XMLSEC_NO_SHA256 */ - -#ifndef XMLSEC_NO_SHA384 -/**************************************************************************** - * - * RSA-SHA384 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaSha384Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha384, /* const xmlChar* name; */ - xmlSecHrefRsaSha384, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaSha384GetKlass: - * - * The RSA-SHA384 signature transform klass. - * - * Returns: RSA-SHA384 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaSha384GetKlass(void) { - return(&xmlSecOpenSSLRsaSha384Klass); -} - -#endif /* XMLSEC_NO_SHA384 */ - -#ifndef XMLSEC_NO_SHA512 -/**************************************************************************** - * - * RSA-SHA512 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecOpenSSLRsaSha512Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha512, /* const xmlChar* name; */ - xmlSecHrefRsaSha512, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformRsaSha512GetKlass: - * - * The RSA-SHA512 signature transform klass. - * - * Returns: RSA-SHA512 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformRsaSha512GetKlass(void) { - return(&xmlSecOpenSSLRsaSha512Klass); -} - -#endif /* XMLSEC_NO_SHA512 */ - -#endif /* XMLSEC_NO_RSA */ - - -#ifndef XMLSEC_NO_GOST -/**************************************************************************** - * - * GOST2001-GOSTR3411_94 signature transform - * - ***************************************************************************/ - -static xmlSecTransformKlass xmlSecOpenSSLGost2001GostR3411_94Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameGost2001GostR3411_94, /* const xmlChar* name; */ - xmlSecHrefGost2001GostR3411_94, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass: - * - * The GOST2001-GOSTR3411_94 signature transform klass. - * - * Returns: GOST2001-GOSTR3411_94 signature transform klass. - */ -xmlSecTransformId -xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass(void) { - return(&xmlSecOpenSSLGost2001GostR3411_94Klass); -} -#endif /* XMLSEC_NO_GOST*/ diff --git a/src/openssl/symkeys.c b/src/openssl/symkeys.c index 6195ed6d..78d29e29 100644 --- a/src/openssl/symkeys.c +++ b/src/openssl/symkeys.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -181,11 +181,9 @@ xmlSecOpenSSLSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { #endif /* XMLSEC_NO_DES */ #ifndef XMLSEC_NO_AES -#ifndef XMLSEC_OPENSSL_096 if(klass == xmlSecOpenSSLKeyDataAesId) { return(1); } -#endif /* XMLSEC_OPENSSL_096 */ #endif /* XMLSEC_NO_AES */ #ifndef XMLSEC_NO_HMAC @@ -198,7 +196,6 @@ xmlSecOpenSSLSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { } #ifndef XMLSEC_NO_AES -#ifndef XMLSEC_OPENSSL_096 /************************************************************************** * * <xmlsec:AESKeyValue> processing @@ -277,8 +274,6 @@ xmlSecOpenSSLKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecS return(xmlSecBufferSetData(buffer, buf, bufSize)); } - -#endif /* XMLSEC_OPENSSL_096 */ #endif /* XMLSEC_NO_AES */ #ifndef XMLSEC_NO_DES diff --git a/src/openssl/x509.c b/src/openssl/x509.c index 459a312d..891db6b6 100644 --- a/src/openssl/x509.c +++ b/src/openssl/x509.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -1751,7 +1751,6 @@ xmlSecOpenSSLX509CertGetTime(ASN1_TIME* t, time_t* res) { xmlSecAssert2(res != NULL, -1); (*res) = 0; -#ifndef XMLSEC_OPENSSL_096 if(!ASN1_TIME_check(t)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, @@ -1760,7 +1759,6 @@ xmlSecOpenSSLX509CertGetTime(ASN1_TIME* t, time_t* res) { XMLSEC_ERRORS_NO_MESSAGE); return(-1); } -#endif /* XMLSEC_OPENSSL_096 */ memset(&tm, 0, sizeof(tm)); @@ -1941,7 +1939,7 @@ xmlSecOpenSSLX509CertBase64DerWrite(X509* cert, int base64LineWrap) { /* todo: add error checks */ i2d_X509_bio(mem, cert); - BIO_flush(mem); + (void)BIO_flush(mem); size = BIO_get_mem_data(mem, &p); if((size <= 0) || (p == NULL)){ @@ -2055,7 +2053,7 @@ xmlSecOpenSSLX509CrlBase64DerWrite(X509_CRL* crl, int base64LineWrap) { /* todo: add error checks */ i2d_X509_CRL_bio(mem, crl); - BIO_flush(mem); + (void)BIO_flush(mem); size = BIO_get_mem_data(mem, &p); if((size <= 0) || (p == NULL)){ @@ -2111,7 +2109,7 @@ xmlSecOpenSSLX509NameWrite(X509_NAME* nm) { return(NULL); } - BIO_flush(mem); /* should call flush ? */ + (void)BIO_flush(mem); /* should call flush ? */ size = BIO_pending(mem); res = xmlMalloc(size + 1); @@ -2218,21 +2216,21 @@ xmlSecOpenSSLX509SKIWrite(X509* cert) { "X509V3_EXT_d2i", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); - M_ASN1_OCTET_STRING_free(keyId); + ASN1_OCTET_STRING_free(keyId); return(NULL); } - res = xmlSecBase64Encode(M_ASN1_STRING_data(keyId), M_ASN1_STRING_length(keyId), 0); + res = xmlSecBase64Encode(ASN1_STRING_data(keyId), ASN1_STRING_length(keyId), 0); if(res == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecBase64Encode", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); - M_ASN1_OCTET_STRING_free(keyId); + ASN1_OCTET_STRING_free(keyId); return(NULL); } - M_ASN1_OCTET_STRING_free(keyId); + ASN1_OCTET_STRING_free(keyId); return(res); } diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c index fe51da4e..5560526b 100644 --- a/src/openssl/x509vfy.c +++ b/src/openssl/x509vfy.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -37,6 +37,11 @@ #include <xmlsec/openssl/evp.h> #include <xmlsec/openssl/x509.h> +/* new API from OpenSSL 1.1.0 */ +#if !defined(XMLSEC_OPENSSL_110) +#define X509_REVOKED_get0_serialNumber(x) ((x)->serialNumber) +#endif /* !defined(XMLSEC_OPENSSL_110) */ + /************************************************************************** * * Internal OpenSSL X509 store CTX @@ -48,10 +53,7 @@ struct _xmlSecOpenSSLX509StoreCtx { X509_STORE* xst; STACK_OF(X509)* untrusted; STACK_OF(X509_CRL)* crls; - -#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) X509_VERIFY_PARAM * vpm; -#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */ }; /**************************************************************************** @@ -107,11 +109,13 @@ static int xmlSecOpenSSLX509NameStringRead (xmlSecB int ingoreTrailingSpaces); static int xmlSecOpenSSLX509NamesCompare (X509_NAME *a, X509_NAME *b); -static int xmlSecOpenSSLX509_NAME_cmp (const X509_NAME * a, - const X509_NAME * b); +static STACK_OF(X509_NAME_ENTRY)* xmlSecOpenSSLX509_NAME_ENTRIES_copy (X509_NAME *a); +static int xmlSecOpenSSLX509_NAME_ENTRIES_cmp (STACK_OF(X509_NAME_ENTRY) * a, + STACK_OF(X509_NAME_ENTRY) * b); static int xmlSecOpenSSLX509_NAME_ENTRY_cmp (const X509_NAME_ENTRY * const *a, const X509_NAME_ENTRY * const *b); + /** * xmlSecOpenSSLX509StoreGetKlass: * @@ -178,7 +182,7 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* X509 * cert; X509 * err_cert = NULL; char buf[256]; - int err = 0, depth; + int err = 0; int i; int ret; @@ -287,49 +291,41 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* if(xmlSecOpenSSLX509FindNextChainCert(certs2, cert) == NULL) { X509_STORE_CTX xsc; -#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) - X509_VERIFY_PARAM * vpm = NULL; - unsigned long vpm_flags = 0; - - vpm = X509_VERIFY_PARAM_new(); - if(vpm == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_VERIFY_PARAM_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + X509_STORE_CTX_init (&xsc, ctx->xst, cert, certs2); + if(keyInfoCtx->certsVerificationTime > 0) { + X509_STORE_CTX_set_time(&xsc, 0, keyInfoCtx->certsVerificationTime); } - vpm_flags = vpm->flags; -/* - vpm_flags &= (~X509_V_FLAG_X509_STRICT); -*/ - vpm_flags &= (~X509_V_FLAG_CRL_CHECK); - X509_VERIFY_PARAM_set_depth(vpm, 9); - X509_VERIFY_PARAM_set_flags(vpm, vpm_flags); -#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */ + { + X509_VERIFY_PARAM * vpm = NULL; + unsigned long vpm_flags = 0; + vpm = X509_VERIFY_PARAM_new(); + if(vpm == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "X509_VERIFY_PARAM_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + vpm_flags = X509_VERIFY_PARAM_get_flags(vpm); + vpm_flags &= (~X509_V_FLAG_CRL_CHECK); - X509_STORE_CTX_init (&xsc, ctx->xst, cert, certs2); + if(keyInfoCtx->certsVerificationTime > 0) { + vpm_flags |= X509_V_FLAG_USE_CHECK_TIME; + X509_VERIFY_PARAM_set_time(vpm, keyInfoCtx->certsVerificationTime); + } - if(keyInfoCtx->certsVerificationTime > 0) { -#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) - vpm_flags |= X509_V_FLAG_USE_CHECK_TIME; - X509_VERIFY_PARAM_set_time(vpm, keyInfoCtx->certsVerificationTime); -#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */ - X509_STORE_CTX_set_time(&xsc, 0, keyInfoCtx->certsVerificationTime); + X509_VERIFY_PARAM_set_depth(vpm, 9); + X509_VERIFY_PARAM_set_flags(vpm, vpm_flags); + X509_STORE_CTX_set0_param(&xsc, vpm); } -#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) - X509_STORE_CTX_set0_param(&xsc, vpm); -#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */ - ret = X509_verify_cert(&xsc); err_cert = X509_STORE_CTX_get_current_cert(&xsc); err = X509_STORE_CTX_get_error(&xsc); - depth = X509_STORE_CTX_get_error_depth(&xsc); X509_STORE_CTX_cleanup (&xsc); @@ -684,7 +680,6 @@ xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) { return(-1); } -#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) ctx->vpm = X509_VERIFY_PARAM_new(); if(ctx->vpm == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -697,9 +692,6 @@ xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) { X509_VERIFY_PARAM_set_depth(ctx->vpm, 9); /* the default cert verification path in openssl */ X509_STORE_set1_param(ctx->xst, ctx->vpm); -#else /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */ - ctx->xst->depth = 9; /* the default cert verification path in openssl */ -#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */ return(0); } @@ -722,11 +714,9 @@ xmlSecOpenSSLX509StoreFinalize(xmlSecKeyDataStorePtr store) { if(ctx->crls != NULL) { sk_X509_CRL_pop_free(ctx->crls, X509_CRL_free); } -#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) if(ctx->vpm != NULL) { X509_VERIFY_PARAM_free(ctx->vpm); } -#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */ memset(ctx, 0, sizeof(xmlSecOpenSSLX509StoreCtx)); } @@ -906,10 +896,10 @@ xmlSecOpenSSLX509FindCert(STACK_OF(X509) *certs, xmlChar *subjectName, keyId = X509V3_EXT_d2i(ext); if((keyId != NULL) && (keyId->length == len) && (memcmp(keyId->data, ski, len) == 0)) { - M_ASN1_OCTET_STRING_free(keyId); + ASN1_OCTET_STRING_free(keyId); return(cert); } - M_ASN1_OCTET_STRING_free(keyId); + ASN1_OCTET_STRING_free(keyId); } } } @@ -951,6 +941,7 @@ xmlSecOpenSSLX509VerifyCertAgainstCrls(STACK_OF(X509_CRL) *crls, X509* cert) { * Try to retrieve a CRL corresponding to the issuer of * the current certificate */ + issuer = X509_get_issuer_name(cert); n = sk_X509_CRL_num(crls); for(i = 0; i < n; i++) { crl = sk_X509_CRL_value(crls, i); @@ -958,7 +949,6 @@ xmlSecOpenSSLX509VerifyCertAgainstCrls(STACK_OF(X509_CRL) *crls, X509* cert) { continue; } - issuer = X509_CRL_get_issuer(crl); if(xmlSecOpenSSLX509NamesCompare(X509_CRL_get_issuer(crl), issuer) == 0) { break; } @@ -983,7 +973,7 @@ xmlSecOpenSSLX509VerifyCertAgainstCrls(STACK_OF(X509_CRL) *crls, X509* cert) { n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); for (i = 0; i < n; i++) { revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); - if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(cert)) == 0) { + if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked), X509_get_serialNumber(cert)) == 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, @@ -1171,21 +1161,47 @@ xmlSecOpenSSLX509NameStringRead(xmlSecByte **str, int *strLen, return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); } +/** + * This function DOES NOT create duplicates for X509_NAME_ENTRY objects! + */ +static STACK_OF(X509_NAME_ENTRY)* +xmlSecOpenSSLX509_NAME_ENTRIES_copy(X509_NAME * a) { + STACK_OF(X509_NAME_ENTRY) * res = NULL; + int ii; + + res = sk_X509_NAME_ENTRY_new(xmlSecOpenSSLX509_NAME_ENTRY_cmp); + if(res == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "sk_X509_NAME_ENTRY_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + + for (ii = X509_NAME_entry_count(a) - 1; ii >= 0; --ii) { + sk_X509_NAME_ENTRY_push(res, X509_NAME_get_entry(a, ii)); + } + + return (res); +} + static -int xmlSecOpenSSLX509_NAME_cmp(const X509_NAME * a, const X509_NAME * b) { - int i,ret; - const X509_NAME_ENTRY *na,*nb; +int xmlSecOpenSSLX509_NAME_ENTRIES_cmp(STACK_OF(X509_NAME_ENTRY)* a, STACK_OF(X509_NAME_ENTRY)* b) { + const X509_NAME_ENTRY *na; + const X509_NAME_ENTRY *nb; + int ii, ret; xmlSecAssert2(a != NULL, -1); xmlSecAssert2(b != NULL, 1); - if (sk_X509_NAME_ENTRY_num(a->entries) != sk_X509_NAME_ENTRY_num(b->entries)) { - return sk_X509_NAME_ENTRY_num(a->entries) - sk_X509_NAME_ENTRY_num(b->entries); + if (sk_X509_NAME_ENTRY_num(a) != sk_X509_NAME_ENTRY_num(b)) { + return sk_X509_NAME_ENTRY_num(a) - sk_X509_NAME_ENTRY_num(b); } - for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) { - na=sk_X509_NAME_ENTRY_value(a->entries,i); - nb=sk_X509_NAME_ENTRY_value(b->entries,i); + for (ii = sk_X509_NAME_ENTRY_num(a) - 1; ii >= 0; --ii) { + na = sk_X509_NAME_ENTRY_value(a, ii); + nb = sk_X509_NAME_ENTRY_value(b, ii); ret = xmlSecOpenSSLX509_NAME_ENTRY_cmp(&na, &nb); if(ret != 0) { @@ -1205,49 +1221,52 @@ int xmlSecOpenSSLX509_NAME_cmp(const X509_NAME * a, const X509_NAME * b) { */ static int xmlSecOpenSSLX509NamesCompare(X509_NAME *a, X509_NAME *b) { - X509_NAME *a1 = NULL; - X509_NAME *b1 = NULL; + STACK_OF(X509_NAME_ENTRY) *a1 = NULL; + STACK_OF(X509_NAME_ENTRY) *b1 = NULL; int ret; xmlSecAssert2(a != NULL, -1); xmlSecAssert2(b != NULL, 1); - a1 = X509_NAME_dup(a); + a1 = xmlSecOpenSSLX509_NAME_ENTRIES_copy(a); if(a1 == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "X509_NAME_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, + "xmlSecOpenSSLX509_NAME_ENTRIES_copy", + XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } - b1 = X509_NAME_dup(b); + b1 = xmlSecOpenSSLX509_NAME_ENTRIES_copy(b); if(b1 == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "X509_NAME_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, + "xmlSecOpenSSLX509_NAME_ENTRIES_copy", + XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + sk_X509_NAME_ENTRY_free(a1); return(1); } /* sort both */ - (void)sk_X509_NAME_ENTRY_set_cmp_func(a1->entries, xmlSecOpenSSLX509_NAME_ENTRY_cmp); - sk_X509_NAME_ENTRY_sort(a1->entries); - (void)sk_X509_NAME_ENTRY_set_cmp_func(b1->entries, xmlSecOpenSSLX509_NAME_ENTRY_cmp); - sk_X509_NAME_ENTRY_sort(b1->entries); + (void)sk_X509_NAME_ENTRY_set_cmp_func(a1, xmlSecOpenSSLX509_NAME_ENTRY_cmp); + sk_X509_NAME_ENTRY_sort(a1); + (void)sk_X509_NAME_ENTRY_set_cmp_func(b1, xmlSecOpenSSLX509_NAME_ENTRY_cmp); + sk_X509_NAME_ENTRY_sort(b1); /* actually compare */ - ret = xmlSecOpenSSLX509_NAME_cmp(a1, b1); + ret = xmlSecOpenSSLX509_NAME_ENTRIES_cmp(a1, b1); /* cleanup */ - X509_NAME_free(a1); - X509_NAME_free(b1); + sk_X509_NAME_ENTRY_free(a1); + sk_X509_NAME_ENTRY_free(b1); return(ret); } static int xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY * const *a, const X509_NAME_ENTRY * const *b) { + ASN1_STRING *a_value, *b_value; + ASN1_OBJECT *a_name, *b_name; int ret; xmlSecAssert2(a != NULL, -1); @@ -1255,27 +1274,44 @@ xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY * const *a, const X509_NA xmlSecAssert2((*a) != NULL, -1); xmlSecAssert2((*b) != NULL, 1); + /* first compare values */ - if(((*a)->value == NULL) && ((*b)->value != NULL)) { + a_value = X509_NAME_ENTRY_get_data((X509_NAME_ENTRY*)(*a)); + b_value = X509_NAME_ENTRY_get_data((X509_NAME_ENTRY*)(*b)); + + if((a_value == NULL) && (b_value != NULL)) { return(-1); - } else if(((*a)->value != NULL) && ((*b)->value == NULL)) { + } else if((a_value != NULL) && (b_value == NULL)) { return(1); - } else if(((*a)->value == NULL) && ((*b)->value == NULL)) { + } else if((a_value == NULL) && (b_value == NULL)) { return(0); } - ret = (*a)->value->length - (*b)->value->length; + ret = ASN1_STRING_length(a_value) - ASN1_STRING_length(b_value); if(ret != 0) { return(ret); } - ret = memcmp((*a)->value->data, (*b)->value->data, (*a)->value->length); - if(ret != 0) { - return(ret); + if(ASN1_STRING_length(a_value) > 0) { + ret = memcmp(ASN1_STRING_data(a_value), ASN1_STRING_data(b_value), ASN1_STRING_length(a_value)); + if(ret != 0) { + return(ret); + } } /* next compare names */ - return(OBJ_cmp((*a)->object, (*b)->object)); + a_name = X509_NAME_ENTRY_get_object((X509_NAME_ENTRY*)(*a)); + b_name = X509_NAME_ENTRY_get_object((X509_NAME_ENTRY*)(*b)); + + if((a_name == NULL) && (b_name != NULL)) { + return(-1); + } else if((a_name != NULL) && (b_name == NULL)) { + return(1); + } else if((a_name == NULL) && (b_name == NULL)) { + return(0); + } + + return(OBJ_cmp(a_name, b_name)); } diff --git a/src/parser.c b/src/parser.c index 9bb50905..969c3e4f 100644 --- a/src/parser.c +++ b/src/parser.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -157,8 +157,9 @@ xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, } /* required for c14n! */ - ctx->parserCtx->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS; + ctx->parserCtx->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS; ctx->parserCtx->replaceEntities = 1; + ctx->parserCtx->options = XML_PARSE_NONET; transform->status = xmlSecTransformStatusWorking; } else if(transform->status == xmlSecTransformStatusFinished) { @@ -316,7 +317,7 @@ xmlSecParserPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes, } ret = inputPush(ctxt, input); - if(input == NULL) { + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "inputPush", diff --git a/src/relationship.c b/src/relationship.c new file mode 100644 index 00000000..f301ed7b --- /dev/null +++ b/src/relationship.c @@ -0,0 +1,822 @@ +/** + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * Relationship transform + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + */ +#include "globals.h" + +#include <stdlib.h> +#include <string.h> + +#include <libxml/tree.h> +#include <libxml/xpointer.h> +#include <libxml/c14n.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/list.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> + + +/****************************************************************************** + * + * Relationship transform + * + * http://standards.iso.org/ittf/PubliclyAvailableStandards/c061796_ISO_IEC_29500-2_2012.zip + * + * 13.2.4.24 Relationships Transform Algorithm + * + * The relationships transform takes the XML document from the Relationships part and converts + * it to another XML document. + * + * The package implementer might create relationships XML that contains content from several namespaces, + * along with versioning instructions as defined in Part 3, “Markup Compatibility and Extensibility”. [O6.11] + * + * The relationships transform algorithm is as follows: + * + * Step 1: Process versioning instructions + * 1. The package implementer shall process the versioning instructions, considering that the only + * known namespace is the Relationships namespace. + * 2. The package implementer shall remove all ignorable content, ignoring preservation attributes. + * 3. The package implementer shall remove all versioning instructions. + * + * Step 2: Sort and filter relationships + * 1. The package implementer shall remove all namespace declarations except the Relationships + * namespace declaration. + * 2. The package implementer shall remove the Relationships namespace prefix, if it is present. + * 3. The package implementer shall sort relationship elements by Id value in lexicographical + * order, considering Id values as case-sensitive Unicode strings. + * 4. The package implementer shall remove all Relationship elements that do not have either an Id + * value that matches any SourceId value or a Type value that matches any SourceType value, among + * the SourceId and SourceType values specified in the transform definition. Producers and consumers + * shall compare values as case-sensitive Unicode strings. [M6.27] The resulting XML document holds + * all Relationship elements that either have an Id value that matches a SourceId value or a Type value + * that matches a SourceType value specified in the transform definition. + * + * Step 3: Prepare for canonicalization + * 1. The package implementer shall remove all characters between the Relationships start tag and + * the first Relationship start tag. + * 2. The package implementer shall remove any contents of the Relationship element. + * 3. The package implementer shall remove all characters between the last Relationship end tag and + * the Relationships end tag. + * 4. If there are no Relationship elements, the package implementer shall remove all characters + * between the Relationships start tag and the Relationships end tag. + * 5. The package implementer shall remove comments from the Relationships XML content. + * 6. The package implementer shall add a TargetMode attribute with its default value, if this + * optional attribute is missing from the Relationship element. + * 7. The package implementer can generate Relationship elements as start-tag/end-tag pairs with + * empty content, or as empty elements. A canonicalization transform, applied immediately after the + * Relationships Transform, converts all XML elements into start-tag/end-tag pairs. + * + * + * IMPLEMENTATION NOTES (https://github.com/lsh123/xmlsec/pull/24): + * + * * We don't simply manipulate the XML tree, but do an XML tree -> output bytes transformation, + * so e.g. because we never write characters inside XML elements, we implicitly remove all character + * contents, as required by step 3, point 1. It also simplifies the task of the situation that + * realistically the input of the transformation is always a document that conforms to the OOXML + * relationships XML schema, so in practice it'll never happen that the input document has e.g. + * characters, as the schema requires that the document has only XML elements and attributes, + * but no characters. + * + * * Step 2, point 4 talks about a SourceType value, but given that neither Microsoft Office, nor LibreOffice + * writes that theoretical attribute, the implementation doesn't handle it. If there is a real-world situation + * when there will be such an input, then it'll be easy to add support for that. But I didn't want to clutter + * the current implementation with details that doesn't seem to be used in practice + * + *****************************************************************************/ +typedef struct _xmlSecRelationshipCtx xmlSecRelationshipCtx, + *xmlSecRelationshipCtxPtr; +struct _xmlSecRelationshipCtx { + xmlSecPtrListPtr sourceIdList; +}; +#define xmlSecRelationshipSize \ + (sizeof(xmlSecTransform) + sizeof(xmlSecRelationshipCtx)) +#define xmlSecRelationshipGetCtx(transform) \ + ((xmlSecRelationshipCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) + +static int xmlSecRelationshipInitialize (xmlSecTransformPtr transform); +static void xmlSecRelationshipFinalize (xmlSecTransformPtr transform); +static int xmlSecTransformRelationshipPopBin (xmlSecTransformPtr transform, + xmlSecByte* data, + xmlSecSize maxDataSize, + xmlSecSize* dataSize, + xmlSecTransformCtxPtr transformCtx); +static int xmlSecTransformRelationshipPushXml(xmlSecTransformPtr transform, + xmlSecNodeSetPtr nodes, + xmlSecTransformCtxPtr transformCtx); +static int xmlSecRelationshipReadNode (xmlSecTransformPtr transform, + xmlNodePtr node, + xmlSecTransformCtxPtr transformCtx); + +static int xmlSecTransformRelationshipProcessElementNode(xmlSecTransformPtr transform, + xmlOutputBufferPtr buf, + xmlNodePtr cur); + + +static xmlSecTransformKlass xmlSecRelationshipKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecRelationshipSize, /* xmlSecSize objSize */ + + xmlSecNameRelationship, /* const xmlChar* name; */ + xmlSecHrefRelationship, /* const xmlChar* href; */ + xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */ + + xmlSecRelationshipInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecRelationshipFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecRelationshipReadNode, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + NULL, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformRelationshipPopBin, /* xmlSecTransformPopBinMethod popBin; */ + xmlSecTransformRelationshipPushXml, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + NULL, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +xmlSecTransformId +xmlSecTransformRelationshipGetKlass(void) { + return(&xmlSecRelationshipKlass); +} + +static int +xmlSecRelationshipInitialize(xmlSecTransformPtr transform) { + xmlSecRelationshipCtxPtr ctx; + + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1); + + ctx = xmlSecRelationshipGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + /* initialize context */ + memset(ctx, 0, sizeof(xmlSecRelationshipCtx)); + + ctx->sourceIdList = xmlSecPtrListCreate(xmlSecStringListId); + if(ctx->sourceIdList == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecPtrListCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + return(0); +} + +static void +xmlSecRelationshipFinalize(xmlSecTransformPtr transform) { + xmlSecRelationshipCtxPtr ctx; + + xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize)); + + ctx = xmlSecRelationshipGetCtx(transform); + xmlSecAssert(ctx != NULL); + + if(ctx->sourceIdList != NULL) { + xmlSecPtrListDestroy(ctx->sourceIdList); + } + + memset(ctx, 0, sizeof(xmlSecRelationshipCtx)); +} + +static int +xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { + xmlSecRelationshipCtxPtr ctx; + xmlNodePtr cur; + int ret; + + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + ctx = xmlSecRelationshipGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + cur = node->children; + while(cur != NULL) { + if(xmlSecCheckNodeName(cur, xmlSecNodeRelationshipReference, xmlSecRelationshipReferenceNs)) { + xmlChar* sourceId; + xmlChar* tmp; + + sourceId = xmlGetProp(cur, xmlSecRelationshipAttrSourceId); + if(sourceId == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + "xmlGetProp", + xmlSecErrorsSafeString(xmlSecRelationshipAttrSourceId), + XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + return(-1); + } + + tmp = xmlStrdup(sourceId); + if(tmp == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlStrdup", + XMLSEC_ERRORS_R_STRDUP_FAILED, + "len=%d", xmlStrlen(sourceId)); + return(-1); + } + + ret = xmlSecPtrListAdd(ctx->sourceIdList, tmp); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecPtrListAdd", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(tmp); + return(-1); + } + } + + cur = cur->next; + } + + return(0); +} + +/* Sorts Relationship elements by Id value in lexicographical order. */ +static int +xmlSecTransformRelationshipCompare(xmlNodePtr node1, xmlNodePtr node2) { + xmlChar* id1; + xmlChar* id2; + + if(node1 == node2) { + return(0); + } + if(node1 == NULL) { + return(-1); + } + if(node2 == NULL) { + return(1); + } + + id1 = xmlGetProp(node1, xmlSecRelationshipAttrId); + id2 = xmlGetProp(node2, xmlSecRelationshipAttrId); + if(id1 == NULL) { + return(-1); + } + if(id2 == NULL) { + return(1); + } + + return(xmlStrcmp(id1, id2)); +} + +/** + * This is step 2, point 4: if the input sourceId list doesn't contain the Id attribute of the current node, + * then exclude it from the output, instead of processing it. + */ +static int +xmlSecTransformRelationshipProcessNode(xmlSecTransformPtr transform, xmlOutputBufferPtr buf, xmlNodePtr cur) { + int found = -1; + xmlSecRelationshipCtxPtr ctx; + xmlSecSize ii; + int ret; + + xmlSecAssert2(transform != NULL, -1); + xmlSecAssert2(buf != NULL, -1); + xmlSecAssert2(cur != NULL, -1); + + if(xmlSecCheckNodeName(cur, xmlSecNodeRelationship, xmlSecRelationshipsNs)) { + xmlChar* id = xmlGetProp(cur, xmlSecRelationshipAttrId); + if(id == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlGetProp(xmlSecRelationshipAttrId)", + XMLSEC_ERRORS_R_XML_FAILED, + "name=Id"); + return(-1); + } + + ctx = xmlSecRelationshipGetCtx(transform); + for(ii = 0; ii < xmlSecPtrListGetSize(ctx->sourceIdList); ++ii) { + if(xmlStrcmp(xmlSecPtrListGetItem(ctx->sourceIdList, ii), id) == 0) { + found = 1; + break; + } + } + + if(found < 0) { + return(0); + } + } + + ret = xmlSecTransformRelationshipProcessElementNode(transform, buf, cur); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformRelationshipProcessElementNode", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + return(0); +} + +/** + * This is step 2, point 3: sort elements by Id: we process other elements as-is, but for elements we collect them in a list, + * then sort, and finally process them (process the head of the list, then pop the head, till the list becomes empty). + */ +static int +xmlSecTransformRelationshipProcessNodeList(xmlSecTransformPtr transform, xmlOutputBufferPtr buf, xmlNodePtr cur) { + xmlListPtr list; + int ret; + + xmlSecAssert2(transform != NULL, -1); + xmlSecAssert2(buf != NULL, -1); + xmlSecAssert2(cur != NULL, -1); + + list = xmlListCreate(NULL, (xmlListDataCompare)xmlSecTransformRelationshipCompare); + if(list == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlListCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + for(; cur; cur = cur->next) { + if(xmlStrcmp(cur->name, xmlSecNodeRelationship) == 0) { + if(xmlListInsert(list, cur) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlListInsert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else { + ret = xmlSecTransformRelationshipProcessNode(transform, buf, cur); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformRelationshipProcessNode", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlListDelete(list); + return(-1); + } + } + } + + xmlListSort(list); + + while(!xmlListEmpty(list)) { + xmlLinkPtr link = xmlListFront(list); + xmlNodePtr node = (xmlNodePtr)xmlLinkGetData(link); + + ret = xmlSecTransformRelationshipProcessNode(transform, buf, node); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformRelationshipProcessNode", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlListDelete(list); + return(-1); + } + + xmlListPopFront(list); + } + + /* done */ + xmlListDelete(list); + return(0); +} + +static int +xmlSecTransformRelationshipWriteProp(xmlOutputBufferPtr buf, const xmlChar * name, const xmlChar * value) { + int ret; + + xmlSecAssert2(buf != NULL, -1); + xmlSecAssert2(name != NULL, -1); + + ret = xmlOutputBufferWriteString(buf, " "); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ret = xmlOutputBufferWriteString(buf, (const char*) name); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + if(value != NULL) { + ret = xmlOutputBufferWriteString(buf, "=\""); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ret = xmlOutputBufferWriteString(buf, (const char*) value); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ret = xmlOutputBufferWriteString(buf, "\""); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + return (0); +} + +static int +xmlSecTransformRelationshipWriteNs(xmlOutputBufferPtr buf, const xmlChar * href) { + xmlSecAssert2(buf != NULL, -1); + + return(xmlSecTransformRelationshipWriteProp(buf, BAD_CAST "xmlns", (href != NULL) ? href : BAD_CAST "")); +} + + +static int +xmlSecTransformRelationshipProcessElementNode(xmlSecTransformPtr transform, xmlOutputBufferPtr buf, xmlNodePtr cur) { + xmlAttrPtr attr; + int foundTargetMode = 0; + int ret; + + xmlSecAssert2(transform != NULL, -1); + xmlSecAssert2(buf != NULL, -1); + xmlSecAssert2(cur != NULL, -1); + xmlSecAssert2(cur->name != NULL, -1); + + /* write open node */ + ret = xmlOutputBufferWriteString(buf, "<"); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ret = xmlOutputBufferWriteString(buf, (const char *)cur->name); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* write namespaces */ + if(cur->nsDef != NULL) { + ret = xmlSecTransformRelationshipWriteNs(buf, cur->nsDef->href); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformRelationshipWriteNs", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + /** + * write attributes: + * + * This is step 3, point 6: add default value of TargetMode if there is no such attribute. + */ + for(attr = cur->properties; attr != NULL; attr = attr->next) { + xmlChar * value = xmlGetProp(cur, attr->name); + + if(xmlStrcmp(attr->name, xmlSecRelationshipAttrTargetMode) == 0) { + foundTargetMode = 1; + } + + ret = xmlSecTransformRelationshipWriteProp(buf, attr->name, value); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformRelationshipWriteProp", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + /* write TargetMode */ + if(xmlStrcmp(cur->name, xmlSecNodeRelationship) == 0 && !foundTargetMode) { + ret = xmlSecTransformRelationshipWriteProp(buf, xmlSecRelationshipAttrTargetMode, BAD_CAST "Internal"); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformRelationshipWriteProp(TargetMode=Internal)", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + /* finish writing open node */ + ret = xmlOutputBufferWriteString(buf, ">"); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* write children */ + if(cur->children != NULL) { + ret = xmlSecTransformRelationshipProcessNodeList(transform, buf, cur->children); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformRelationshipProcessNodeList", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + /* write closing node */ + ret = xmlOutputBufferWriteString(buf, "</"); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ret = xmlOutputBufferWriteString(buf, (const char *)cur->name); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + if(xmlOutputBufferWriteString(buf, ">") < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlOutputBufferWriteString", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* done */ + return(0); +} + +static int +xmlSecTransformRelationshipExecute(xmlSecTransformPtr transform, xmlOutputBufferPtr buf, xmlDocPtr doc) { + int ret; + + xmlSecAssert2(transform != NULL, -1); + xmlSecAssert2(buf != NULL, -1); + xmlSecAssert2(doc != NULL, -1); + + if(doc->children != NULL) { + ret = xmlSecTransformRelationshipProcessNodeList(transform, buf, doc->children); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformRelationshipProcessNodeList", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + return(0); +} + +static int +xmlSecTransformRelationshipPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes, xmlSecTransformCtxPtr transformCtx) +{ + xmlOutputBufferPtr buf; + xmlSecRelationshipCtxPtr ctx; + int ret; + + xmlSecAssert2(nodes != NULL, -1); + xmlSecAssert2(nodes->doc != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecRelationshipGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + /* check/update current transform status */ + switch(transform->status) { + case xmlSecTransformStatusNone: + transform->status = xmlSecTransformStatusWorking; + break; + case xmlSecTransformStatusWorking: + case xmlSecTransformStatusFinished: + return(0); + default: + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_STATUS, + "status=%d", transform->status); + return(-1); + } + xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1); + + /* prepare output buffer: next transform or ourselves */ + if(transform->next != NULL) { + buf = xmlSecTransformCreateOutputBuffer(transform->next, transformCtx); + if(buf == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformCreateOutputBuffer", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else { + buf = xmlSecBufferCreateOutputBuffer(&(transform->outBuf)); + if(buf == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecBufferCreateOutputBuffer", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + + ret = xmlSecTransformRelationshipExecute(transform, buf, nodes->doc); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlC14NExecute", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlOutputBufferClose(buf); + return(-1); + } + + ret = xmlOutputBufferClose(buf); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlOutputBufferClose", + XMLSEC_ERRORS_R_XML_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + transform->status = xmlSecTransformStatusFinished; + return(0); +} + +static int +xmlSecTransformRelationshipPopBin(xmlSecTransformPtr transform, xmlSecByte* data, xmlSecSize maxDataSize, xmlSecSize* dataSize, xmlSecTransformCtxPtr transformCtx) { + xmlSecBufferPtr out; + int ret; + + xmlSecAssert2(data != NULL, -1); + xmlSecAssert2(dataSize != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + out = &(transform->outBuf); + if(transform->status == xmlSecTransformStatusNone) { + xmlOutputBufferPtr buf; + + xmlSecAssert2(transform->inNodes == NULL, -1); + + if(transform->prev == NULL) { + (*dataSize) = 0; + transform->status = xmlSecTransformStatusFinished; + return(0); + } + + /* get xml data from previous transform */ + ret = xmlSecTransformPopXml(transform->prev, &(transform->inNodes), transformCtx); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformPopXml", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* dump everything to internal buffer */ + buf = xmlSecBufferCreateOutputBuffer(out); + if(buf == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecBufferCreateOutputBuffer", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ret = xmlC14NExecute(transform->inNodes->doc, (xmlC14NIsVisibleCallback)xmlSecNodeSetContains, transform->inNodes, XML_C14N_1_0, NULL, 0, buf); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecTransformC14NExecute", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlOutputBufferClose(buf); + return(-1); + } + + ret = xmlOutputBufferClose(buf); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlOutputBufferClose", + XMLSEC_ERRORS_R_XML_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + transform->status = xmlSecTransformStatusWorking; + } + + if(transform->status == xmlSecTransformStatusWorking) { + xmlSecSize outSize; + + /* return chunk after chunk */ + outSize = xmlSecBufferGetSize(out); + if(outSize > maxDataSize) { + outSize = maxDataSize; + } + if(outSize > XMLSEC_TRANSFORM_BINARY_CHUNK) { + outSize = XMLSEC_TRANSFORM_BINARY_CHUNK; + } + if(outSize > 0) { + xmlSecAssert2(xmlSecBufferGetData(out), -1); + + memcpy(data, xmlSecBufferGetData(out), outSize); + ret = xmlSecBufferRemoveHead(out, outSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecBufferRemoveHead", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", outSize); + return(-1); + } + } else if(xmlSecBufferGetSize(out) == 0) { + transform->status = xmlSecTransformStatusFinished; + } + (*dataSize) = outSize; + } else if(transform->status == xmlSecTransformStatusFinished) { + /* the only way we can get here is if there is no output */ + xmlSecAssert2(xmlSecBufferGetSize(out) == 0, -1); + (*dataSize) = 0; + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_STATUS, + "status=%d", transform->status); + return(-1); + } + + return(0); +} diff --git a/src/skeleton/app.c b/src/skeleton/app.c index 15ba3cf7..69c83308 100644 --- a/src/skeleton/app.c +++ b/src/skeleton/app.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/skeleton/crypto.c b/src/skeleton/crypto.c index 3be20644..0e372f18 100644 --- a/src/skeleton/crypto.c +++ b/src/skeleton/crypto.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -74,6 +74,7 @@ xmlSecCryptoGetFunctions_skeleton(void) { #ifndef XMLSEC_NO_GOST gXmlSecSkeletonFunctions->keyDataGost2001GetKlass = xmlSecSkeletonKeyDataGost2001GetKlass; + gXmlSecSkeletonFunctions->keyDataGostR3410_2012GetKlass = xmlSecSkeletonKeyDataGostR3410_2012GetKlass; #endif /* XMLSEC_NO_GOST */ #ifndef XMLSEC_NO_HMAC @@ -161,10 +162,14 @@ xmlSecCryptoGetFunctions_skeleton(void) { /******************************* GOST ********************************/ #ifndef XMLSEC_NO_GOST gXmlSecSkeletonFunctions->transformGost2001GostR3411_94GetKlass = xmlSecSkeletonTransformGost2001GostR3411_94GetKlass; + gXmlSecSkeletonFunctions->transformGostR3410_2012GostR3411_2012_256GetKlass = xmlSecSkeletonTransformGostR3410_2012GostR3411_2012_256GetKlass; + gXmlSecSkeletonFunctions->transformGostR3410_2012GostR3411_2012_512GetKlass = xmlSecSkeletonTransformGostR3410_2012GostR3411_2012_512GetKlass; #endif /* XMLSEC_GOST */ #ifndef XMLSEC_NO_GOST gXmlSecSkeletonFunctions->transformGostR3411_94GetKlass = xmlSecSkeletonTransformGostR3411_94GetKlass; + gXmlSecSkeletonFunctions->transformGostR3411_2012_256GetKlass = xmlSecSkeletonTransformGostR3411_2012_256GetKlass; + gXmlSecSkeletonFunctions->transformGostR3411_2012_512GetKlass = xmlSecSkeletonTransformGostR3411_2012_512GetKlass; #endif /* XMLSEC_NO_GOST */ /******************************* HMAC ********************************/ diff --git a/src/skeleton/globals.h b/src/skeleton/globals.h index 770b6dba..065c3e8f 100644 --- a/src/skeleton/globals.h +++ b/src/skeleton/globals.h @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef __XMLSEC_GLOBALS_H__ #define __XMLSEC_GLOBALS_H__ diff --git a/src/strings.c b/src/strings.c index f746f4db..8a621330 100644 --- a/src/strings.c +++ b/src/strings.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -22,7 +22,6 @@ const xmlChar xmlSecNs[] = "http://www.aleksey.com/xmlsec/2002"; const xmlChar xmlSecDSigNs[] = "http://www.w3.org/2000/09/xmldsig#"; const xmlChar xmlSecEncNs[] = "http://www.w3.org/2001/04/xmlenc#"; -const xmlChar xmlSecXkmsNs[] = "http://www.w3.org/2002/03/xkms#"; const xmlChar xmlSecXPathNs[] = "http://www.w3.org/TR/1999/REC-xpath-19991116"; const xmlChar xmlSecXPath2Ns[] = "http://www.w3.org/2002/06/xmldsig-filter2"; const xmlChar xmlSecXPointerNs[] = "http://www.w3.org/2001/04/xmldsig-more/xptr"; @@ -68,126 +67,6 @@ const xmlChar xmlSecTypeEncElement[] = "http://www.w3.org/2001/04/xml /************************************************************************* * - * XKMS Nodes - * - ************************************************************************/ -#ifndef XMLSEC_NO_XKMS -const xmlChar xmlSecXkmsServerRequestResultName[] = "result-response"; -const xmlChar xmlSecXkmsServerRequestStatusName[] = "status-request"; -const xmlChar xmlSecXkmsServerRequestLocateName[] = "locate-request"; -const xmlChar xmlSecXkmsServerRequestValidateName[] = "validate-request"; -const xmlChar xmlSecXkmsServerRequestCompoundName[] = "compound-request"; - -const xmlChar xmlSecNodeResult[] = "Result"; -const xmlChar xmlSecNodeStatusRequest[] = "StatusRequest"; -const xmlChar xmlSecNodeStatusResult[] = "StatusResult"; -const xmlChar xmlSecNodeLocateRequest[] = "LocateRequest"; -const xmlChar xmlSecNodeLocateResult[] = "LocateResult"; -const xmlChar xmlSecNodeValidateRequest[] = "ValidateRequest"; -const xmlChar xmlSecNodeValidateResult[] = "ValidateResult"; -const xmlChar xmlSecNodeCompoundRequest[] = "CompoundRequest"; -const xmlChar xmlSecNodeCompoundResult[] = "CompoundResult"; - -const xmlChar xmlSecNodeMessageExtension[] = "MessageExtension"; -const xmlChar xmlSecNodeOpaqueClientData[] = "OpaqueClientData"; -const xmlChar xmlSecNodeResponseMechanism[] = "ResponseMechanism"; -const xmlChar xmlSecNodeRespondWith[] = "RespondWith"; -const xmlChar xmlSecNodePendingNotification[] = "PendingNotification"; -const xmlChar xmlSecNodeQueryKeyBinding[] = "QueryKeyBinding"; -const xmlChar xmlSecNodeKeyUsage[] = "KeyUsage"; -const xmlChar xmlSecNodeUseKeyWith[] = "UseKeyWith"; -const xmlChar xmlSecNodeTimeInstant[] = "TimeInstant"; -const xmlChar xmlSecNodeRequestSignatureValue[] = "RequestSignatureValue"; -const xmlChar xmlSecNodeUnverifiedKeyBinding[] = "UnverifiedKeyBinding"; -const xmlChar xmlSecNodeValidityInterval[] = "ValidityInterval"; -const xmlChar xmlSecNodeStatus[] = "Status"; -const xmlChar xmlSecNodeValidReason[] = "ValidReason"; -const xmlChar xmlSecNodeInvalidReason[] = "InvalidReason"; -const xmlChar xmlSecNodeIndeterminateReason[] = "IndeterminateReason"; - -const xmlChar xmlSecAttrService[] = "Service"; -const xmlChar xmlSecAttrNonce[] = "Nonce"; -const xmlChar xmlSecAttrOriginalRequestId[] = "OriginalRequestId"; -const xmlChar xmlSecAttrResponseLimit[] = "ResponseLimit"; -const xmlChar xmlSecAttrMechanism[] = "Mechanism["; -const xmlChar xmlSecAttrIdentifier[] = "Identifier"; -const xmlChar xmlSecAttrApplication[] = "Application"; -const xmlChar xmlSecAttrResultMajor[] = "ResultMajor"; -const xmlChar xmlSecAttrResultMinor[] = "ResultMinor"; -const xmlChar xmlSecAttrRequestId[] = "RequestId"; -const xmlChar xmlSecAttrNotBefore[] = "NotBefore"; -const xmlChar xmlSecAttrNotOnOrAfter[] = "NotOnOrAfter"; -const xmlChar xmlSecAttrTime[] = "Time"; -const xmlChar xmlSecAttrStatusValue[] = "StatusValue"; - -const xmlChar xmlSecResponseMechanismPending[] = "Pending"; -const xmlChar xmlSecResponseMechanismRepresent[]= "Represent"; -const xmlChar xmlSecResponseMechanismRequestSignatureValue[] = "RequestSignatureValue"; - -const xmlChar xmlSecRespondWithKeyName[] = "KeyName"; -const xmlChar xmlSecRespondWithKeyValue[] = "KeyValue"; -const xmlChar xmlSecRespondWithX509Cert[] = "X509Cert"; -const xmlChar xmlSecRespondWithX509Chain[] = "X509Chain"; -const xmlChar xmlSecRespondWithX509CRL[] = "X509CRL"; -const xmlChar xmlSecRespondWithOCSP[] = "OCSP"; -const xmlChar xmlSecRespondWithRetrievalMethod[]= "RetrievalMethod"; -const xmlChar xmlSecRespondWithPGP[] = "PGP"; -const xmlChar xmlSecRespondWithPGPWeb[] = "PGPWeb"; -const xmlChar xmlSecRespondWithSPKI[] = "SPKI"; -const xmlChar xmlSecRespondWithPrivateKey[] = "PrivateKey"; - -const xmlChar xmlSecStatusResultSuccess[] = "Success"; -const xmlChar xmlSecStatusResultFailed[] = "Failed"; -const xmlChar xmlSecStatusResultPending[] = "Pending"; - -const xmlChar xmlSecKeyUsageEncryption[] = "Encryption"; -const xmlChar xmlSecKeyUsageSignature[] = "Signature"; -const xmlChar xmlSecKeyUsageExchange[] = "Exchange"; - -const xmlChar xmlSecKeyBindingStatusValid[] = "Valid"; -const xmlChar xmlSecKeyBindingStatusInvalid[] = "Invalid"; -const xmlChar xmlSecKeyBindingStatusIndeterminate[] = "Indeterminate"; - -const xmlChar xmlSecKeyBindingReasonIssuerTrust[] = "IssuerTrust"; -const xmlChar xmlSecKeyBindingReasonRevocationStatus[] = "RevocationStatus"; -const xmlChar xmlSecKeyBindingReasonValidityInterval[] = "ValidityInterval"; -const xmlChar xmlSecKeyBindingReasonSignature[] = "Signature"; - -const xmlChar xmlSecResultMajorCodeSuccess[] = "Success"; -const xmlChar xmlSecResultMajorCodeVersionMismatch[] = "VersionMismatch"; -const xmlChar xmlSecResultMajorCodeSender[] = "Sender"; -const xmlChar xmlSecResultMajorCodeReceiver[] = "Receiver"; -const xmlChar xmlSecResultMajorCodeRepresent[] = "Represent"; -const xmlChar xmlSecResultMajorCodePending[] = "Pending"; - -const xmlChar xmlSecResultMinorCodeNoMatch[] = "NoMatch"; -const xmlChar xmlSecResultMinorCodeTooManyResponses[] = "TooManyResponses"; -const xmlChar xmlSecResultMinorCodeIncomplete[] = "Incomplete"; -const xmlChar xmlSecResultMinorCodeFailure[] = "Failure"; -const xmlChar xmlSecResultMinorCodeRefused[] = "Refused"; -const xmlChar xmlSecResultMinorCodeNoAuthentication[] = "NoAuthentication"; -const xmlChar xmlSecResultMinorCodeMessageNotSupported[]= "MessageNotSupported"; -const xmlChar xmlSecResultMinorCodeUnknownResponseId[] = "UnknownResponseId"; -const xmlChar xmlSecResultMinorCodeNotSynchronous[] = "NotSynchronous"; - -const xmlChar xmlSecXkmsSoapSubcodeValueMessageNotSupported[] = "MessageNotSupported"; -const xmlChar xmlSecXkmsSoapSubcodeValueBadMessage[] = "BadMessage"; - -const xmlChar xmlSecXkmsSoapFaultReasonLang[] = "en"; -const xmlChar xmlSecXkmsSoapFaultReasonUnsupportedVersion[] = "Unsupported SOAP version"; -const xmlChar xmlSecXkmsSoapFaultReasonUnableToProcess[] = "Unable to process %s"; -const xmlChar xmlSecXkmsSoapFaultReasonServiceUnavailable[] = "Service temporarily unable"; -const xmlChar xmlSecXkmsSoapFaultReasonMessageNotSupported[]= "%s message not supported"; -const xmlChar xmlSecXkmsSoapFaultReasonMessageInvalid[] = "%s message invalid"; - -const xmlChar xmlSecXkmsFormatStrPlain[] = "plain"; -const xmlChar xmlSecXkmsFormatStrSoap11[] = "soap-1.1"; -const xmlChar xmlSecXkmsFormatStrSoap12[] = "soap-1.2"; - -#endif /* XMLSEC_NO_XKMS */ - -/************************************************************************* - * * KeyInfo Nodes * ************************************************************************/ @@ -304,6 +183,26 @@ const xmlChar xmlSecHrefGost2001GostR3411_94[] = "http://www.w3.org/200 /************************************************************************* * + * GOST R 34.10-2012 strings + * + ************************************************************************/ +const xmlChar xmlSecNameGostR3410_2012_256KeyValue[] = "gostr34102012-256"; +const xmlChar xmlSecNodeGostR3410_2012_256KeyValue[] = "gostr34102012-256"; +const xmlChar xmlSecHrefGostR3410_2012_256KeyValue[] = "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-256"; + +const xmlChar xmlSecNameGostR3410_2012_512KeyValue[] = "gostr34102012-512"; +const xmlChar xmlSecNodeGostR3410_2012_512KeyValue[] = "gostr34102012-512"; +const xmlChar xmlSecHrefGostR3410_2012_512KeyValue[] = "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-512"; + +/* see http://tools.ietf.org/html/draft-chudov-cryptopro-cpxmldsig-09#section-6.6 */ +const xmlChar xmlSecNameGostR3410_2012GostR3411_2012_256[] = "gostr34102012-gostr34112012-256"; +const xmlChar xmlSecHrefGostR3410_2012GostR3411_2012_256[] = "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256"; + +const xmlChar xmlSecNameGostR3410_2012GostR3411_2012_512[] = "gostr34102012-gostr34112012-512"; +const xmlChar xmlSecHrefGostR3410_2012GostR3411_2012_512[] = "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-512"; + +/************************************************************************* + * * DSA strings * ************************************************************************/ @@ -504,6 +403,20 @@ const xmlChar xmlSecHrefGostR3411_94[] = "http://www.w3.org/200 /************************************************************************* * + * GOST R 34.11-2012 strings + * + ************************************************************************/ + +/* see http://tools.ietf.org/html/draft-chudov-cryptopro-cpxmldsig-09#section-6.2 */ +const xmlChar xmlSecNameGostR3411_2012_256[] = "gostr34112012-256"; +const xmlChar xmlSecHrefGostR3411_2012_256[] = "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256"; + +const xmlChar xmlSecNameGostR3411_2012_512[] = "gostr34112012-512"; +const xmlChar xmlSecHrefGostR3411_2012_512[] = "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512"; + + +/************************************************************************* + * * SHA1 strings * ************************************************************************/ @@ -581,6 +494,21 @@ const xmlChar xmlSecNodeXPointer[] = "XPointer"; /************************************************************************* * + * Relationship strings + * + ************************************************************************/ +const xmlChar xmlSecNameRelationship[] = "relationship"; +const xmlChar xmlSecHrefRelationship[] = "http://schemas.openxmlformats.org/package/2006/RelationshipTransform"; +const xmlChar xmlSecNodeRelationship[] = "Relationship"; +const xmlChar xmlSecNodeRelationshipReference[] = "RelationshipReference"; +const xmlChar xmlSecRelationshipsNs[] = "http://schemas.openxmlformats.org/package/2006/relationships"; +const xmlChar xmlSecRelationshipReferenceNs[] = "http://schemas.openxmlformats.org/package/2006/digital-signature"; +const xmlChar xmlSecRelationshipAttrId[] = "Id"; +const xmlChar xmlSecRelationshipAttrSourceId[] = "SourceId"; +const xmlChar xmlSecRelationshipAttrTargetMode[]= "TargetMode"; + +/************************************************************************* + * * Xslt strings * ************************************************************************/ diff --git a/src/templates.c b/src/templates.c index 2270db67..374917c9 100644 --- a/src/templates.c +++ b/src/templates.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/transforms.c b/src/transforms.c index 8a2ded23..b1f16f74 100644 --- a/src/transforms.c +++ b/src/transforms.c @@ -36,7 +36,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -281,6 +281,16 @@ xmlSecTransformIdsRegisterDefault(void) { return(-1); } + if(xmlSecTransformIdsRegister(xmlSecTransformRelationshipId) < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecTransformIdsRegister", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "name=%s", + xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformRelationshipId))); + return(-1); + } + #ifndef XMLSEC_NO_XSLT if(xmlSecTransformIdsRegister(xmlSecTransformXsltId) < 0) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -355,7 +365,7 @@ xmlSecTransformCtxCreate(void) { NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(xmlSecTransformCtx)); + "size=%d", (int)sizeof(xmlSecTransformCtx)); return(NULL); } @@ -876,7 +886,7 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP NULL, NULL, XMLSEC_ERRORS_R_STRDUP_FAILED, - "size=%d", xptr - uri); + "size=%d", (int)(xptr - uri)); return(-1); } @@ -932,6 +942,9 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPointerId))); + if(buf != NULL) { + xmlFree(buf); + } return(-1); } @@ -965,6 +978,9 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformVisa3DHackId))); + if(buf != NULL) { + xmlFree(buf); + } return(-1); } @@ -1195,6 +1211,18 @@ xmlSecTransformCtxUriExecute(xmlSecTransformCtxPtr ctx, const xmlChar* uri) { return(-1); } + /* Close to free up file handle */ + ret = xmlSecTransformInputURIClose(uriTransform); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecTransformInputURIClose", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "ret=%d", ret); + return(-1); + } + + /* Done */ ctx->status = xmlSecTransformStatusFinished; return(0); } @@ -2810,7 +2838,7 @@ xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferMode mode, xmlSecTransformP NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(xmlSecTransformIOBuffer)); + "size=%d", (int)sizeof(xmlSecTransformIOBuffer)); return(NULL); } memset(buffer, 0, sizeof(xmlSecTransformIOBuffer)); @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/xkms.c b/src/xkms.c deleted file mode 100644 index d10099bb..00000000 --- a/src/xkms.c +++ /dev/null @@ -1,4981 +0,0 @@ -/** - * XML Security Library (http://www.aleksey.com/xmlsec). - * - * "XML Key Management Specification v 2.0" implementation - * http://www.w3.org/TR/xkms2/ - * - * This is free software; see Copyright file in the source - * distribution for preciese wording. - * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> - */ -#include "globals.h" - -#ifndef XMLSEC_NO_XKMS - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -#include <libxml/tree.h> -#include <libxml/parser.h> - -#include <xmlsec/xmlsec.h> -#include <xmlsec/buffer.h> -#include <xmlsec/xmltree.h> -#include <xmlsec/keys.h> -#include <xmlsec/keysmngr.h> -#include <xmlsec/transforms.h> -#include <xmlsec/keyinfo.h> -#include <xmlsec/soap.h> -#include <xmlsec/xkms.h> -#include <xmlsec/private.h> -#include <xmlsec/private/xkms.h> -#include <xmlsec/errors.h> - -#define XMLSEC_XKMS_ID_ATTRIBUTE_LEN 32 - -/* The ID attribute in XKMS is 'Id' */ -static const xmlChar* xmlSecXkmsServerIds[] = { BAD_CAST "Id", NULL }; - -#ifndef XMLSEC_NO_SOAP -static int xmlSecXkmsServerCtxWriteSoap11FatalError (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr envNode); -static int xmlSecXkmsServerCtxWriteSoap12FatalError (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr envNode); -#endif /* XMLSEC_NO_SOAP */ - -static int xmlSecXkmsServerCtxRequestAbstractTypeNodeRead (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr* node); -static int xmlSecXkmsServerCtxSignatureNodeRead (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerCtxMessageExtensionNodesRead (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr* node); -static int xmlSecXkmsServerCtxOpaqueClientDataNodeRead (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerCtxPendingNotificationNodeRead (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerCtxRespondWithNodesRead (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr* node); -static int xmlSecXkmsServerCtxPendingRequestNodeRead (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr* node); -static int xmlSecXkmsServerCtxQueryKeyBindingNodeRead (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr* node); -static int xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node, - xmlSecKeyPtr key); -static int xmlSecXkmsServerCtxKeyInfoNodeWrite (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node, - xmlSecKeyPtr key); -static int xmlSecXkmsServerCtxUseKeyWithNodesRead (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr* node); -static int xmlSecXkmsServerCtxUseKeyWithNodesWrite (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node, - xmlSecKeyPtr key); -static int xmlSecXkmsServerCtxTimeInstantNodeRead (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerCtxResultTypeNodeWrite (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node, - xmlSecKeyPtr key); -static int xmlSecXkmsServerCtxKeyBindingNodeWrite (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node, - xmlSecKeyPtr key); -static int xmlSecXkmsServerCtxValidityIntervalNodeWrite (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node, - xmlSecKeyPtr key); -static int xmlSecXkmsServerCtxKeyBindingStatusNodeWrite (xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node, - xmlSecKeyPtr key); - - -static const xmlSecQName2IntegerInfo gXmlSecXkmsResultMajorInfo[] = -{ - { xmlSecXkmsNs, xmlSecResultMajorCodeSuccess, - xmlSecXkmsResultMajorSuccess }, - { xmlSecXkmsNs, xmlSecResultMajorCodeVersionMismatch, - xmlSecXkmsResultMajorVersionMismatch }, - { xmlSecXkmsNs, xmlSecResultMajorCodeSender, - xmlSecXkmsResultMajorSender }, - { xmlSecXkmsNs, xmlSecResultMajorCodeReceiver, - xmlSecXkmsResultMajorReceiver }, - { xmlSecXkmsNs, xmlSecResultMajorCodeRepresent, - xmlSecXkmsResultMajorRepresent }, - { xmlSecXkmsNs, xmlSecResultMajorCodePending, - xmlSecXkmsResultMajorPending, }, - { NULL , NULL, 0 } /* MUST be last in the list */ -}; - -static const xmlSecQName2IntegerInfo gXmlSecXkmsMinorErrorInfo[] = -{ - { xmlSecXkmsNs, xmlSecResultMinorCodeNoMatch, - xmlSecXkmsResultMinorNoMatch }, - { xmlSecXkmsNs, xmlSecResultMinorCodeTooManyResponses, - xmlSecXkmsResultMinorTooManyResponses }, - { xmlSecXkmsNs, xmlSecResultMinorCodeIncomplete, - xmlSecXkmsResultMinorIncomplete }, - { xmlSecXkmsNs, xmlSecResultMinorCodeFailure, - xmlSecXkmsResultMinorFailure }, - { xmlSecXkmsNs, xmlSecResultMinorCodeRefused, - xmlSecXkmsResultMinorRefused }, - { xmlSecXkmsNs, xmlSecResultMinorCodeNoAuthentication, - xmlSecXkmsResultMinorNoAuthentication }, - { xmlSecXkmsNs, xmlSecResultMinorCodeMessageNotSupported, - xmlSecXkmsResultMinorMessageNotSupported }, - { xmlSecXkmsNs, xmlSecResultMinorCodeUnknownResponseId, - xmlSecXkmsResultMinorUnknownResponseId }, - { xmlSecXkmsNs, xmlSecResultMinorCodeNotSynchronous, - xmlSecXkmsResultMinorSynchronous }, - { NULL, NULL, 0 } /* MUST be last in the list */ -}; - -static const xmlSecQName2IntegerInfo gXmlSecXkmsKeyBindingStatusInfo[] = -{ - { xmlSecXkmsNs, xmlSecKeyBindingStatusValid, - xmlSecXkmsKeyBindingStatusValid }, - { xmlSecXkmsNs, xmlSecKeyBindingStatusInvalid, - xmlSecXkmsKeyBindingStatusInvalid }, - { xmlSecXkmsNs, xmlSecKeyBindingStatusIndeterminate, - xmlSecXkmsKeyBindingStatusIndeterminate }, - { NULL, NULL, 0 } /* MUST be last in the list */ -}; - -static const xmlSecQName2BitMaskInfo gXmlSecXkmsKeyUsageInfo[] = -{ - { xmlSecXkmsNs, xmlSecKeyUsageEncryption, - xmlSecKeyUsageEncrypt | xmlSecKeyUsageDecrypt }, - { xmlSecXkmsNs, xmlSecKeyUsageSignature, - xmlSecKeyUsageSign | xmlSecKeyUsageVerify }, - { xmlSecXkmsNs, xmlSecKeyUsageExchange, - xmlSecKeyUsageKeyExchange}, - { NULL, NULL, 0 } /* MUST be last in the list */ -}; - -static const xmlSecQName2BitMaskInfo gXmlSecXkmsKeyBindingReasonInfo[] = -{ - { xmlSecXkmsNs, xmlSecKeyBindingReasonIssuerTrust, - XMLSEC_XKMS_KEY_BINDING_REASON_MASK_ISSUER_TRAST }, - { xmlSecXkmsNs, xmlSecKeyBindingReasonRevocationStatus, - XMLSEC_XKMS_KEY_BINDING_REASON_MASK_REVOCATION_STATUS }, - { xmlSecXkmsNs, xmlSecKeyBindingReasonValidityInterval, - XMLSEC_XKMS_KEY_BINDING_REASON_MASK_VALIDITY_INTERVAL }, - { xmlSecXkmsNs, xmlSecKeyBindingReasonSignature, - XMLSEC_XKMS_KEY_BINDING_REASON_MASK_SIGNATURE }, - { NULL, NULL, 0 } /* MUST be last in the list */ -}; - -static const xmlSecQName2BitMaskInfo gXmlSecXkmsResponseMechanismInfo[] = -{ - { xmlSecXkmsNs, xmlSecResponseMechanismRepresent, - XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REPRESENT }, - { xmlSecXkmsNs, xmlSecResponseMechanismPending, - XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_PENDING }, - { xmlSecXkmsNs, xmlSecResponseMechanismRequestSignatureValue, - XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REQUEST_SIGNATURE_VALUE }, - { NULL, NULL, 0 } /* MUST be last in the list */ -}; - -static const xmlSecQName2IntegerInfo gXmlSecXkmsFormatInfo[] = -{ - { NULL, xmlSecXkmsFormatStrPlain, - xmlSecXkmsServerFormatPlain }, -#ifndef XMLSEC_NO_SOAP - { NULL, xmlSecXkmsFormatStrSoap11, - xmlSecXkmsServerFormatSoap11 }, - { NULL, xmlSecXkmsFormatStrSoap12, - xmlSecXkmsServerFormatSoap12 }, -#endif /* XMLSEC_NO_SOAP */ - { NULL, NULL, 0 } /* MUST be last in the list */ -}; - -/** - * xmlSecXkmsServerFormatFromString: - * @str the string. - * - * Gets xmlSecXkmsServerFormat from string @str. - * - * Returns: corresponding format or xmlSecXkmsServerFormatUnknown - * if format could not be recognized. - */ -xmlSecXkmsServerFormat -xmlSecXkmsServerFormatFromString(const xmlChar* str) { - int res; - int ret; - - xmlSecAssert2(str != NULL, xmlSecXkmsServerFormatUnknown); - - ret = xmlSecQName2IntegerGetInteger(gXmlSecXkmsFormatInfo, NULL, str, &res); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerGetInteger", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(xmlSecXkmsServerFormatUnknown); - } - - return((xmlSecXkmsServerFormat)res); -} - -/** - * xmlSecXkmsServerFormatToString: - * @format: the format. - * - * Gets string from @format. - * - * Returns: string corresponding to @format or NULL if an error occurs. - */ -const xmlChar* -xmlSecXkmsServerFormatToString (xmlSecXkmsServerFormat format) { - xmlSecQName2IntegerInfoConstPtr info; - - xmlSecAssert2(format != xmlSecXkmsServerFormatUnknown, NULL); - - info = xmlSecQName2IntegerGetInfo(gXmlSecXkmsFormatInfo, format); - if(info == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerGetInfo", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - return(info->qnameLocalPart); -} - -/** - * xmlSecXkmsServerCtxCreate: - * @keysMngr: the pointer to keys manager. - * - * Creates XKMS request server side processing context. - * The caller is responsible for destroying returned object by calling - * #xmlSecXkmsServerCtxDestroy function. - * - * Returns: pointer to newly allocated context object or NULL if an error - * occurs. - */ -xmlSecXkmsServerCtxPtr -xmlSecXkmsServerCtxCreate(xmlSecKeysMngrPtr keysMngr) { - xmlSecXkmsServerCtxPtr ctx; - int ret; - - ctx = (xmlSecXkmsServerCtxPtr) xmlMalloc(sizeof(xmlSecXkmsServerCtx)); - if(ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecXkmsServerCtx)=%d", - sizeof(xmlSecXkmsServerCtx)); - return(NULL); - } - - ret = xmlSecXkmsServerCtxInitialize(ctx, keysMngr); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxDestroy(ctx); - return(NULL); - } - return(ctx); -} - -/** - * xmlSecXkmsServerCtxDestroy: - * @ctx: the pointer to XKMS processing context. - * - * Destroy context object created with #xmlSecXkmsServerCtxCreate function. - */ -void -xmlSecXkmsServerCtxDestroy(xmlSecXkmsServerCtxPtr ctx) { - xmlSecAssert(ctx != NULL); - - xmlSecXkmsServerCtxFinalize(ctx); - xmlFree(ctx); -} - -/** - * xmlSecXkmsServerCtxInitialize: - * @ctx: the pointer to XKMS processing context. - * @keysMngr: the pointer to keys manager. - * - * Initializes XKMS element processing context. - * The caller is responsible for cleaning up returned object by calling - * #xmlSecXkmsServerCtxFinalize function. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsServerCtxInitialize(xmlSecXkmsServerCtxPtr ctx, xmlSecKeysMngrPtr keysMngr) { - int ret; - - xmlSecAssert2(ctx != NULL, -1); - - memset(ctx, 0, sizeof(xmlSecXkmsServerCtx)); - - ctx->resultMajor = xmlSecXkmsResultMajorSuccess; - ctx->resultMinor = xmlSecXkmsResultMinorNone; - ctx->responseLimit = XMLSEC_XKMS_NO_RESPONSE_LIMIT; - ctx->idLen = XMLSEC_XKMS_ID_ATTRIBUTE_LEN; - - /* initialize key info */ - ret = xmlSecKeyInfoCtxInitialize(&(ctx->keyInfoReadCtx), keysMngr); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ctx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead; - - ret = xmlSecKeyInfoCtxInitialize(&(ctx->keyInfoWriteCtx), keysMngr); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ctx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite; - - /* enabled RespondWith */ - ret = xmlSecPtrListInitialize(&(ctx->enabledRespondWithIds), xmlSecXkmsRespondWithIdListId); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* enabled ServerRequest */ - ret = xmlSecPtrListInitialize(&(ctx->enabledServerRequestIds), xmlSecXkmsServerRequestIdListId); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - - - /* initialize keys list */ - ret = xmlSecPtrListInitialize(&(ctx->keys), xmlSecKeyPtrListId); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* initialize RespondWith list */ - ret = xmlSecPtrListInitialize(&(ctx->respWithList), xmlSecXkmsRespondWithIdListId); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * xmlSecXkmsServerCtxFinalize: - * @ctx: the pointer to XKMS processing context. - * - * Cleans up @ctx object. - */ -void -xmlSecXkmsServerCtxFinalize(xmlSecXkmsServerCtxPtr ctx) { - xmlSecAssert(ctx != NULL); - - xmlSecXkmsServerCtxReset(ctx); - - if(ctx->expectedService != NULL) { - xmlFree(ctx->expectedService); - } - if(ctx->idPrefix != NULL) { - xmlFree(ctx->idPrefix); - } - - xmlSecKeyInfoCtxFinalize(&(ctx->keyInfoReadCtx)); - xmlSecKeyInfoCtxFinalize(&(ctx->keyInfoWriteCtx)); - xmlSecPtrListFinalize(&(ctx->enabledRespondWithIds)); - xmlSecPtrListFinalize(&(ctx->enabledServerRequestIds)); - xmlSecPtrListFinalize(&(ctx->keys)); - xmlSecPtrListFinalize(&(ctx->respWithList)); - memset(ctx, 0, sizeof(xmlSecXkmsServerCtx)); -} - -/** - * xmlSecXkmsServerCtxReset: - * @ctx: the pointer to XKMS processing context. - * - * Resets @ctx object, user settings are not touched. - */ -void -xmlSecXkmsServerCtxReset(xmlSecXkmsServerCtxPtr ctx) { - xmlSecAssert(ctx != NULL); - - ctx->resultMajor = xmlSecXkmsResultMajorSuccess; - ctx->resultMinor = xmlSecXkmsResultMinorNone; - xmlSecKeyInfoCtxReset(&(ctx->keyInfoReadCtx)); - xmlSecKeyInfoCtxReset(&(ctx->keyInfoWriteCtx)); - xmlSecPtrListEmpty(&(ctx->keys)); - xmlSecPtrListEmpty(&(ctx->respWithList)); - - ctx->requestNode = NULL; - ctx->opaqueClientDataNode = NULL; - ctx->firtsMsgExtNode = NULL; - ctx->keyInfoNode = NULL; - ctx->requestId = xmlSecXkmsServerRequestIdUnknown; - - if(ctx->id != NULL) { - xmlFree(ctx->id); ctx->id = NULL; - } - if(ctx->service != NULL) { - xmlFree(ctx->service); ctx->service = NULL; - } - if(ctx->nonce != NULL) { - xmlFree(ctx->nonce); ctx->nonce = NULL; - } - if(ctx->originalRequestId != NULL) { - xmlFree(ctx->originalRequestId); ctx->originalRequestId = NULL; - } - if(ctx->pendingNotificationMechanism != NULL) { - xmlFree(ctx->pendingNotificationMechanism); - ctx->pendingNotificationMechanism = NULL; - } - if(ctx->pendingNotificationIdentifier != NULL) { - xmlFree(ctx->pendingNotificationIdentifier); - ctx->pendingNotificationIdentifier = NULL; - } - if(ctx->compoundRequestContexts != NULL) { - xmlSecPtrListDestroy(ctx->compoundRequestContexts); - ctx->compoundRequestContexts = NULL; - } - - ctx->responseLimit = XMLSEC_XKMS_NO_RESPONSE_LIMIT; - ctx->responseMechanismMask = 0; -} - -/** - * xmlSecXkmsServerCtxCopyUserPref: - * @dst: the pointer to destination context. - * @src: the pointer to source context. - * - * Copies user preference from @src context to @dst. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsServerCtxCopyUserPref(xmlSecXkmsServerCtxPtr dst, xmlSecXkmsServerCtxPtr src) { - int ret; - - xmlSecAssert2(dst != NULL, -1); - xmlSecAssert2(src != NULL, -1); - - dst->userData = src->userData; - dst->flags = src->flags; - dst->flags2 = src->flags2; - - ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoReadCtx), &(src->keyInfoReadCtx)); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoWriteCtx), &(src->keyInfoWriteCtx)); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - if(src->expectedService != NULL) { - dst->expectedService = xmlStrdup(src->expectedService); - if(dst->expectedService == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - - if(src->idPrefix != NULL) { - dst->idPrefix = xmlStrdup(src->idPrefix); - if(dst->idPrefix == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - src->idLen = dst->idLen; - - - ret = xmlSecPtrListCopy(&(dst->enabledRespondWithIds), &(src->enabledRespondWithIds)); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - ret = xmlSecPtrListCopy(&(dst->enabledServerRequestIds), &(src->enabledServerRequestIds)); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * xmlSecXkmsServerCtxProcess: - * @ctx: the pointer to XKMS processing context. - * @node: the pointer to request node. - * @format: the request/response format. - * @doc: the pointer to response parent XML document (might be NULL). - * - * Reads XKMS request from @node and creates response to a newly created node. - * Caller is responsible for adding the returned node to the XML document. - * - * Returns: pointer to newly created XKMS response node or NULL - * if an error occurs. - */ -xmlNodePtr -xmlSecXkmsServerCtxProcess(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, - xmlSecXkmsServerFormat format, xmlDocPtr doc) { - int ret; - - xmlSecAssert2(ctx != NULL, NULL); - xmlSecAssert2(ctx->requestId == NULL, NULL); - xmlSecAssert2(ctx->requestNode == NULL, NULL); - xmlSecAssert2(node != NULL, NULL); - - ctx->requestNode = xmlSecXkmsServerCtxRequestUnwrap(ctx, node, format); - if(ctx->requestNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxRequestUnwrap", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(node->name)); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - goto done; - } - - ret = xmlSecXkmsServerCtxRequestRead(ctx, ctx->requestNode); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestIdListFindByNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ctx->requestNode=%s", - xmlSecErrorsSafeString(ctx->requestNode->name)); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - goto done; - } - - ret = xmlSecXkmsServerRequestExecute(ctx->requestId, ctx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ctx->requestNode=%s", - xmlSecErrorsSafeString(ctx->requestNode->name)); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - goto done; - } - -done: - /* always try to write response back */ - if(ctx->requestId != NULL) { - xmlNodePtr respNode; - xmlNodePtr wrappedRespNode; - - respNode = xmlSecXkmsServerCtxResponseWrite(ctx, doc); - if(respNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxResponseWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ctx->requestNode=%s", - xmlSecErrorsSafeString(ctx->requestNode->name)); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - goto error; - } - - - wrappedRespNode = xmlSecXkmsServerCtxResponseWrap(ctx, respNode, format, doc); - if(wrappedRespNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxResponseWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ctx->requestNode=%s", - xmlSecErrorsSafeString(ctx->requestNode->name)); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - xmlFreeNode(respNode); - goto error; - } - - return(wrappedRespNode); - } - -error: - /* last attempt: create fatatl error response */ - return(xmlSecXkmsServerCtxFatalErrorResponseCreate(ctx, format, doc)); -} - -/** - * xmlSecXkmsServerCtxRequestRead: - * @ctx: the pointer to XKMS processing context. - * @node: the pointer to request node. - * - * Reads XKMS request from @node and stores data in @ctx. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsServerCtxRequestRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->requestId == NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* find out what the request is */ - if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) { - ctx->requestId = xmlSecXkmsServerRequestIdListFindByNode(&(ctx->enabledServerRequestIds), node); - } else { - ctx->requestId = xmlSecXkmsServerRequestIdListFindByNode(xmlSecXkmsServerRequestIdsGet(), node); - } - if(ctx->requestId == xmlSecXkmsServerRequestIdUnknown) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestIdListFindByNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(node->name)); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorMessageNotSupported); - return(-1); - } - - xmlSecAddIDs(node->doc, node, xmlSecXkmsServerIds); - ret = xmlSecXkmsServerRequestNodeRead(ctx->requestId, ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "request=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctx->requestId))); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(-1); - } - - return(0); -} - -/** - * xmlSecXkmsServerCtxResponseWrite: - * @ctx: the pointer to XKMS processing context. - * @doc: the pointer to response parent XML document (might be NULL). - * - * Writes XKMS response from context to a newly created node. Caller is - * responsible for adding the returned node to the XML document. - * - * Returns: pointer to newly created XKMS response node or NULL - * if an error occurs. - */ -xmlNodePtr -xmlSecXkmsServerCtxResponseWrite(xmlSecXkmsServerCtxPtr ctx, xmlDocPtr doc) { - xmlNodePtr respNode; - - xmlSecAssert2(ctx != NULL, NULL); - xmlSecAssert2(ctx->requestId != NULL, NULL); - - /* now write results */ - respNode = xmlSecXkmsServerRequestNodeWrite(ctx->requestId, ctx, doc, NULL); - if(respNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "request=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctx->requestId))); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - return(respNode); -} - -/** - * xmlSecXkmsServerCtxRequestUnwrap: - * @ctx: the pointer to XKMS processing context. - * @node: the pointer to request node. - * @format: the request/response format. - * - * Removes SOAP or other envelope from XKMS request. - * - * Returns: pointer to "real" XKMS request node or NULL if an error occurs. - */ -xmlNodePtr -xmlSecXkmsServerCtxRequestUnwrap(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecXkmsServerFormat format) { - xmlNodePtr result = NULL; - - xmlSecAssert2(ctx != NULL, NULL); - xmlSecAssert2(node != NULL, NULL); - - switch(format) { - case xmlSecXkmsServerFormatPlain: - result = node; - break; -#ifndef XMLSEC_NO_SOAP - case xmlSecXkmsServerFormatSoap11: - /* verify that it is actually soap Envelope node */ - if(xmlSecSoap11CheckEnvelope(node) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11CheckEnvelope", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - /* check that Body has exactly one entry */ - if(xmlSecSoap11GetBodyEntriesNumber(node) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11GetBodyEntriesNumber", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - /* this one enntry is our xkms request */ - result = xmlSecSoap11GetBodyEntry(node, 0); - if(result == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11GetBodyEntry", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - break; - case xmlSecXkmsServerFormatSoap12: - /* verify that it is actually soap Envelope node */ - if(xmlSecSoap12CheckEnvelope(node) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12CheckEnvelope", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - /* check that Body has exactly one entry */ - if(xmlSecSoap12GetBodyEntriesNumber(node) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12GetBodyEntriesNumber", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - /* this one enntry is our xkms request */ - result = xmlSecSoap12GetBodyEntry(node, 0); - if(result == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12GetBodyEntry", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - break; -#endif /* XMLSEC_NO_SOAP */ - default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - "format=%d", - format); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - return(result); -} - -/** - * xmlSecXkmsServerCtxResponseWrap: - * @ctx: the pointer to XKMS processing context. - * @node: the pointer to response node. - * @format: the request/response format. - * @doc: the pointer to response parent XML document (might be NULL). - * - * Creates SOAP or other envelope around XKMS response. - * Caller is responsible for adding the returned node to the XML document. - * - * Returns: pointer to newly created response envelope node or NULL - * if an error occurs. - */ -xmlNodePtr -xmlSecXkmsServerCtxResponseWrap(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecXkmsServerFormat format, xmlDocPtr doc) { - xmlNodePtr result = NULL; - - xmlSecAssert2(ctx != NULL, NULL); - xmlSecAssert2(node != NULL, NULL); - - switch(format) { - case xmlSecXkmsServerFormatPlain: - result = node; /* do nothing */ - break; -#ifndef XMLSEC_NO_SOAP - case xmlSecXkmsServerFormatSoap11: - result = xmlSecSoap11CreateEnvelope(doc); - if(result == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11CreateEnvelope", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - if(xmlSecSoap11AddBodyEntry(result, node) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11AddBodyEntry", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(NULL); - } - break; - case xmlSecXkmsServerFormatSoap12: - result = xmlSecSoap12CreateEnvelope(doc); - if(result == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12CreateEnvelope", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - if(xmlSecSoap12AddBodyEntry(result, node) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12AddBodyEntry", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(NULL); - } - break; -#endif /* XMLSEC_NO_SOAP */ - default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - "format=%d", - format); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - return(result); -} - -/** - * xmlSecXkmsServerCtxFatalErrorResponseCreate: - * @ctx: the pointer to XKMS processing context. - * @format: the request/response format. - * @doc: the pointer to response parent XML document (might be NULL). - * - * Creates a "fatal error" SOAP or other envelope respons. Caller is - * responsible for adding the returned node to the XML document. - * - * Returns: pointer to newly created fatal error response (it might be NULL). - */ -xmlNodePtr -xmlSecXkmsServerCtxFatalErrorResponseCreate(xmlSecXkmsServerCtxPtr ctx, xmlSecXkmsServerFormat format, xmlDocPtr doc) { - xmlNodePtr result = NULL; - int ret; - - xmlSecAssert2(ctx != NULL, NULL); - - /* make sure that we have an error */ - if(ctx->resultMajor == xmlSecXkmsResultMajorSuccess) { - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - } - - switch(format) { - case xmlSecXkmsServerFormatPlain: - /* try to create fatal error response with XKMS Status request */ - result = xmlSecXkmsServerRequestNodeWrite(xmlSecXkmsServerRequestResultId, ctx, doc, NULL); - if(result == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - break; -#ifndef XMLSEC_NO_SOAP - case xmlSecXkmsServerFormatSoap11: - result = xmlSecSoap11CreateEnvelope(doc); - if(result == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11CreateEnvelope", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - ret = xmlSecXkmsServerCtxWriteSoap11FatalError(ctx, result); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxWriteSoap11FatalError", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - xmlFreeNode(result); - return(NULL); - } - - break; - case xmlSecXkmsServerFormatSoap12: - result = xmlSecSoap12CreateEnvelope(doc); - if(result == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12CreateEnvelope", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - ret = xmlSecXkmsServerCtxWriteSoap12FatalError(ctx, result); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxWriteSoap12FatalError", - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - xmlFreeNode(result); - return(NULL); - } - - break; -#endif /* XMLSEC_NO_SOAP */ - default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - "format=%d", - format); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(NULL); - } - - return(result); -} - -#ifndef XMLSEC_NO_SOAP -static int -xmlSecXkmsServerCtxWriteSoap11FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr envNode) { - const xmlChar* faultCodeHref = NULL; - const xmlChar* faultCodeLocalPart = NULL; - xmlChar* faultString = NULL; - int len; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(envNode != NULL, -1); - - if((ctx->resultMajor == xmlSecXkmsResultMajorVersionMismatch) || - (ctx->requestNode == NULL)) { - /* we were not able to parse the envelope or its general version mismatch error */ - faultCodeHref = xmlSecSoap11Ns; - faultCodeLocalPart = xmlSecSoapFaultCodeVersionMismatch; - faultString = xmlStrdup(xmlSecXkmsSoapFaultReasonUnsupportedVersion); - if(faultString == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(-1); - } - } else if((ctx->resultMajor == xmlSecXkmsResultMajorSender) && - (ctx->requestId == NULL)) { - /* we understood the request but were not able to parse input message */ - faultCodeHref = xmlSecSoap11Ns; - faultCodeLocalPart = xmlSecSoapFaultCodeClient; - - len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) + - xmlStrlen(xmlSecXkmsSoapFaultReasonMessageInvalid) + 1; - faultString = xmlMalloc(len + 1); - if(faultString == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(-1); - } - xmlSecStrPrintf(faultString, len , xmlSecXkmsSoapFaultReasonMessageInvalid, - xmlSecErrorsSafeString(ctx->requestNode->name)); - } else if((ctx->resultMajor == xmlSecXkmsResultMajorReceiver) && - (ctx->requestId == NULL)) { - /* we understood the request but were not able to process it */ - faultCodeHref = xmlSecSoap11Ns; - faultCodeLocalPart = xmlSecSoapFaultCodeServer; - faultString = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable); - if(faultString == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(-1); - } - } else if((ctx->requestId == NULL) && (ctx->requestNode != NULL)) { - /* we parsed the envelope but were not able to understand this request */ - faultCodeHref = xmlSecSoap11Ns; - faultCodeLocalPart = xmlSecSoapFaultCodeClient; - - len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) + - xmlStrlen(xmlSecXkmsSoapFaultReasonMessageNotSupported) + 1; - faultString = xmlMalloc(len + 1); - if(faultString == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(-1); - } - xmlSecStrPrintf(faultString, len , xmlSecXkmsSoapFaultReasonMessageNotSupported, - xmlSecErrorsSafeString(ctx->requestNode->name)); - } else { - /* just some error */ - faultCodeHref = xmlSecSoap11Ns; - faultCodeLocalPart = xmlSecSoapFaultCodeServer; - faultString = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable); - if(faultString == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(-1); - } - } - - if(xmlSecSoap11AddFaultEntry(envNode, faultCodeHref, faultCodeLocalPart, faultString, NULL) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11AddFaultEntry", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - xmlFree(faultString); - return(-1); - } - - xmlFree(faultString); - return(0); -} - -static int -xmlSecXkmsServerCtxWriteSoap12FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr envNode) { - xmlSecSoap12FaultCode faultCode = xmlSecSoap12FaultCodeUnknown; - const xmlChar* faultSubCodeHref = NULL; - const xmlChar* faultSubCodeLocalPart = NULL; - xmlChar* faultReason = NULL; - int len; - xmlNodePtr faultNode; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(envNode != NULL, -1); - - if((ctx->resultMajor == xmlSecXkmsResultMajorVersionMismatch) || - (ctx->requestNode == NULL)) { - /* we were not able to parse the envelope or its general version mismatch error */ - faultCode = xmlSecSoap12FaultCodeVersionMismatch; - faultReason = xmlStrdup(xmlSecXkmsSoapFaultReasonUnsupportedVersion); - if(faultReason == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(-1); - } - } else if((ctx->resultMajor == xmlSecXkmsResultMajorSender) && - (ctx->requestId == NULL)) { - /* we understood the request but were not able to parse input message */ - faultCode = xmlSecSoap12FaultCodeSender; - faultSubCodeHref = xmlSecXkmsNs; - faultSubCodeLocalPart = xmlSecXkmsSoapSubcodeValueMessageNotSupported; - - len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) + - xmlStrlen(xmlSecXkmsSoapFaultReasonMessageInvalid) + 1; - faultReason = xmlMalloc(len + 1); - if(faultReason == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(-1); - } - xmlSecStrPrintf(faultReason, len , xmlSecXkmsSoapFaultReasonMessageInvalid, - xmlSecErrorsSafeString(ctx->requestNode->name)); - } else if((ctx->resultMajor == xmlSecXkmsResultMajorReceiver) && - (ctx->requestId == NULL)) { - /* we understood the request but were not able to process it */ - faultCode = xmlSecSoap12FaultCodeReceiver; - faultReason = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable); - if(faultReason == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(-1); - } - } else if((ctx->requestId == NULL) && (ctx->requestNode != NULL)) { - /* we parsed the envelope but were not able to understand this request */ - faultCode = xmlSecSoap12FaultCodeSender; - faultSubCodeHref = xmlSecXkmsNs; - faultSubCodeLocalPart = xmlSecXkmsSoapSubcodeValueBadMessage; - - len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) + - xmlStrlen(xmlSecXkmsSoapFaultReasonMessageNotSupported) + 1; - faultReason = xmlMalloc(len + 1); - if(faultReason == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(-1); - } - xmlSecStrPrintf(faultReason, len , xmlSecXkmsSoapFaultReasonMessageNotSupported, - xmlSecErrorsSafeString(ctx->requestNode->name)); - } else { - /* just some error */ - faultCode = xmlSecSoap12FaultCodeReceiver; - faultReason = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable); - if(faultReason == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - return(-1); - } - } - xmlSecAssert2(faultCode != xmlSecSoap12FaultCodeUnknown, -1); - xmlSecAssert2(faultReason != NULL, -1); - - faultNode = xmlSecSoap12AddFaultEntry(envNode, faultCode, faultReason, - xmlSecXkmsSoapFaultReasonLang, NULL, NULL); - if(faultNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12AddFaultEntry", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - xmlFree(faultReason); - return(-1); - } - xmlFree(faultReason); - - if((faultSubCodeHref != NULL) && (faultSubCodeLocalPart != NULL)) { - /* make sure that we have subcode (xkms) namespace declared */ - if(xmlNewNs(faultNode, faultSubCodeHref, BAD_CAST "xkms") == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewNs", - XMLSEC_ERRORS_R_XML_FAILED, - "ns=%s", - xmlSecErrorsSafeString(faultSubCodeHref)); - return(-1); - } - if(xmlSecSoap12AddFaultSubcode(faultNode, faultSubCodeHref, faultSubCodeLocalPart) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12AddFaultSubcode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "href=%s,value=%s", - xmlSecErrorsSafeString(faultSubCodeHref), - xmlSecErrorsSafeString(faultSubCodeLocalPart)); - return(-1); - } - } - - return(0); -} - -#endif /* XMLSEC_NO_SOAP */ - - -/** - * xmlSecXkmsServerCtxSetResult: - * @ctx: the pointer to XKMS processing context. - * @resultMajor: the major result code. - * @resultMinor: the minor result code. - * - * Sets the major/minor result code in the context if no other result is already - * reported. - */ -void -xmlSecXkmsServerCtxSetResult(xmlSecXkmsServerCtxPtr ctx, xmlSecXkmsResultMajor resultMajor, - xmlSecXkmsResultMinor resultMinor) { - xmlSecAssert(ctx != NULL); - - if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) && - (resultMinor != xmlSecXkmsResultMajorSuccess)) { - ctx->resultMajor = resultMajor; - ctx->resultMinor = resultMinor; - } else if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) && - (ctx->resultMinor == xmlSecXkmsResultMinorNone)) { - xmlSecAssert(resultMajor == xmlSecXkmsResultMajorSuccess); - - ctx->resultMinor = resultMinor; - } -} - - -/** - * xmlSecXkmsServerCtxDebugDump: - * @ctx: the pointer to XKMS processing context. - * @output: the pointer to output FILE. - * - * Prints the debug information about @ctx to @output. - */ -void -xmlSecXkmsServerCtxDebugDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) { - xmlSecAssert(ctx != NULL); - xmlSecAssert(output != NULL); - - fprintf(output, "= XKMS SERVER CONTEXT: %s\n", - (ctx->requestId != xmlSecXkmsServerRequestIdUnknown && - xmlSecXkmsServerRequestKlassGetName(ctx->requestId)) ? - xmlSecXkmsServerRequestKlassGetName(ctx->requestId) : - BAD_CAST "NULL"); - - xmlSecQName2IntegerDebugDump(gXmlSecXkmsResultMajorInfo, - ctx->resultMajor, BAD_CAST "resultMajor", output); - xmlSecQName2IntegerDebugDump(gXmlSecXkmsMinorErrorInfo, - ctx->resultMinor, BAD_CAST "resultMinor", output); - - fprintf(output, "== id: %s\n", - (ctx->id) ? ctx->id : BAD_CAST ""); - fprintf(output, "== service: %s\n", - (ctx->service) ? ctx->service : BAD_CAST ""); - fprintf(output, "== nonce: %s\n", - (ctx->nonce) ? ctx->nonce : BAD_CAST ""); - fprintf(output, "== originalRequestId: %s\n", - (ctx->originalRequestId) ? ctx->originalRequestId : BAD_CAST ""); - fprintf(output, "== pendingNotificationMechanism: %s\n", - (ctx->pendingNotificationMechanism) ? - ctx->pendingNotificationMechanism : - BAD_CAST ""); - fprintf(output, "== pendingNotificationIdentifier: %s\n", - (ctx->pendingNotificationIdentifier) ? - ctx->pendingNotificationIdentifier : - BAD_CAST ""); - if(ctx->responseLimit != XMLSEC_XKMS_NO_RESPONSE_LIMIT) { - fprintf(output, "== ResponseLimit: %d\n", ctx->responseLimit); - } - xmlSecQName2BitMaskDebugDump(gXmlSecXkmsResponseMechanismInfo, - ctx->responseMechanismMask, BAD_CAST "responseMechanism", output); - - if(ctx->expectedService != NULL) { - fprintf(output, "== expected service: %s\n", ctx->expectedService); - } - fprintf(output, "== flags: 0x%08x\n", ctx->flags); - fprintf(output, "== flags2: 0x%08x\n", ctx->flags2); - - fprintf(output, "== Key Info Read Ctx:\n"); - xmlSecKeyInfoCtxDebugDump(&(ctx->keyInfoReadCtx), output); - - fprintf(output, "== Key Info Write Ctx:\n"); - xmlSecKeyInfoCtxDebugDump(&(ctx->keyInfoWriteCtx), output); - - if(xmlSecPtrListGetSize(&(ctx->enabledRespondWithIds)) > 0) { - fprintf(output, "== Enabled RespondWith: "); - xmlSecTransformIdListDebugDump(&(ctx->enabledRespondWithIds), output); - } else { - fprintf(output, "== Enabled RespondWith: all\n"); - } - - if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) { - fprintf(output, "== Enabled ServerRequest: "); - xmlSecTransformIdListDebugDump(&(ctx->enabledServerRequestIds), output); - } else { - fprintf(output, "== Enabled ServerRequest: all\n"); - } - - fprintf(output, "== RespondWith List:\n"); - xmlSecPtrListDebugDump(&(ctx->respWithList), output); - - fprintf(output, "== Keys:\n"); - xmlSecPtrListDebugDump(&(ctx->keys), output); - - if(ctx->compoundRequestContexts != NULL) { - fprintf(output, "== Compound Request:\n"); - xmlSecPtrListDebugDump(ctx->compoundRequestContexts, output); - } -} - -/** - * xmlSecXkmsServerCtxDebugXmlDump: - * @ctx: the pointer to XKMS processing context. - * @output: the pointer to output FILE. - * - * Prints the debug information about @ctx to @output in XML format. - */ -void -xmlSecXkmsServerCtxDebugXmlDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) { - xmlSecAssert(ctx != NULL); - xmlSecAssert(output != NULL); - - fprintf(output, "<XkmsServerRequestContext name=\""); - xmlSecPrintXmlString(output, - (ctx->requestId != xmlSecXkmsServerRequestIdUnknown) ? - xmlSecXkmsServerRequestKlassGetName(ctx->requestId) : - BAD_CAST "NULL" - ); - fprintf(output, "\">\n"); - - xmlSecQName2IntegerDebugXmlDump(gXmlSecXkmsResultMajorInfo, - ctx->resultMajor, BAD_CAST "MajorError", output); - xmlSecQName2IntegerDebugXmlDump(gXmlSecXkmsMinorErrorInfo, - ctx->resultMinor, BAD_CAST "MinorError", output); - - fprintf(output, "<Id>"); - xmlSecPrintXmlString(output, ctx->id); - fprintf(output, "</Id>\n"); - - fprintf(output, "<Service>"); - xmlSecPrintXmlString(output, ctx->service); - fprintf(output, "</Service>\n"); - - fprintf(output, "<Nonce>"); - xmlSecPrintXmlString(output, ctx->nonce); - fprintf(output, "</Nonce>\n"); - - fprintf(output, "<OriginalRequestId>"); - xmlSecPrintXmlString(output, ctx->originalRequestId); - fprintf(output, "</OriginalRequestId>\n"); - - fprintf(output, "<PendingNotificationMechanism>"); - xmlSecPrintXmlString(output, ctx->pendingNotificationMechanism); - fprintf(output, "</PendingNotificationMechanism>\n"); - - fprintf(output, "<PendingNotificationIdentifier>"); - xmlSecPrintXmlString(output, ctx->pendingNotificationIdentifier); - fprintf(output, "</PendingNotificationIdentifier>\n"); - - if(ctx->responseLimit != XMLSEC_XKMS_NO_RESPONSE_LIMIT) { - fprintf(output, "<ResponseLimit>%d</ResponseLimit>\n", ctx->responseLimit); - } - xmlSecQName2BitMaskDebugXmlDump(gXmlSecXkmsResponseMechanismInfo, - ctx->responseMechanismMask, BAD_CAST "ResponseMechanism", output); - - - fprintf(output, "<ExpectedService>"); - xmlSecPrintXmlString(output, ctx->expectedService); - fprintf(output, "</ExpectedService>\n"); - - fprintf(output, "<Flags>%08x</Flags>\n", ctx->flags); - fprintf(output, "<Flags2>%08x</Flags2>\n", ctx->flags2); - - fprintf(output, "<KeyInfoReadCtx>\n"); - xmlSecKeyInfoCtxDebugXmlDump(&(ctx->keyInfoReadCtx), output); - fprintf(output, "</KeyInfoReadCtx>\n"); - - fprintf(output, "<KeyInfoWriteCtx>\n"); - xmlSecKeyInfoCtxDebugXmlDump(&(ctx->keyInfoWriteCtx), output); - fprintf(output, "</KeyInfoWriteCtx>\n"); - - if(xmlSecPtrListGetSize(&(ctx->enabledRespondWithIds)) > 0) { - fprintf(output, "<EnabledRespondWith>\n"); - xmlSecTransformIdListDebugXmlDump(&(ctx->enabledRespondWithIds), output); - fprintf(output, "</EnabledRespondWith>\n"); - } else { - fprintf(output, "<EnabledRespondWith>all</EnabledRespondWith>\n"); - } - - if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) { - fprintf(output, "<EnabledServerRequest>\n"); - xmlSecTransformIdListDebugXmlDump(&(ctx->enabledServerRequestIds), output); - fprintf(output, "</EnabledServerRequest>\n"); - } else { - fprintf(output, "<EnabledServerRequest>all</EnabledServerRequest>\n"); - } - - - fprintf(output, "<RespondWithList>\n"); - xmlSecPtrListDebugXmlDump(&(ctx->respWithList), output); - fprintf(output, "</RespondWithList>\n"); - - fprintf(output, "<Keys>\n"); - xmlSecPtrListDebugXmlDump(&(ctx->keys), output); - fprintf(output, "</Keys>\n"); - - if(ctx->compoundRequestContexts != NULL) { - fprintf(output, "<CompoundRequest>\n"); - xmlSecPtrListDebugXmlDump(ctx->compoundRequestContexts, output); - fprintf(output, "</CompoundRequest>\n"); - } - - fprintf(output, "</XkmsServerRequestContext>\n"); -} - -/** - * <xkms:MessageAbstractType Id Service Nonce?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * - * <xkms:RequestAbstractType Id Service Nonce? OriginalRequestId? ResponseLimit?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:ResponseMechanism>* - * <xkms:RespondWith>* - * <xkms:PendingNotification Mechanism Identifier>? - * - * XML Schema: - * - * <!-- RequestAbstractType --> - * <complexType name="RequestAbstractType" abstract="true"> - * <complexContent> - * <extension base="xkms:MessageAbstractType"> - * <sequence> - * <element ref="xkms:ResponseMechanism" minOccurs="0" - * maxOccurs="unbounded"/> - * <element ref="xkms:RespondWith" minOccurs="0" - * maxOccurs="unbounded"/> - * <element ref="xkms:PendingNotification" minOccurs="0"/> - * </sequence> - * <attribute name="OriginalRequestId" type="anyURI" - * use="optional"/> - * <attribute name="ResponseLimit" type="integer" use="optional"/> - * </extension> - * </complexContent> - * </complexType> - * <!-- /RequestAbstractType --> - * - * <!-- MessageAbstractType --> - * <complexType name="MessageAbstractType" abstract="true"> - * <sequence> - * <element ref="ds:Signature" minOccurs="0"/> - * <element ref="xkms:MessageExtension" minOccurs="0" - * maxOccurs="unbounded"/> - * <element ref="xkms:OpaqueClientData" minOccurs="0"/> - * </sequence> - * <attribute name="Id" type="ID" use="required"/> - * <attribute name="Service" type="anyURI" use="required"/> - * <attribute name="Nonce" type="base64Binary" use="optional"/> - * </complexType> - * <!-- /MessageAbstractType --> - */ -static int -xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) { - xmlNodePtr cur; - xmlChar* tmp; - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2((*node) != NULL, -1); - - cur = (*node); - xmlSecAssert2(cur != NULL, -1); - - /* required Id attribute */ - xmlSecAssert2(ctx->id == NULL, -1); - ctx->id = xmlGetProp(cur, xmlSecAttrId); - if(ctx->id == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlGetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s;node=%s", - xmlSecErrorsSafeString(xmlSecAttrId), - xmlSecErrorsSafeString(cur->name)); - return(-1); - } - - /* required Service attribute */ - xmlSecAssert2(ctx->service == NULL, -1); - ctx->service = xmlGetProp(cur, xmlSecAttrService); - if(ctx->service == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlGetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s;node=%s", - xmlSecErrorsSafeString(xmlSecAttrService), - xmlSecErrorsSafeString(cur->name)); - return(-1); - } - - /* check service */ - if((ctx->expectedService != NULL) && (!xmlStrEqual(ctx->expectedService, ctx->service))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "expectedService=%s;actualService=%s", - xmlSecErrorsSafeString(ctx->expectedService), - xmlSecErrorsSafeString(ctx->service)); - return(-1); - } - - /* optional Nonce attribute */ - xmlSecAssert2(ctx->nonce == NULL, -1); - ctx->nonce = xmlGetProp(cur, xmlSecAttrNonce); - - /* optional OriginalRequestId attribute */ - xmlSecAssert2(ctx->originalRequestId == NULL, -1); - ctx->originalRequestId = xmlGetProp(cur, xmlSecAttrOriginalRequestId); - - /* optional ResponseLimit attribute */ - xmlSecAssert2(ctx->responseLimit == XMLSEC_XKMS_NO_RESPONSE_LIMIT, -1); - tmp = xmlGetProp(cur, xmlSecAttrResponseLimit); - if(tmp != NULL) { - ctx->responseLimit = atoi((char*)tmp); - xmlFree(tmp); - } - - /* now read children */ - cur = xmlSecGetNextElementNode(cur->children); - - /* first node is optional <dsig:Signature/> node */ - if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeSignature, xmlSecDSigNs)) { - ret = xmlSecXkmsServerCtxSignatureNodeRead(ctx, cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxSignatureNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - cur = xmlSecGetNextElementNode(cur->next); - } - - /* next is zero or more <xkms:MessageExtension/> nodes */ - ret = xmlSecXkmsServerCtxMessageExtensionNodesRead(ctx, &cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxMessageExtensionNodesRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* next is optional <xkms:OpaqueClientData/> node */ - if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeOpaqueClientData, xmlSecXkmsNs)) { - ret = xmlSecXkmsServerCtxOpaqueClientDataNodeRead(ctx, cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxOpaqueClientDataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - cur = xmlSecGetNextElementNode(cur->next); - } - - /* next is zero or more <xkms:ResponseMechanism/> nodes */ - ret = xmlSecQName2BitMaskNodesRead(gXmlSecXkmsResponseMechanismInfo, &cur, - xmlSecNodeResponseMechanism, xmlSecXkmsNs, - ((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPONSE_MECHANISM) != 0) ? 1 : 0, - &ctx->responseMechanismMask); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2BitMaskNodesRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecNodeResponseMechanism)); - return(-1); - } - - /* next is zero or more <xkms:RespondWith/> nodes */ - ret = xmlSecXkmsServerCtxRespondWithNodesRead(ctx, &cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxRespondWithNodesRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* next is optional <xkms:PendingNotification/> node */ - if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodePendingNotification, xmlSecXkmsNs)) { - ret = xmlSecXkmsServerCtxPendingNotificationNodeRead(ctx, cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxPendingNotificationNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - cur = xmlSecGetNextElementNode(cur->next); - } - - (*node) = cur; - return(0); -} - -static int -xmlSecXkmsServerCtxSignatureNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* todo: verify signature and make sure that correct data was signed */ - return(0); -} - -/** - * <!-- MessageExtension --> - * <element name="MessageExtension" type="xkms:MessageExtensionAbstractType" - * abstract="true"/> - * <complexType name="MessageExtensionAbstractType" abstract="true"/> - * <!-- /MessageExtension --> - */ -static int -xmlSecXkmsServerCtxMessageExtensionNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) { - xmlNodePtr cur; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->firtsMsgExtNode == NULL, -1); - xmlSecAssert2(node != NULL, -1); - - cur = (*node); - while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeMessageExtension, xmlSecXkmsNs)) { - if(ctx->firtsMsgExtNode == NULL) { - ctx->firtsMsgExtNode = cur; - } - cur = xmlSecGetNextElementNode(cur->next); - } - - (*node) = cur; - return(0); -} - -static int -xmlSecXkmsServerCtxOpaqueClientDataNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->opaqueClientDataNode == NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* remember that node, will copy it in the response later */ - ctx->opaqueClientDataNode = node; - return(0); -} - -static int -xmlSecXkmsServerCtxRespondWithNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) { - xmlNodePtr cur; - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - cur = (*node); - while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeRespondWith, xmlSecXkmsNs)) { - xmlSecXkmsRespondWithId id = xmlSecXkmsRespondWithIdUnknown; - - if(xmlSecPtrListGetSize(&(ctx->enabledRespondWithIds)) > 0) { - id = xmlSecXkmsRespondWithIdListFindByNodeValue(&(ctx->enabledRespondWithIds), cur); - } else { - id = xmlSecXkmsRespondWithIdListFindByNodeValue(xmlSecXkmsRespondWithIdsGet(), cur); - } - - if(id != xmlSecXkmsRespondWithIdUnknown) { - ret = xmlSecXkmsRespondWithNodeRead(id, ctx, cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCreateTree", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } else if((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPOND_WITH) != 0) { - xmlChar* content ; - - content = xmlNodeGetContent(cur); - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(cur->name), - xmlSecErrorsSafeString(content)); - if(content != NULL) { - xmlFree(content); - } - return(-1); - } - cur = xmlSecGetNextElementNode(cur->next); - } - - (*node) = cur; - return(0); -} - -/** - * XML Schema: - * <!-- PendingNotification --> - * <element name="PendingNotification" type="xkms:PendingNotificationType"/> - * <complexType name="PendingNotificationType"> - * <attribute name="Mechanism" type="anyURI" use="required"/> - * <attribute name="Identifier" type="anyURI" use="required"/> - * </complexType> - * <!-- /PendingNotification --> - */ -static int -xmlSecXkmsServerCtxPendingNotificationNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - xmlSecAssert2(ctx->pendingNotificationMechanism == NULL, -1); - ctx->pendingNotificationMechanism = xmlGetProp(node, xmlSecAttrMechanism); - if(ctx->pendingNotificationMechanism == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlGetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s;node=%s", - xmlSecErrorsSafeString(xmlSecAttrMechanism), - xmlSecErrorsSafeString(node->name)); - return(-1); - } - - xmlSecAssert2(ctx->pendingNotificationIdentifier == NULL, -1); - ctx->pendingNotificationIdentifier = xmlGetProp(node, xmlSecAttrIdentifier); - if(ctx->pendingNotificationIdentifier == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlGetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s;node=%s", - xmlSecErrorsSafeString(xmlSecAttrIdentifier), - xmlSecErrorsSafeString(node->name)); - return(-1); - } - - return(0); -} - -/** - * <xkms:PendingRequestType Id Service Nonce? OriginalRequestId? ResponseLimit? ResponseId?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:ResponseMechanism>* - * <xkms:RespondWith>* - * <xkms:PendingNotification Mechanism Identifier>? - * - * XML Schema: - * - * <!-- PendingRequest --> - * <element name="PendingRequest" type="xkms:PendingRequestType"/> - * <complexType name="PendingRequestType"> - * <complexContent> - * <extension base="xkms:RequestAbstractType"> - * <attribute name="ResponseId" type="anyURI" use="optional"/> - * </extension> - * </complexContent> - * </complexType> - * <!-- /PendingRequest --> * - */ -static int -xmlSecXkmsServerCtxPendingRequestNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) { - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* first read "parent" type */ - ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* todo: read responseId */ - return(0); -} - -/** - * <xkms:QueryKeyBinding Id? - * <ds:KeyInfo>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:UseKeyWith Application Identifier>* - * <xkms:TimeInstant Time>? - * - * XML Schema: - * <!-- QueryKeyBinding --> - * <element name="QueryKeyBinding" type="xkms:QueryKeyBindingType"/> - * <complexType name="QueryKeyBindingType"> - * <complexContent> - * <extension base="xkms:KeyBindingAbstractType"> - * <sequence> - * <element ref="xkms:TimeInstant" minOccurs="0"/> - * </sequence> - * </extension> - * </complexContent> - * </complexType> - * <!-- /QueryKeyBinding --> - */ -static int -xmlSecXkmsServerCtxQueryKeyBindingNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlNodePtr cur; - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* first read "parent" type */ - cur = node; - ret = xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead(ctx, &cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* next is optional <xkms:TimeInstant/> node */ - if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeTimeInstant, xmlSecXkmsNs)) { - ret = xmlSecXkmsServerCtxTimeInstantNodeRead(ctx, cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxTimeInstantNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - cur = xmlSecGetNextElementNode(cur->next); - } - - /* check that there is nothing after the last node */ - if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * <xkms:KeyBindingAbstractType Id?> - * <ds:KeyInfo>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:UseKeyWith Application Identifier>* - * - * XML Schema: - * <!-- KeyBindingAbstractType--> - * <complexType name="KeyBindingAbstractType" abstract="true"> - * <sequence> - * <element ref="ds:KeyInfo" minOccurs="0"/> - * <element ref="xkms:KeyUsage" minOccurs="0" maxOccurs="3"/> - * <element ref="xkms:UseKeyWith" minOccurs="0" - * maxOccurs="unbounded"/> - * </sequence> - * <attribute name="Id" type="ID" use="optional"/> - * </complexType> - * <!-- /KeyBindingAbstractType--> - */ -static int -xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) { - xmlNodePtr cur; - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2((*node) != NULL, -1); - - cur = (*node); - xmlSecAssert2(cur != NULL, -1); - - /* we don't care about Id attribute in this node */ - cur = xmlSecGetNextElementNode(cur->children); - - /* first node is optional <dsig:KeyInfo/> node. for now we only remember pointer */ - xmlSecAssert2(ctx->keyInfoNode == NULL, -1); - if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) { - ctx->keyInfoNode = cur; - cur = xmlSecGetNextElementNode(cur->next); - } - - /* next is zero or more <xkms:KeyUsage/> nodes */ - ret = xmlSecQName2BitMaskNodesRead(gXmlSecXkmsKeyUsageInfo, &cur, - xmlSecNodeKeyUsage, xmlSecXkmsNs, - ((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_KEY_USAGE) != 0) ? 1 : 0, - &(ctx->keyInfoReadCtx.keyReq.keyUsage)); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2BitMaskNodesRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyUsage)); - return(-1); - } - - /* next is zero or more <xkms:UseKeyWith/> nodes */ - ret = xmlSecXkmsServerCtxUseKeyWithNodesRead(ctx, &cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxUseKeyWithNodesRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - (*node) = cur; - return(0); -} - -static int -xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) { - xmlNodePtr cur; - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(key != NULL, -1); - - /* generate and add Id attribute */ - ret = xmlSecGenerateAndAddID(node, xmlSecAttrId, ctx->idPrefix, ctx->idLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGenerateAndAddID", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* <dsig:KeyInfo/> node */ - cur = xmlSecAddChild(node, xmlSecNodeKeyInfo, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); - return(-1); - } - - ret = xmlSecXkmsServerCtxKeyInfoNodeWrite(ctx, cur, key); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxKeyInfoNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* next is <xkms:KeyUsage/> node */ - ret = xmlSecQName2BitMaskNodesWrite(gXmlSecXkmsKeyUsageInfo, node, - xmlSecNodeKeyUsage, xmlSecXkmsNs, - key->usage); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2BitMaskNodesWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyUsage)); - return(-1); - } - - /* and the last node is <xkms:UseKeyWith/> */ - ret = xmlSecXkmsServerCtxUseKeyWithNodesWrite(ctx, node, key); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxUseKeyWithNodesWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -static int -xmlSecXkmsServerCtxKeyInfoNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) { - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(key != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* add child nodes as requested in <xkms:RespondWith/> nodes */ - ret = xmlSecXkmsRespondWithIdListWrite(&(ctx->respWithList), ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdListWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - ret = xmlSecKeyInfoNodeWrite(node, key, &(ctx->keyInfoWriteCtx)); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - - -/** - * XML Schema: - * <!-- UseKeyWith --> - * <element name="UseKeyWith" type="xkms:UseKeyWithType"/> - * <complexType name="UseKeyWithType"> - * <attribute name="Application" type="anyURI" use="required"/> - * <attribute name="Identifier" type="string" use="required"/> - * </complexType> - * <!-- /UseKeyWith --> - */ -static int -xmlSecXkmsServerCtxUseKeyWithNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) { - xmlSecPtrListPtr list; - xmlNodePtr cur; - xmlSecKeyUseWithPtr keyUseWith; - xmlChar* application; - xmlChar* identifier; - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - list = &(ctx->keyInfoReadCtx.keyReq.keyUseWithList); - xmlSecAssert2(xmlSecPtrListGetSize(list) == 0, -1); - - cur = (*node); - while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeUseKeyWith, xmlSecXkmsNs)) { - application = xmlGetProp(cur, xmlSecAttrApplication); - if(application == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlGetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s;node=%s", - xmlSecErrorsSafeString(xmlSecAttrApplication), - xmlSecErrorsSafeString(cur->name)); - return(-1); - } - - identifier = xmlGetProp(cur, xmlSecAttrIdentifier); - if(identifier == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlGetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s;node=%s", - xmlSecErrorsSafeString(xmlSecAttrIdentifier), - xmlSecErrorsSafeString(cur->name)); - xmlFree(application); - return(-1); - } - - keyUseWith = xmlSecKeyUseWithCreate(application, identifier); - if(keyUseWith == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyUseWithCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(application); - xmlFree(identifier); - return(-1); - } - xmlFree(application); - xmlFree(identifier); - - ret = xmlSecPtrListAdd(list, keyUseWith); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyUseWithDestroy(keyUseWith); - return(-1); - } - - cur = xmlSecGetNextElementNode(cur->next); - } - - (*node) = cur; - return(0); -} - -static int -xmlSecXkmsServerCtxUseKeyWithNodesWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) { - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(key != NULL, -1); - - /* todo: write UseKeyWith */ - return(0); -} - - -static int -xmlSecXkmsServerCtxTimeInstantNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* todo: parse xml schema dataTime or use libxml? */ - return(0); -} - -/** - * <xkms:ResultType Id Service Nonce? ResultMajor ResultMinor? RequestId?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:RequestSignatureValue>* - * - * XML Schema: - * <!-- ResultType --> - * <element name="Result" type="xkms:ResultType"/> - * <complexType name="ResultType"> - * <complexContent> - * <extension base="xkms:MessageAbstractType"> - * <sequence> - * <element ref="xkms:RequestSignatureValue" minOccurs="0"/> - * </sequence> - * <attribute name="ResultMajor" type="QName" use="required"/> - * <attribute name="ResultMinor" type="QName" use="optional"/> - * <attribute name="RequestId" type="anyURI" use="optional"/> - * </extension> - * </complexContent> - * </complexType> - * <!-- /ResultType --> - */ -static int -xmlSecXkmsServerCtxResultTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* generate and add Id attribute */ - ret = xmlSecGenerateAndAddID(node, xmlSecAttrId, ctx->idPrefix, ctx->idLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGenerateAndAddID", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* todo: generate nonce? */ - - /* set Service atribute (required) */ - if((ctx->service == NULL) || (xmlSetProp(node, xmlSecAttrService, ctx->service) == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrService), - xmlSecErrorsSafeString(ctx->service)); - return(-1); - } - - - /* set RequestId atribute (optional) */ - if((ctx->id != NULL) && (xmlSetProp(node, xmlSecAttrRequestId, ctx->id) == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrRequestId), - xmlSecErrorsSafeString(ctx->id)); - return(-1); - } - - - /* set major code (required) */ - ret = xmlSecQName2IntegerAttributeWrite(gXmlSecXkmsResultMajorInfo, node, - xmlSecAttrResultMajor, ctx->resultMajor); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerAttributeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s,value=%d", - xmlSecErrorsSafeString(xmlSecAttrResultMajor), - ctx->resultMajor); - return(-1); - } - - /* set minor code (optional) */ - if(ctx->resultMinor != xmlSecXkmsResultMinorNone) { - ret = xmlSecQName2IntegerAttributeWrite(gXmlSecXkmsMinorErrorInfo, node, - xmlSecAttrResultMinor, ctx->resultMinor); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerAttributeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s,value=%d", - xmlSecErrorsSafeString(xmlSecAttrResultMinor), - ctx->resultMinor); - return(-1); - } - } - - /* todo: create signature template */ - - /* todo: create message extension nodes? */ - - /* <xkms:OpaqueClientData/>: An XKMS service SHOULD return the value of - * the <OpaqueClientData> element unmodified in a request in a response - * with status code Succes */ - if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) && (ctx->opaqueClientDataNode != NULL)) { - xmlNodePtr copyNode; - - copyNode = xmlDocCopyNode(ctx->opaqueClientDataNode, node->doc, 1); - if(copyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s", - xmlSecErrorsSafeString(ctx->opaqueClientDataNode->name)); - return(-1); - } - - if(xmlSecAddChildNode(node, copyNode) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChildNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(copyNode->name)); - return(-1); - } - } - - ret = xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxRequestSignatureValueNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * A service SHOULD include the <RequestSignatureValue> element in a response - * if the following conditions are satisfied and MUST NOT include the value - * otherwise: - * - * - * - The <ds:Signature> element was present in the corresponding request - * - The service successfully verified the <ds:Signature> element in the - * corresponding request, and - * - The ResponseMechanism RequestSignatureValue was specified. - * - */ -static int -xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* todo: check all conditions for RequestSignatureValue */ - if((ctx->responseMechanismMask & XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REQUEST_SIGNATURE_VALUE) == 0) { - /* The ResponseMechanism RequestSignatureValue was not specified. */ - return(0); - } - - /* todo: write RequestSignatureValue */ - return(0); -} - - -/** - * - * <xkms:UnverifiedKeyBindingType Id?> - * <ds:KeyInfo>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:UseKeyWith Application Identifier>* - * <xkms:ValidityInterval NotBefore NotOnOrAfter>? - * - * XML Schema: - * - * <!-- UnverifiedKeyBinding --> - * <element name="UnverifiedKeyBinding" type="xkms:UnverifiedKeyBindingType"/> - * <complexType name="UnverifiedKeyBindingType"> - * <complexContent> - * <extension base="xkms:KeyBindingAbstractType"> - * <sequence> - * <element ref="xkms:ValidityInterval" minOccurs="0"/> - * </sequence> - * </extension> - * </complexContent> - * </complexType> - * <!-- /UnverifiedKeyBinding --> - */ -static int -xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) { - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(key != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* first write "parent" type */ - ret = xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(ctx, node, key); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* <xkms:ValidityInterval/> node */ - ret = xmlSecXkmsServerCtxValidityIntervalNodeWrite(ctx, node, key); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxValidityIntervalNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -static int -xmlSecXkmsServerCtxValidityIntervalNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) { - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(key != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* todo: write key validity interval */ - return(0); -} - -/** - * <xkms:KeyBinding Id?> - * <ds:KeyInfo>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:UseKeyWith Application Identifier>* - * <xkms:ValidityInterval NotBefore NotOnOrAfter>? - * <xkms:Status StatusValue> - * (<xkms:ValidReason>? - * <xkms:IndeterminateReason>? - * <xkms:InvalidReason>? - * )* - * - * XML Schema: - * - * <!-- KeyBinding --> - * <element name="KeyBinding" type="xkms:KeyBindingType"/> - * <complexType name="KeyBindingType"> - * <complexContent> - * <extension base="xkms:UnverifiedKeyBindingType"> - * <sequence> - * <element ref="xkms:Status"/> - * </sequence> - * </extension> - * </complexContent> - * </complexType> - * <!-- /KeyBinding --> - */ -static int -xmlSecXkmsServerCtxKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) { - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(key != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* first write "parent" type */ - ret = xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(ctx, node, key); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* <xkms:Status/> node */ - ret = xmlSecXkmsServerCtxKeyBindingStatusNodeWrite(ctx, node, key); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxKeyBindingStatusNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * <xkms:Status StatusValue> - * (<xkms:ValidReason>? - * <xkms:IndeterminateReason>? - * <xkms:InvalidReason>? - * )* - * - * XML Schema: - * - * <!-- Status --> - * <element name="Status" type="xkms:StatusType"/> - * <complexType name="StatusType"> - * <sequence> - * <element ref="xkms:ValidReason" minOccurs="0" - * maxOccurs="unbounded"/> - * <element ref="xkms:IndeterminateReason" minOccurs="0" - * maxOccurs="unbounded"/> - * <element ref="xkms:InvalidReason" minOccurs="0" - * maxOccurs="unbounded"/> - * </sequence> - * <attribute name="StatusValue" type="xkms:KeyBindingStatus" - * use="required"/> - * </complexType> - * <simpleType name="KeyBindingStatus"> - * <restriction base="QName"> - * <enumeration value="xkms:Valid"/> - * <enumeration value="xkms:Invalid"/> - * <enumeration value="xkms:Indeterminate"/> - * </restriction> - * </simpleType> - * <!-- /Status --> - */ -static int -xmlSecXkmsServerCtxKeyBindingStatusNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) { - xmlNodePtr cur; - int ret; - - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(key != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - cur = xmlSecAddChild(node, xmlSecNodeStatus, xmlSecXkmsNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeStatus)); - return(-1); - } - - /* if we are here then the key was validated */ - ret = xmlSecQName2IntegerAttributeWrite(gXmlSecXkmsKeyBindingStatusInfo, cur, - xmlSecAttrStatusValue, xmlSecXkmsKeyBindingStatusValid); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerAttributeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecAttrStatusValue)); - return(-1); - } - - /* todo: write the reasons */ - return(0); -} - -/************************************************************************ - * - * xmlSecXkmsServerCtx list - * - ************************************************************************/ -static xmlSecPtrListKlass xmlSecXkmsServerCtxPtrListKlass = { - BAD_CAST "xkms-server-ctx-list", - NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */ - (xmlSecPtrDestroyItemMethod)xmlSecXkmsServerCtxDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */ - (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerCtxDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */ - (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerCtxDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */ -}; - -xmlSecPtrListId -xmlSecXkmsServerCtxPtrListGetKlass(void) { - return(&xmlSecXkmsServerCtxPtrListKlass); -} - - -/************************************************************************** - * - * Global xmlSecXkmsRespondWithIds list functions - * - *************************************************************************/ -static xmlSecPtrList xmlSecAllXkmsRespondWithIds; - - -/** - * xmlSecXkmsRespondWithIdsGet: - * - * Gets global registered RespondWith klasses list. - * - * Returns: the pointer to list of all registered RespondWith klasses. - */ -xmlSecPtrListPtr -xmlSecXkmsRespondWithIdsGet(void) { - return(&xmlSecAllXkmsRespondWithIds); -} - -/** - * xmlSecXkmsRespondWithIdsInit: - * - * Initializes the RespondWith klasses. This function is called from the - * #xmlSecInit function and the application should not call it directly. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsRespondWithIdsInit(void) { - int ret; - - ret = xmlSecPtrListInitialize(xmlSecXkmsRespondWithIdsGet(), xmlSecXkmsRespondWithIdListId); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListPtrInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecXkmsRespondWithIdListId"); - return(-1); - } - - ret = xmlSecXkmsRespondWithIdsRegisterDefault(); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsRegisterDefault", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * xmlSecXkmsRespondWithIdsShutdown: - * - * Shuts down the keys data klasses. This function is called from the - * #xmlSecShutdown function and the application should not call it directly. - */ -void -xmlSecXkmsRespondWithIdsShutdown(void) { - xmlSecPtrListFinalize(xmlSecXkmsRespondWithIdsGet()); -} - -/** - * xmlSecXkmsRespondWithIdsRegister: - * @id: the RespondWith klass. - * - * Registers @id in the global list of RespondWith klasses. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithId id) { - int ret; - - xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1); - - ret = xmlSecPtrListAdd(xmlSecXkmsRespondWithIdsGet(), (xmlSecPtr)id); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "RespondWith=%s", - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id))); - return(-1); - } - - return(0); -} - -/** - * xmlSecXkmsRespondWithIdsRegisterDefault: - * - * Registers default (implemented by XML Security Library) - * RespondWith klasses: KeyName, KeyValue,... - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsRespondWithIdsRegisterDefault(void) { - if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithKeyNameId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithKeyNameId))); - return(-1); - } - - if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithKeyValueId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithKeyValueId))); - return(-1); - } - - if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithPrivateKeyId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithPrivateKeyId))); - return(-1); - } - - if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithRetrievalMethodId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithRetrievalMethodId))); - return(-1); - } - - if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithX509CertId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509CertId))); - return(-1); - } - - if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithX509ChainId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509ChainId))); - return(-1); - } - - if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithX509CRLId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509CRLId))); - return(-1); - } - - /* TODO: OCSP, PGP, PGPWeb, SPKI */ - /* - if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithPGPId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithPGPId))); - return(-1); - } - - if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithSPKIId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithSPKIId))); - return(-1); - } - */ - return(0); -} - - -/************************************************************************ - * - * XKMS RespondWith Klass - * - ************************************************************************/ -/** - * xmlSecXkmsRespondWithNodeRead: - * @id: the RespondWith class. - * @ctx: the XKMS request processing context. - * @node: the pointer to <xkms:RespondWith/> node. - * - * Reads the content of the <xkms:RespondWith/> @node. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsRespondWithNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node) { - xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - if(id->readNode != NULL) { - return((id->readNode)(id, ctx, node)); - } - return(0); -} - -/** - * xmlSecXkmsRespondWithNodeWrite: - * @id: the RespondWith class. - * @ctx: the XKMS request processing context. - * @node: the pointer to <xkms:RespondWith/> node. - * - * Writes the content of the <xkms:RespondWith/> @node. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsRespondWithNodeWrite(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node) { - xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - if(id->writeNode != NULL) { - return((id->writeNode)(id, ctx, node)); - } - return(0); -} - -/** - * xmlSecXkmsRespondWithDebugDump: - * @id: the RespondWith class. - * @output: the output file. - * - * Writes debug information about @id into the @output. - */ -void -xmlSecXkmsRespondWithDebugDump(xmlSecXkmsRespondWithId id, FILE* output) { - xmlSecAssert(id != xmlSecXkmsRespondWithIdUnknown); - xmlSecAssert(output != NULL); - - fprintf(output, "=== RespondWith: \"%s\" (href=\"%s\")\n", - xmlSecErrorsSafeString(id->valueName), - xmlSecErrorsSafeString(id->valueNs)); -} - -/** - * xmlSecXkmsRespondWithDebugXmlDump: - * @id: the RespondWith class. - * @output: the output file. - * - * Writes debug information about @id into the @output in XML format. - */ -void -xmlSecXkmsRespondWithDebugXmlDump(xmlSecXkmsRespondWithId id, FILE* output) { - xmlSecAssert(id != xmlSecXkmsRespondWithIdUnknown); - xmlSecAssert(output != NULL); - - fprintf(output, "<RespondWith href=\""); - xmlSecPrintXmlString(output, id->valueNs); - fprintf(output, "\">"); - xmlSecPrintXmlString(output, id->valueName); - fprintf(output, "</RespondWith>\n"); -} - -int -xmlSecXkmsRespondWithDefaultNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node) { - int ret; - - xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - ret = xmlSecXkmsRespondWithIdListFind(&(ctx->respWithList), id); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)), - "xmlSecXkmsRespondWithIdListFind", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } else if(ret > 0) { - /* do nothing, we already have it in the list */ - return(0); - } - - ret = xmlSecPtrListAdd(&(ctx->respWithList), id); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -int -xmlSecXkmsRespondWithDefaultNodeWrite(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node) { - xmlNodePtr cur; - - xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1); - xmlSecAssert2(id->nodeName != NULL, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - cur = xmlSecAddChild(node, id->nodeName, id->nodeNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(id->nodeName)); - return(-1); - } - - return(0); -} - -/************************************************************************ - * - * XKMS RespondWith Klass List - * - ************************************************************************/ -static xmlSecPtrListKlass xmlSecXkmsRespondWithIdListKlass = { - BAD_CAST "respond-with-ids-list", - NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */ - NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */ - (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsRespondWithDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */ - (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsRespondWithDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */ -}; - -xmlSecPtrListId -xmlSecXkmsRespondWithIdListGetKlass(void) { - return(&xmlSecXkmsRespondWithIdListKlass); -} - -int -xmlSecXkmsRespondWithIdListFind(xmlSecPtrListPtr list, xmlSecXkmsRespondWithId id) { - xmlSecSize i, size; - - xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsRespondWithIdListId), -1); - xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1); - - size = xmlSecPtrListGetSize(list); - for(i = 0; i < size; ++i) { - if((xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i) == id) { - return(1); - } - } - return(0); -} - -xmlSecXkmsRespondWithId -xmlSecXkmsRespondWithIdListFindByNodeValue(xmlSecPtrListPtr list, xmlNodePtr node) { - xmlSecXkmsRespondWithId result = xmlSecXkmsRespondWithIdUnknown; - xmlSecXkmsRespondWithId id; - xmlChar* content; - xmlChar* qnameLocalPart = NULL; - xmlChar* qnamePrefix = NULL; - const xmlChar* qnameHref; - xmlNsPtr ns; - xmlSecSize i, size; - - xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsRespondWithIdListId), xmlSecXkmsRespondWithIdUnknown); - xmlSecAssert2(node != NULL, xmlSecXkmsRespondWithIdUnknown); - - content = xmlNodeGetContent(node); - if(content == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNodeGetContent", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(node->name)); - return(xmlSecXkmsRespondWithIdUnknown); - } - - qnameLocalPart = (xmlChar*)xmlStrchr(content, ':'); - if(qnameLocalPart != NULL) { - qnamePrefix = content; - *(qnameLocalPart++) = '\0'; - } else { - qnamePrefix = NULL; - qnameLocalPart = content; - } - - /* search namespace href */ - ns = xmlSearchNs(node->doc, node, qnamePrefix); - if((ns == NULL) && (qnamePrefix != NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSearchNs", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s,qnamePrefix=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(qnamePrefix)); - xmlFree(content); - return(xmlSecXkmsRespondWithIdUnknown); - } - qnameHref = (ns != NULL) ? ns->href : BAD_CAST NULL; - - size = xmlSecPtrListGetSize(list); - for(i = 0; i < size; ++i) { - id = (xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i); - if((id != xmlSecXkmsRespondWithIdUnknown) && - xmlStrEqual(id->valueName, qnameLocalPart) && - xmlStrEqual(id->valueNs, qnameHref)) { - result = id; - break; - } - } - - xmlFree(content); - return(result); -} - -int -xmlSecXkmsRespondWithIdListWrite(xmlSecPtrListPtr list, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlSecXkmsRespondWithId id; - xmlSecSize i, size; - int ret; - - xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsRespondWithIdListId), -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - size = xmlSecPtrListGetSize(list); - for(i = 0; i < size; ++i) { - id = (xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i); - if(id != xmlSecXkmsRespondWithIdUnknown) { - ret = xmlSecXkmsRespondWithNodeWrite(id, ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)), - "xmlSecXkmsRespondWithNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - } - - return(0); -} - -/******************************************************************** - * - * XML Sec Library RespondWith Ids - * - *******************************************************************/ -static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithKeyNameKlass = { - xmlSecRespondWithKeyName, /* const xmlChar* valueName; */ - xmlSecXkmsNs, /* const xmlChar* valueNs; */ - xmlSecNodeKeyName, /* const xmlChar* nodeName; */ - xmlSecDSigNs, /* const xmlChar* nodeNs; */ - xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */ - xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsRespondWithKeyNameGetKlass: - * - * The respond with KeyName klass. - * - * Returns: respond with KeyName klass. - */ -xmlSecXkmsRespondWithId -xmlSecXkmsRespondWithKeyNameGetKlass(void) { - return(&xmlSecXkmsRespondWithKeyNameKlass); -} - - - -static int xmlSecXkmsRespondWithKeyValueNodeRead (xmlSecXkmsRespondWithId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithKeyValueKlass = { - xmlSecRespondWithKeyValue, /* const xmlChar* valueName; */ - xmlSecXkmsNs, /* const xmlChar* valueNs; */ - xmlSecNodeKeyValue, /* const xmlChar* nodeName; */ - xmlSecDSigNs, /* const xmlChar* nodeNs; */ - xmlSecXkmsRespondWithKeyValueNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */ - xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsRespondWithKeyValueGetKlass: - * - * The respond with KeyValue klass. - * - * Returns: respond with KeyValue klass. - */ -xmlSecXkmsRespondWithId -xmlSecXkmsRespondWithKeyValueGetKlass(void) { - return(&xmlSecXkmsRespondWithKeyValueKlass); -} - -static int -xmlSecXkmsRespondWithKeyValueNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node) { - int ret; - - xmlSecAssert2(id == xmlSecXkmsRespondWithKeyValueId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* do usual stuff */ - ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)), - "xmlSecXkmsRespondWithDefaultNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* and now set some parameters in the ctx to look for a public or private - * key and to write a public key - */ - ctx->keyInfoReadCtx.keyReq.keyType |= (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); - ctx->keyInfoWriteCtx.keyReq.keyType |= xmlSecKeyDataTypePublic; - - return(0); -} - -static int xmlSecXkmsRespondWithPrivateKeyNodeRead (xmlSecXkmsRespondWithId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithPrivateKeyKlass = { - xmlSecRespondWithPrivateKey, /* const xmlChar* valueName; */ - xmlSecXkmsNs, /* const xmlChar* valueNs; */ - xmlSecNodeKeyValue, /* const xmlChar* nodeName; */ - xmlSecDSigNs, /* const xmlChar* nodeNs; */ - xmlSecXkmsRespondWithPrivateKeyNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */ - xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsRespondWithPrivateKeyGetKlass: - * - * The respond with PrivateKey klass. - * - * Returns: respond with PrivateKey klass. - */ -xmlSecXkmsRespondWithId -xmlSecXkmsRespondWithPrivateKeyGetKlass(void) { - return(&xmlSecXkmsRespondWithPrivateKeyKlass); -} - -static int -xmlSecXkmsRespondWithPrivateKeyNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node) { - int ret; - - xmlSecAssert2(id == xmlSecXkmsRespondWithPrivateKeyId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* do usual stuff */ - ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)), - "xmlSecXkmsRespondWithDefaultNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* and now set some parameters in the ctx to look for a private - * key and to write a private key - */ - ctx->keyInfoReadCtx.keyReq.keyType |= xmlSecKeyDataTypePrivate; - ctx->keyInfoWriteCtx.keyReq.keyType |= xmlSecKeyDataTypePrivate; - - return(0); -} - -static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithRetrievalMethodKlass = { - xmlSecRespondWithRetrievalMethod, /* const xmlChar* valueName; */ - xmlSecXkmsNs, /* const xmlChar* valueNs; */ - xmlSecNodeRetrievalMethod, /* const xmlChar* nodeName; */ - xmlSecDSigNs, /* const xmlChar* nodeNs; */ - xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */ - xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsRespondWithRetrievalMethodGetKlass: - * - * The respond with RetrievalMethod klass. - * - * Returns: respond with RetrievalMethod klass. - */ -xmlSecXkmsRespondWithId -xmlSecXkmsRespondWithRetrievalMethodGetKlass(void) { - return(&xmlSecXkmsRespondWithRetrievalMethodKlass); -} - - - -static int xmlSecXkmsRespondWithX509CertNodeRead (xmlSecXkmsRespondWithId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509CertKlass = { - xmlSecRespondWithX509Cert, /* const xmlChar* valueName; */ - xmlSecXkmsNs, /* const xmlChar* valueNs; */ - xmlSecNodeX509Data, /* const xmlChar* nodeName; */ - xmlSecDSigNs, /* const xmlChar* nodeNs; */ - xmlSecXkmsRespondWithX509CertNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */ - xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsRespondWithX509CertGetKlass: - * - * The respond with X509Cert klass. - * - * Returns: respond with X509Cert klass. - */ -xmlSecXkmsRespondWithId -xmlSecXkmsRespondWithX509CertGetKlass(void) { - return(&xmlSecXkmsRespondWithX509CertKlass); -} - -static int -xmlSecXkmsRespondWithX509CertNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node) { - int ret; - - xmlSecAssert2(id == xmlSecXkmsRespondWithX509CertId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* do usual stuff */ - ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)), - "xmlSecXkmsRespondWithDefaultNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -static int xmlSecXkmsRespondWithX509ChainNodeRead (xmlSecXkmsRespondWithId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509ChainKlass = { - xmlSecRespondWithX509Chain, /* const xmlChar* valueName; */ - xmlSecXkmsNs, /* const xmlChar* valueNs; */ - xmlSecNodeX509Data, /* const xmlChar* nodeName; */ - xmlSecDSigNs, /* const xmlChar* nodeNs; */ - xmlSecXkmsRespondWithX509ChainNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */ - xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsRespondWithX509ChainGetKlass: - * - * The respond with X509Chain klass. - * - * Returns: respond with X509Chain klass. - */ -xmlSecXkmsRespondWithId -xmlSecXkmsRespondWithX509ChainGetKlass(void) { - return(&xmlSecXkmsRespondWithX509ChainKlass); -} - -static int -xmlSecXkmsRespondWithX509ChainNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node) { - int ret; - - xmlSecAssert2(id == xmlSecXkmsRespondWithX509ChainId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* do usual stuff */ - ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)), - "xmlSecXkmsRespondWithDefaultNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -static int xmlSecXkmsRespondWithX509CRLNodeRead (xmlSecXkmsRespondWithId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509CRLKlass = { - xmlSecRespondWithX509CRL, /* const xmlChar* valueName; */ - xmlSecXkmsNs, /* const xmlChar* valueNs; */ - xmlSecNodeX509Data, /* const xmlChar* nodeName; */ - xmlSecDSigNs, /* const xmlChar* nodeNs; */ - xmlSecXkmsRespondWithX509CRLNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */ - xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsRespondWithX509CRLGetKlass: - * - * The respond with X509CRL klass. - * - * Returns: respond with X509CRL klass. - */ -xmlSecXkmsRespondWithId -xmlSecXkmsRespondWithX509CRLGetKlass(void) { - return(&xmlSecXkmsRespondWithX509CRLKlass); -} - -static int -xmlSecXkmsRespondWithX509CRLNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node) { - int ret; - - xmlSecAssert2(id == xmlSecXkmsRespondWithX509CRLId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* do usual stuff */ - ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)), - "xmlSecXkmsRespondWithDefaultNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithPGPKlass = { - xmlSecRespondWithPGP, /* const xmlChar* valueName; */ - xmlSecXkmsNs, /* const xmlChar* valueNs; */ - xmlSecNodePGPData, /* const xmlChar* nodeName; */ - xmlSecDSigNs, /* const xmlChar* nodeNs; */ - xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */ - xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsRespondWithPGPGetKlass: - * - * The respond with PGP klass. - * - * Returns: respond with PGP klass. - */ -xmlSecXkmsRespondWithId -xmlSecXkmsRespondWithPGPGetKlass(void) { - return(&xmlSecXkmsRespondWithPGPKlass); -} - -static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithSPKIKlass = { - xmlSecRespondWithSPKI, /* const xmlChar* valueName; */ - xmlSecXkmsNs, /* const xmlChar* valueNs; */ - xmlSecNodeSPKIData, /* const xmlChar* nodeName; */ - xmlSecDSigNs, /* const xmlChar* nodeNs; */ - xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */ - xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsRespondWithSPKIGetKlass: - * - * The respond with SPKI klass. - * - * Returns: respond with SPKI klass. - */ -xmlSecXkmsRespondWithId -xmlSecXkmsRespondWithSPKIGetKlass(void) { - return(&xmlSecXkmsRespondWithSPKIKlass); -} - -/************************************************************************** - * - * Global xmlSecXkmsServerRequestIds list functions - * - *************************************************************************/ -static xmlSecPtrList xmlSecAllXkmsServerRequestIds; - - -/** - * xmlSecXkmsServerRequestIdsGet: - * - * Gets global registered ServerRequest klasses list. - * - * Returns: the pointer to list of all registered ServerRequest klasses. - */ -xmlSecPtrListPtr -xmlSecXkmsServerRequestIdsGet(void) { - return(&xmlSecAllXkmsServerRequestIds); -} - -/** - * xmlSecXkmsServerRequestIdsInit: - * - * Initializes the ServerRequest klasses. This function is called from the - * #xmlSecInit function and the application should not call it directly. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsServerRequestIdsInit(void) { - int ret; - - ret = xmlSecPtrListInitialize(xmlSecXkmsServerRequestIdsGet(), xmlSecXkmsServerRequestIdListId); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListPtrInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecXkmsServerRequestIdListId"); - return(-1); - } - - ret = xmlSecXkmsServerRequestIdsRegisterDefault(); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestIdsRegisterDefault", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * xmlSecXkmsServerRequestIdsShutdown: - * - * Shuts down the keys data klasses. This function is called from the - * #xmlSecShutdown function and the application should not call it directly. - */ -void -xmlSecXkmsServerRequestIdsShutdown(void) { - xmlSecPtrListFinalize(xmlSecXkmsServerRequestIdsGet()); -} - -/** - * xmlSecXkmsServerRequestIdsRegister: - * @id: the ServerRequest klass. - * - * Registers @id in the global list of ServerRequest klasses. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestId id) { - int ret; - - xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1); - - ret = xmlSecPtrListAdd(xmlSecXkmsServerRequestIdsGet(), (xmlSecPtr)id); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ServerRequest=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(id))); - return(-1); - } - - return(0); -} - -/** - * xmlSecXkmsServerRequestIdsRegisterDefault: - * - * Registers default (implemented by XML Security Library) - * ServerRequest klasses: KeyName, KeyValue,... - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsServerRequestIdsRegisterDefault(void) { - if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestResultId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestResultId))); - return(-1); - } - - if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestStatusId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestStatusId))); - return(-1); - } - - if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestCompoundId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestCompoundId))); - return(-1); - } - - if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestLocateId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestLocateId))); - return(-1); - } - - if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestValidateId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestValidateId))); - return(-1); - } - - return(0); -} - - -/************************************************************************ - * - * XKMS ServerRequest Klass - * - ************************************************************************/ -/** - * xmlSecXkmsServerRequestNodeRead: - * @id: the ServerRequest class. - * @ctx: the XKMS request processing context. - * @node: the pointer to <xkms:ServerRequest/> node. - * - * Reads the content of the <xkms:ServerRequest/> @node. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsServerRequestNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node) { - xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - if(id->readNode != NULL) { - return((id->readNode)(id, ctx, node)); - } - return(0); -} - -/** - * xmlSecXkmsServerExecute: - * @id: the ServerRequest class. - * @ctx: the XKMS request processing context. - * - * Executes XKMS server request. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecXkmsServerRequestExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) { - xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1); - xmlSecAssert2(ctx != NULL, -1); - - if(id->execute != NULL) { - return((id->execute)(id, ctx)); - } - return(0); -} - - -/** - * xmlSecXkmsServerResponseNodeWrite: - * @id: the ServerRequest class. - * @ctx: the XKMS request processing context. - * @doc: the pointer to response parent XML document (might be NULL). - * @node: the pointer to response parent XML node (might be NULL). - * - * Writes XKMS response from context to a newly created node. Caller is - * responsible for adding the returned node to the XML document. - * - * Returns: pointer to newly created XKMS response node or NULL - * if an error occurs. - */ -xmlNodePtr -xmlSecXkmsServerRequestNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, - xmlDocPtr doc, xmlNodePtr node) { - xmlNodePtr respNode; - int ret; - - xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, NULL); - xmlSecAssert2(ctx != NULL, NULL); - - /* create the response root node */ - if(node == NULL) { - xmlNsPtr ns; - - respNode = xmlNewDocNode(doc, NULL, id->resultNodeName, NULL); - if(respNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewDocNode", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(id->resultNodeName)); - return(NULL); - } - ns = xmlNewNs(respNode, id->resultNodeNs, NULL); - if(ns == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewNs", - XMLSEC_ERRORS_R_XML_FAILED, - "ns=%s", - xmlSecErrorsSafeString(id->resultNodeNs)); - xmlFreeNode(respNode); - return(NULL); - } - xmlSetNs(respNode, ns); - } else { - respNode = xmlSecAddChild(node, id->resultNodeName, id->resultNodeNs); - if(respNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(id->resultNodeName)); - return(NULL); - } - } - - if(id->writeNode != NULL) { - ret = (id->writeNode)(id, ctx, respNode); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "writeNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(id->resultNodeName)); - xmlFreeNode(respNode); - return(NULL); - } - } - - return(respNode); -} - -/** - * xmlSecXkmsServerRequestDebugDump: - * @id: the ServerRequest class. - * @output: the output file. - * - * Writes debug information about @id into the @output. - */ -void -xmlSecXkmsServerRequestDebugDump(xmlSecXkmsServerRequestId id, FILE* output) { - xmlSecAssert(id != xmlSecXkmsServerRequestIdUnknown); - xmlSecAssert(output != NULL); - - fprintf(output, "=== ServerRequest: %s\n", xmlSecErrorsSafeString(id->name)); -} - -/** - * xmlSecXkmsServerRequestDebugXmlDump: - * @id: the ServerRequest class. - * @output: the output file. - * - * Writes debug information about @id into the @output in XML format. - */ -void -xmlSecXkmsServerRequestDebugXmlDump(xmlSecXkmsServerRequestId id, FILE* output) { - xmlSecAssert(id != xmlSecXkmsServerRequestIdUnknown); - xmlSecAssert(output != NULL); - - fprintf(output, "<ServerRequest>"); - xmlSecPrintXmlString(output, id->name); - fprintf(output, "</ServerRequest>\n"); -} - -/************************************************************************ - * - * XKMS ServerRequest Klass List - * - ************************************************************************/ -static xmlSecPtrListKlass xmlSecXkmsServerRequestIdListKlass = { - BAD_CAST "xkms-server-request-ids-list", - NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */ - NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */ - (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerRequestDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */ - (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerRequestDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */ -}; - -xmlSecPtrListId -xmlSecXkmsServerRequestIdListGetKlass(void) { - return(&xmlSecXkmsServerRequestIdListKlass); -} - -int -xmlSecXkmsServerRequestIdListFind(xmlSecPtrListPtr list, xmlSecXkmsServerRequestId id) { - xmlSecSize i, size; - - xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsServerRequestIdListId), -1); - xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1); - - size = xmlSecPtrListGetSize(list); - for(i = 0; i < size; ++i) { - if((xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i) == id) { - return(1); - } - } - return(0); -} - -xmlSecXkmsServerRequestId -xmlSecXkmsServerRequestIdListFindByName(xmlSecPtrListPtr list, const xmlChar* name) { - xmlSecXkmsServerRequestId id; - xmlSecSize i, size; - - xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsServerRequestIdListId), xmlSecXkmsServerRequestIdUnknown); - xmlSecAssert2(name != NULL, xmlSecXkmsServerRequestIdUnknown); - - size = xmlSecPtrListGetSize(list); - for(i = 0; i < size; ++i) { - id = (xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i); - if((id != xmlSecXkmsServerRequestIdUnknown) && xmlStrEqual(id->name, name)) { - return(id); - } - } - return(xmlSecXkmsServerRequestIdUnknown); -} - -xmlSecXkmsServerRequestId -xmlSecXkmsServerRequestIdListFindByNode(xmlSecPtrListPtr list, xmlNodePtr node) { - xmlSecXkmsServerRequestId id; - xmlSecSize i, size; - - xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsServerRequestIdListId), xmlSecXkmsServerRequestIdUnknown); - xmlSecAssert2(node != NULL, xmlSecXkmsServerRequestIdUnknown); - - size = xmlSecPtrListGetSize(list); - for(i = 0; i < size; ++i) { - id = (xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i); - if((id != xmlSecXkmsServerRequestIdUnknown) && - xmlSecCheckNodeName(node, id->requestNodeName, id->requestNodeNs)) { - - return(id); - } - } - return(xmlSecXkmsServerRequestIdUnknown); -} - -/******************************************************************** - * - * XML Sec Library ServerRequest Ids - * - *******************************************************************/ - - -/******************************************************************** - * - * Result response - * - *******************************************************************/ -static int xmlSecXkmsServerRequestResultNodeWrite (xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); - -static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestResultKlass = { - xmlSecXkmsServerRequestResultName, /* const xmlChar* name; */ - NULL, /* const xmlChar* requestNodeName; */ - NULL, /* const xmlChar* requestNodeNs; */ - xmlSecNodeResult, /* const xmlChar* responseNodeName; */ - xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */ - 0, /* xmlSecBitMask flags; */ - NULL, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */ - xmlSecXkmsServerRequestResultNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */ - NULL, /* xmlSecXkmsServerRequestExecuteMethod execute; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsServerRequestResultGetKlass: - * - * The Result response klass. - * - * Returns: Result response klass. - */ -xmlSecXkmsServerRequestId -xmlSecXkmsServerRequestResultGetKlass(void) { - return(&xmlSecXkmsServerRequestResultKlass); -} - -static int -xmlSecXkmsServerRequestResultNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestResultId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* set missing parameters (if any) */ - if(ctx->service == NULL) { - ctx->service = xmlStrdup((ctx->expectedService != NULL) ? ctx->expectedService : BAD_CAST ""); - if(ctx->service == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - - /* first write the "parent" type */ - ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxResultTypeNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/******************************************************************** - * - * StatusRequest/StatusResponse - * - *******************************************************************/ -static int xmlSecXkmsServerRequestStatusNodeRead (xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerRequestStatusNodeWrite (xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); - -static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestStatusKlass = { - xmlSecXkmsServerRequestStatusName, /* const xmlChar* name; */ - xmlSecNodeStatusRequest, /* const xmlChar* requestNodeName; */ - xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */ - xmlSecNodeStatusResult, /* const xmlChar* responseNodeName; */ - xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */ - 0, /* xmlSecBitMask flags; */ - xmlSecXkmsServerRequestStatusNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */ - xmlSecXkmsServerRequestStatusNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */ - NULL, /* xmlSecXkmsServerRequestExecuteMethod execute; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsServerRequestStatusGetKlass: - * - * The StatusRequest klass. - * - * Returns: StatusRequest klass. - */ -xmlSecXkmsServerRequestId -xmlSecXkmsServerRequestStatusGetKlass(void) { - return(&xmlSecXkmsServerRequestStatusKlass); -} - -/** - * - * <xkms:StatusRequest Id Service Nonce? OriginalRequestId? ResponseLimit? ResponseId?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:ResponseMechanism>* - * <xkms:RespondWith>* - * <xkms:PendingNotification Mechanism Identifier>? - * - * XML Schema: - * <!-- StatusRequest --> - * <element name="StatusRequest" type="xkms:StatusRequestType"/> - * <complexType name="StatusRequestType"> - * <complexContent> - * <extension base="xkms:PendingRequestType"/> - * </complexContent> - * </complexType> - * <!-- /StatusRequest --> - */ -static int -xmlSecXkmsServerRequestStatusNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlNodePtr cur; - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestStatusId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - cur = node; - - /* first read "parent" type */ - ret = xmlSecXkmsServerCtxPendingRequestNodeRead(ctx, &cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxPendingRequestNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* check that there is nothing after the last node */ - if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * - * <xkms:StatusResult Id Service Nonce? ResultMajor ResultMinor? RequestId? Success? Failure? Pending?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:RequestSignatureValue>* - * - * XML Schema: - * - * <!-- StatusResult --> - * <element name="StatusResult" type="xkms:StatusResultType"/> - * <complexType name="StatusResultType"> - * <complexContent> - * <extension base="xkms:ResultType"> - * <attribute name="Success" type="integer" use="optional"/> - * <attribute name="Failure" type="integer" use="optional"/> - * <attribute name="Pending" type="integer" use="optional"/> - * </extension> - * </complexContent> - * </complexType> - * <!-- /StatusResult --> * - */ -static int -xmlSecXkmsServerRequestStatusNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestStatusId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* first write the "parent" type */ - ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxResultTypeNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* todo: add optional StatusResult attributes */ - return(0); -} - -/******************************************************************** - * - * CompoundRequest/CompoundResponse - * - *******************************************************************/ -static int xmlSecXkmsServerRequestCompoundNodeRead (xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerRequestCompoundNodeWrite(xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerRequestCompoundExecute (xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx); - -static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestCompoundKlass = { - xmlSecXkmsServerRequestCompoundName, /* const xmlChar* name; */ - xmlSecNodeCompoundRequest, /* const xmlChar* requestNodeName; */ - xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */ - xmlSecNodeCompoundResult, /* const xmlChar* responseNodeName; */ - xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */ - 0, /* xmlSecBitMask flags; */ - xmlSecXkmsServerRequestCompoundNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */ - xmlSecXkmsServerRequestCompoundNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */ - xmlSecXkmsServerRequestCompoundExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsServerRequestCompoundGetKlass: - * - * The CompoundRequest klass. - * - * Returns: CompoundRequest klass. - */ -xmlSecXkmsServerRequestId -xmlSecXkmsServerRequestCompoundGetKlass(void) { - return(&xmlSecXkmsServerRequestCompoundKlass); -} - -/** - * <xkms:CompoundRequest Id Service Nonce? OriginalRequestId? ResponseLimit?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:ResponseMechanism>* - * <xkms:RespondWith>* - * <xkms:PendingNotification Mechanism Identifier>? - * ( - * <xkms:LocateRequest>? - * <xkms:ValidateRequest>? - * <xkms:RegisterRequest>? - * <xkms:ReissueRequest>? - * <xkms:RecoverRequest>? - * <xkms:RevokeRequest>? - * )* - * - * XML Schema: - * - * <!-- CompoundRequest --> - * <element name="CompoundRequest" type="xkms:CompoundRequestType"/> - * <complexType name="CompoundRequestType"> - * <complexContent> - * <extension base="xkms:RequestAbstractType"> - * <choice maxOccurs="unbounded"> - * <element ref="xkms:LocateRequest"/> - * <element ref="xkms:ValidateRequest"/> - * <element ref="xkms:RegisterRequest"/> - * <element ref="xkms:ReissueRequest"/> - * <element ref="xkms:RecoverRequest"/> - * <element ref="xkms:RevokeRequest"/> - * </choice> - * </extension> - * </complexContent> - * </complexType> - * <!-- /CompoundRequest --> - */ -static int -xmlSecXkmsServerRequestCompoundNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlSecPtrListPtr serverRequestIdsList; - xmlNodePtr cur; - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestCompoundId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - cur = node; - - /* first read "parent" type */ - ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, &cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* create list for compound requests */ - xmlSecAssert2(ctx->compoundRequestContexts == NULL, -1); - ctx->compoundRequestContexts = xmlSecPtrListCreate(xmlSecXkmsServerCtxPtrListId); - if(ctx->compoundRequestContexts == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* get the list of enabled or all request klasses */ - if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) { - serverRequestIdsList = &(ctx->enabledServerRequestIds); - } else { - serverRequestIdsList = xmlSecXkmsServerRequestIdsGet(); - } - xmlSecAssert2(serverRequestIdsList != NULL, -1); - - while(cur != NULL) { - xmlSecXkmsServerCtxPtr ctxChild; - - /* create a new context */ - ctxChild = xmlSecXkmsServerCtxCreate(ctx->keyInfoReadCtx.keysMngr); - if(ctxChild == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* copy all settings from us */ - ret = xmlSecXkmsServerCtxCopyUserPref(ctxChild, ctx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxDestroy(ctxChild); - return(-1); - } - - /* add it to the list */ - ret = xmlSecPtrListAdd(ctx->compoundRequestContexts, ctxChild); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxDestroy(ctxChild); - return(-1); - } - - /* and now process request from current node */ - ctxChild->requestId = xmlSecXkmsServerRequestIdListFindByNode(serverRequestIdsList, cur); - if((ctxChild->requestId == xmlSecXkmsServerRequestIdUnknown) || - ((ctxChild->requestId->flags & XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND) == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestIdListFindByNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(node->name)); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorMessageNotSupported); - return(-1); - } - - ret = xmlSecXkmsServerRequestNodeRead(ctxChild->requestId, ctxChild, cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "request=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId))); - xmlSecXkmsServerCtxSetResult(ctxChild, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - return(-1); - } - cur = xmlSecGetNextElementNode(cur->next); - } - - /* check that there is nothing after the last node */ - if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * <xkms:CompoundResult Id Service Nonce? ResultMajor ResultMinor? RequestId?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:RequestSignatureValue>* - * ( - * <xkms:LocateResult>? - * <xkms:ValidateResult>? - * <xkms:RegisterResult>? - * <xkms:ReissueResult>? - * <xkms:RecoverResult>? - * <xkms:RevokeResult>? - * )* - * - * - * XML Schema: - * - * <!-- CompoundResponse --> - * <element name="CompoundResult" type="xkms:CompoundResultType"/> - * <complexType name="CompoundResultType"> - * <complexContent> - * <extension base="xkms:ResultType"> - * <choice maxOccurs="unbounded"> - * <element ref="xkms:LocateResult"/> - * <element ref="xkms:ValidateResult"/> - * <element ref="xkms:RegisterResult"/> - * <element ref="xkms:ReissueResult"/> - * <element ref="xkms:RecoverResult"/> - * <element ref="xkms:RevokeResult"/> - * </choice> - * </extension> - * </complexContent> - * </complexType> - * <!-- /CompoundResponse --> - */ -static int -xmlSecXkmsServerRequestCompoundNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestCompoundId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* walk thru the list of chilren and pickup first error */ - if(ctx->compoundRequestContexts != NULL) { - xmlSecSize pos; - - for(pos = 0; pos < xmlSecPtrListGetSize(ctx->compoundRequestContexts); pos++) { - xmlSecXkmsServerCtxPtr ctxChild; - - ctxChild = (xmlSecXkmsServerCtxPtr)xmlSecPtrListGetItem(ctx->compoundRequestContexts, pos); - if(ctxChild == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListGetItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - if(ctxChild->resultMajor != xmlSecXkmsResultMajorSuccess) { - xmlSecXkmsServerCtxSetResult(ctx, ctxChild->resultMajor, ctxChild->resultMinor); - break; - } - } - } - - /* first write the "parent" type */ - ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxResultTypeNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* write compound result */ - if(ctx->compoundRequestContexts != NULL) { - xmlSecSize pos; - - for(pos = 0; pos < xmlSecPtrListGetSize(ctx->compoundRequestContexts); pos++) { - xmlSecXkmsServerCtxPtr ctxChild; - xmlNodePtr cur; - - ctxChild = (xmlSecXkmsServerCtxPtr)xmlSecPtrListGetItem(ctx->compoundRequestContexts, pos); - if(ctxChild == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListGetItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecXkmsServerRequestNodeWrite(ctxChild->requestId, ctxChild, node->doc, node); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "request=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId))); - return(-1); - } - - if(xmlSecAddChildNode(node, cur) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChildNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFreeNode(cur); - return(-1); - } - } - } - - return(0); -} - -static int -xmlSecXkmsServerRequestCompoundExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) { - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestCompoundId, -1); - xmlSecAssert2(ctx != NULL, -1); - - if(ctx->compoundRequestContexts != NULL) { - xmlSecSize pos; - - for(pos = 0; pos < xmlSecPtrListGetSize(ctx->compoundRequestContexts); pos++) { - xmlSecXkmsServerCtxPtr ctxChild; - - ctxChild = (xmlSecXkmsServerCtxPtr)xmlSecPtrListGetItem(ctx->compoundRequestContexts, pos); - if(ctxChild == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListGetItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure); - continue; - } - - ret = xmlSecXkmsServerRequestExecute(ctxChild->requestId, ctxChild); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "request=%s", - xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId))); - xmlSecXkmsServerCtxSetResult(ctxChild, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure); - continue; - } - } - } - - return(0); -} - - -/******************************************************************** - * - * LocateRequest/LocateResponse - * - *******************************************************************/ -static int xmlSecXkmsServerRequestLocateNodeRead (xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerRequestLocateNodeWrite (xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerRequestLocateExecute (xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx); - -static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestLocateKlass = { - xmlSecXkmsServerRequestLocateName, /* const xmlChar* name; */ - xmlSecNodeLocateRequest, /* const xmlChar* requestNodeName; */ - xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */ - xmlSecNodeLocateResult, /* const xmlChar* responseNodeName; */ - xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */ - XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND, /* xmlSecBitMask flags; */ - xmlSecXkmsServerRequestLocateNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */ - xmlSecXkmsServerRequestLocateNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */ - xmlSecXkmsServerRequestLocateExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsServerRequestLocateGetKlass: - * - * The LocateRequest klass. - * - * Returns: LocateRequest klass. - */ -xmlSecXkmsServerRequestId -xmlSecXkmsServerRequestLocateGetKlass(void) { - return(&xmlSecXkmsServerRequestLocateKlass); -} - -/** - * <xkms:LocateRequest Id Service Nonce? OriginalRequestId? ResponseLimit?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:ResponseMechanism>* - * <xkms:RespondWith>* - * <xkms:PendingNotification Mechanism Identifier>? - * <xkms:QueryKeyBinding Id?> - * <ds:KeyInfo>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:UseKeyWith Application Identifier>* - * <xkms:TimeInstant Time>? - * - * XML Schema: - * - * <!-- LocateRequest --> - * <element name="LocateRequest" type="xkms:LocateRequestType"/> - * <complexType name="LocateRequestType"> - * <complexContent> - * <extension base="xkms:RequestAbstractType"> - * <sequence> - * <element ref="xkms:QueryKeyBinding"/> - * </sequence> - * </extension> - * </complexContent> - * </complexType> - * <!-- /LocateRequest --> - */ -static int -xmlSecXkmsServerRequestLocateNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlNodePtr cur; - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestLocateId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - cur = node; - - /* first read "parent" type */ - ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, &cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* now read required <xkms:QueryKeyBinding/> node */ - if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeQueryKeyBinding, xmlSecXkmsNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeQueryKeyBinding)); - return(-1); - } - - /* read <xkms:QueryKeyBinding/> node */ - ret = xmlSecXkmsServerCtxQueryKeyBindingNodeRead(ctx, cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxQueryKeyBindingNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - cur = xmlSecGetNextElementNode(cur->next); - - /* check that there is nothing after the last node */ - if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * <xkms:LocateResult Id Service Nonce? ResultMajor ResultMinor? RequestId?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:RequestSignatureValue>* - * (<xkms:UnverifiedKeyBinding Id?> - * <ds:KeyInfo>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:UseKeyWith Application Identifier>* - * <xkms:ValidityInterval NotBefore NotOnOrAfter>? - * )* - * - * XML Schema: - * <!-- LocateResult --> - * <element name="LocateResult" type="xkms:LocateResultType"/> - * <complexType name="LocateResultType"> - * <complexContent> - * <extension base="xkms:ResultType"> - * <sequence> - * <element ref="xkms:UnverifiedKeyBinding" minOccurs="0" - * maxOccurs="unbounded"/> - * </sequence> - * </extension> - * </complexContent> - * </complexType> - * <!-- /LocateResult --> - */ -static int -xmlSecXkmsServerRequestLocateNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlSecSize pos, size; - xmlSecKeyPtr key; - xmlNodePtr cur; - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestLocateId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* first write the "parent" type */ - ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxResultTypeNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* write keys in <xkms:UnverifiedKeyBinding> nodes */ - size = xmlSecPtrListGetSize(&(ctx->keys)); - for(pos = 0; pos < size; ++pos) { - key = (xmlSecKeyPtr)xmlSecPtrListGetItem(&(ctx->keys), pos); - if(key == NULL) { - continue; - } - - cur = xmlSecAddChild(node, xmlSecNodeUnverifiedKeyBinding, xmlSecXkmsNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeUnverifiedKeyBinding)); - return(-1); - } - - ret = xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(ctx, cur, key); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - - return(0); -} - -static int -xmlSecXkmsServerRequestLocateExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) { - xmlSecKeyPtr key = NULL; - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestLocateId, -1); - xmlSecAssert2(ctx != NULL, -1); - - /* now we are ready to search for key */ - if((ctx->keyInfoReadCtx.keysMngr != NULL) && (ctx->keyInfoReadCtx.keysMngr->getKey != NULL)) { - /* todo: set parameters to locate but not validate the key */ - key = (ctx->keyInfoReadCtx.keysMngr->getKey)(ctx->keyInfoNode, &(ctx->keyInfoReadCtx)); - } - - /* check that we got what we needed */ - if((key == NULL) || (!xmlSecKeyMatch(key, NULL, &(ctx->keyInfoReadCtx.keyReq)))) { - if(key != NULL) { - xmlSecKeyDestroy(key); - } - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorNoMatch); - return(-1); - } - - xmlSecAssert2(key != NULL, -1); - ret = xmlSecPtrListAdd(&(ctx->keys), key); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDestroy(key); - return(-1); - } - - return(0); -} - - -/******************************************************************** - * - * ValidateRequest/ValidateResponse - * - *******************************************************************/ -static int xmlSecXkmsServerRequestValidateNodeRead (xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerRequestValidateNodeWrite(xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx, - xmlNodePtr node); -static int xmlSecXkmsServerRequestValidateExecute (xmlSecXkmsServerRequestId id, - xmlSecXkmsServerCtxPtr ctx); - -static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestValidateKlass = { - xmlSecXkmsServerRequestValidateName, /* const xmlChar* name; */ - xmlSecNodeValidateRequest, /* const xmlChar* requestNodeName; */ - xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */ - xmlSecNodeValidateResult, /* const xmlChar* responseNodeName; */ - xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */ - XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND, /* xmlSecBitMask flags; */ - xmlSecXkmsServerRequestValidateNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */ - xmlSecXkmsServerRequestValidateNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */ - xmlSecXkmsServerRequestValidateExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */ - NULL, /* void* reserved1; */ - NULL /* void* reserved2; */ -}; - -/** - * xmlSecXkmsServerRequestValidateGetKlass: - * - * The ValidateRequest klass. - * - * Returns: ValidateRequest klass. - */ -xmlSecXkmsServerRequestId -xmlSecXkmsServerRequestValidateGetKlass(void) { - return(&xmlSecXkmsServerRequestValidateKlass); -} - -/** - * <xkms:ValidateRequest Id Service Nonce? OriginalRequestId? ResponseLimit?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:ResponseMechanism>* - * <xkms:RespondWith>* - * <xkms:PendingNotification Mechanism Identifier>? - * <xkms:QueryKeyBinding Id?> - * <ds:KeyInfo>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:UseKeyWith Application Identifier>* - * <xkms:TimeInstant Time>? - * - * XML Schema: - * - * <!-- ValidateRequest --> - * <element name="ValidateRequest" type="xkms:ValidateRequestType"/> - * <complexType name="ValidateRequestType"> - * <complexContent> - * <extension base="xkms:RequestAbstractType"> - * <sequence> - * <element ref="xkms:QueryKeyBinding"/> - * </sequence> - * </extension> - * </complexContent> - * </complexType> - * <!-- /ValidateRequest --> - */ -static int -xmlSecXkmsServerRequestValidateNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlNodePtr cur; - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestValidateId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - cur = node; - - /* first read "parent" type */ - ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, &cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* now read required <xkms:QueryKeyBinding/> node */ - if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeQueryKeyBinding, xmlSecXkmsNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeQueryKeyBinding)); - return(-1); - } - - /* read <xkms:QueryKeyBinding/> node */ - ret = xmlSecXkmsServerCtxQueryKeyBindingNodeRead(ctx, cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxQueryKeyBindingNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - cur = xmlSecGetNextElementNode(cur->next); - - /* check that there is nothing after the last node */ - if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -/** - * <xkms:ValidateResult Id Service Nonce? ResultMajor ResultMinor? RequestId?> - * <ds:Signature>? - * <xkms:MessageExtension>* - * (<xkms:OpaqueClientData> - * <xkms:OpaqueData>? - * )? - * <xkms:RequestSignatureValue>* - * (<xkms:KeyBinding Id?> - * <ds:KeyInfo>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:KeyUsage>? - * <xkms:UseKeyWith Application Identifier>* - * <xkms:ValidityInterval NotBefore NotOnOrAfter>? - * <xkms:Status StatusValue> - * (<xkms:ValidReason>? - * <xkms:IndeterminateReason>? - * <xkms:InvalidReason>? - * )* - * )* - * - * XML Schema: - * - * <!-- ValidateResult --> - * <element name="ValidateResult" type="xkms:ValidateResultType"/> - * <complexType name="ValidateResultType"> - * <complexContent> - * <extension base="xkms:ResultType"> - * <sequence> - * <element ref="xkms:KeyBinding" minOccurs="0" - * maxOccurs="unbounded"/> - * </sequence> - * </extension> - * </complexContent> - * </complexType> - * <!-- /ValidateResult --> - */ -static int -xmlSecXkmsServerRequestValidateNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) { - xmlSecSize pos, size; - xmlSecKeyPtr key; - xmlNodePtr cur; - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestValidateId, -1); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* first write the "parent" type */ - ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxResultTypeNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* write keys in <xkms:UnverifiedKeyBinding> nodes */ - size = xmlSecPtrListGetSize(&(ctx->keys)); - for(pos = 0; pos < size; ++pos) { - key = (xmlSecKeyPtr)xmlSecPtrListGetItem(&(ctx->keys), pos); - if(key == NULL) { - continue; - } - - cur = xmlSecAddChild(node, xmlSecNodeUnverifiedKeyBinding, xmlSecXkmsNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeUnverifiedKeyBinding)); - return(-1); - } - - ret = xmlSecXkmsServerCtxKeyBindingNodeWrite(ctx, cur, key); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerCtxKeyBindingNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - - return(0); -} - -static int -xmlSecXkmsServerRequestValidateExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) { - xmlSecKeyPtr key = NULL; - int ret; - - xmlSecAssert2(id == xmlSecXkmsServerRequestValidateId, -1); - xmlSecAssert2(ctx != NULL, -1); - - /* now we are ready to search for key */ - if((ctx->keyInfoReadCtx.keysMngr != NULL) && (ctx->keyInfoReadCtx.keysMngr->getKey != NULL)) { - key = (ctx->keyInfoReadCtx.keysMngr->getKey)(ctx->keyInfoNode, &(ctx->keyInfoReadCtx)); - } - - /* check that we got what we needed */ - if((key == NULL) || (!xmlSecKeyMatch(key, NULL, &(ctx->keyInfoReadCtx.keyReq)))) { - if(key != NULL) { - xmlSecKeyDestroy(key); - } - xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorNoMatch); - return(-1); - } - - xmlSecAssert2(key != NULL, -1); - ret = xmlSecPtrListAdd(&(ctx->keys), key); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDestroy(key); - return(-1); - } - - return(0); -} - -#endif /* XMLSEC_NO_XKMS */ - diff --git a/src/xmldsig.c b/src/xmldsig.c index b08b8b11..faf55459 100644 --- a/src/xmldsig.c +++ b/src/xmldsig.c @@ -8,7 +8,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -39,7 +39,8 @@ static int xmlSecDSigCtxProcessSignatureNode (xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node); static int xmlSecDSigCtxProcessSignedInfoNode (xmlSecDSigCtxPtr dsigCtx, - xmlNodePtr node); + xmlNodePtr node, + xmlNodePtr * firstReferenceNode); static int xmlSecDSigCtxProcessKeyInfoNode (xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node); static int xmlSecDSigCtxProcessObjectNode (xmlSecDSigCtxPtr dsigCtx, @@ -47,6 +48,9 @@ static int xmlSecDSigCtxProcessObjectNode (xmlSecDSigCtxPtr dsigCt static int xmlSecDSigCtxProcessManifestNode (xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node); +static int xmlSecDSigCtxProcessReferences (xmlSecDSigCtxPtr dsigCtx, + xmlNodePtr firstReferenceNode); + /* The ID attribute in XMLDSig is 'Id' */ static const xmlChar* xmlSecDSigIds[] = { xmlSecAttrId, NULL }; @@ -73,7 +77,7 @@ xmlSecDSigCtxCreate(xmlSecKeysMngrPtr keysMngr) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecDSigCtx)=%d", - sizeof(xmlSecDSigCtx)); + (int)sizeof(xmlSecDSigCtx)); return(NULL); } @@ -160,10 +164,26 @@ xmlSecDSigCtxInitialize(xmlSecDSigCtxPtr dsigCtx, xmlSecKeysMngrPtr keysMngr) { } /* references lists from SignedInfo and Manifest elements */ - xmlSecPtrListInitialize(&(dsigCtx->signedInfoReferences), - xmlSecDSigReferenceCtxListId); - xmlSecPtrListInitialize(&(dsigCtx->manifestReferences), - xmlSecDSigReferenceCtxListId); + ret = xmlSecPtrListInitialize(&(dsigCtx->signedInfoReferences), + xmlSecDSigReferenceCtxListId); + if(ret != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecPtrListInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(ret); + } + ret = xmlSecPtrListInitialize(&(dsigCtx->manifestReferences), + xmlSecDSigReferenceCtxListId); + if(ret != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecPtrListInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(ret); + } dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeAny; return(0); @@ -454,6 +474,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { xmlSecTransformDataType firstType; xmlNodePtr signedInfoNode = NULL; xmlNodePtr keyInfoNode = NULL; + xmlNodePtr firstReferenceNode = NULL; xmlNodePtr cur; int ret; @@ -542,7 +563,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { } /* now validated all the references and prepare transform */ - ret = xmlSecDSigCtxProcessSignedInfoNode(dsigCtx, signedInfoNode); + ret = xmlSecDSigCtxProcessSignedInfoNode(dsigCtx, signedInfoNode, &firstReferenceNode); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, @@ -551,15 +572,12 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { XMLSEC_ERRORS_NO_MESSAGE); return(-1); } - /* references processing might change the status */ - if(dsigCtx->status != xmlSecDSigStatusUnknown) { - return(0); - } /* as the result, we should have sign and c14n methods set */ xmlSecAssert2(dsigCtx->signMethod != NULL, -1); xmlSecAssert2(dsigCtx->c14nMethod != NULL, -1); + /* now read key info node */ ret = xmlSecDSigCtxProcessKeyInfoNode(dsigCtx, keyInfoNode); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -572,6 +590,21 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* as the result, we should have a key */ xmlSecAssert2(dsigCtx->signKey != NULL, -1); + /* now actually process references and calculate digests */ + ret = xmlSecDSigCtxProcessReferences(dsigCtx, firstReferenceNode); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecDSigCtxProcessReferences", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + /* references processing might change the status */ + if(dsigCtx->status != xmlSecDSigStatusUnknown) { + return(0); + } + /* if we need to write result to xml node then we need base64 encode result */ if(dsigCtx->operation == xmlSecTransformOperationSign) { xmlSecTransformPtr base64Encode; @@ -667,18 +700,18 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { * */ static int -xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { - xmlSecDSigReferenceCtxPtr dsigRefCtx; +xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xmlNodePtr * firstReferenceNode) { + xmlSecSize refNodesCount = 0; xmlNodePtr cur; - int ret; xmlSecAssert2(dsigCtx != NULL, -1); xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1); xmlSecAssert2(dsigCtx->signMethod == NULL, -1); xmlSecAssert2(dsigCtx->c14nMethod == NULL, -1); xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) || (dsigCtx->operation == xmlSecTransformOperationVerify), -1); - xmlSecAssert2(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0, -1); xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(firstReferenceNode != NULL, -1); + xmlSecAssert2((*firstReferenceNode) == NULL, -1); /* first node is required CanonicalizationMethod. */ cur = xmlSecGetNextElementNode(node->children); @@ -772,9 +805,71 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { } dsigCtx->signMethod->operation = dsigCtx->operation; - /* calculate references */ - cur = xmlSecGetNextElementNode(cur->next); + /* read references */ + if(cur != NULL) { + cur = xmlSecGetNextElementNode(cur->next); + } while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs))) { + /* record first reference node */ + if((*firstReferenceNode) == NULL) { + (*firstReferenceNode) = cur; + } + ++refNodesCount; + + /* go to next */ + cur = xmlSecGetNextElementNode(cur->next); + } + + /* check that we have at least one Reference */ + if(refNodesCount == 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_DSIG_NO_REFERENCES, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* if there is something left than it's an error */ + if(cur != NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_UNEXPECTED_NODE, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* done */ + return(0); +} + + +static int +xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferenceNode) { + xmlSecDSigReferenceCtxPtr dsigRefCtx; + xmlNodePtr cur; + int ret; + + xmlSecAssert2(dsigCtx != NULL, -1); + xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1); + xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) || (dsigCtx->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0, -1); + xmlSecAssert2(firstReferenceNode != NULL, -1); + + /* process references */ + for(cur = firstReferenceNode; (cur != NULL); cur = xmlSecGetNextElementNode(cur->next)) { + /* already checked but we trust none */ + if(!xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_INVALID_NODE, + "expected=%s", + xmlSecErrorsSafeString(xmlSecNodeReference)); + return(-1); + } + /* create reference */ dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginSignedInfo); if(dsigRefCtx == NULL) { @@ -815,31 +910,13 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { dsigCtx->status = xmlSecDSigStatusInvalid; return(0); } - cur = xmlSecGetNextElementNode(cur->next); - } - - /* check that we have at least one Reference */ - if(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_DSIG_NO_REFERENCES, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); } - /* if there is something left than it's an error */ - if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + /* done */ return(0); } + static int xmlSecDSigCtxProcessKeyInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { int ret; @@ -1118,9 +1195,9 @@ xmlSecDSigCtxDebugDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) { (xmlSecBufferGetData(dsigCtx->result) != NULL)) { fprintf(output, "== Result - start buffer:\n"); - fwrite(xmlSecBufferGetData(dsigCtx->result), - xmlSecBufferGetSize(dsigCtx->result), - 1, output); + (void)fwrite(xmlSecBufferGetData(dsigCtx->result), + xmlSecBufferGetSize(dsigCtx->result), + 1, output); fprintf(output, "\n== Result - end buffer\n"); } if(((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) && @@ -1128,9 +1205,9 @@ xmlSecDSigCtxDebugDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) { (xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)) != NULL)) { fprintf(output, "== PreSigned data - start buffer:\n"); - fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), - xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), - 1, output); + (void)fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), + xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), + 1, output); fprintf(output, "\n== PreSigned data - end buffer\n"); } } @@ -1207,9 +1284,9 @@ xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) { (xmlSecBufferGetData(dsigCtx->result) != NULL)) { fprintf(output, "<Result>"); - fwrite(xmlSecBufferGetData(dsigCtx->result), - xmlSecBufferGetSize(dsigCtx->result), - 1, output); + (void)fwrite(xmlSecBufferGetData(dsigCtx->result), + xmlSecBufferGetSize(dsigCtx->result), + 1, output); fprintf(output, "</Result>\n"); } if(((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) && @@ -1217,9 +1294,9 @@ xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) { (xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)) != NULL)) { fprintf(output, "<PreSignedData>"); - fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), - xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), - 1, output); + (void)fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), + xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), + 1, output); fprintf(output, "</PreSignedData>\n"); } @@ -1260,7 +1337,7 @@ xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx, xmlSecDSigReferenceOrigin NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecDSigReferenceCtx)=%d", - sizeof(xmlSecDSigReferenceCtx)); + (int)sizeof(xmlSecDSigReferenceCtx)); return(NULL); } @@ -1669,9 +1746,9 @@ xmlSecDSigReferenceCtxDebugDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* outp (xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)) != NULL)) { fprintf(output, "== PreDigest data - start buffer:\n"); - fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), - xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), - 1, output); + (void)fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), + xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), + 1, output); fprintf(output, "\n== PreDigest data - end buffer\n"); } @@ -1679,9 +1756,9 @@ xmlSecDSigReferenceCtxDebugDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* outp (xmlSecBufferGetData(dsigRefCtx->result) != NULL)) { fprintf(output, "== Result - start buffer:\n"); - fwrite(xmlSecBufferGetData(dsigRefCtx->result), - xmlSecBufferGetSize(dsigRefCtx->result), 1, - output); + (void)fwrite(xmlSecBufferGetData(dsigRefCtx->result), + xmlSecBufferGetSize(dsigRefCtx->result), 1, + output); fprintf(output, "\n== Result - end buffer\n"); } } @@ -1742,9 +1819,9 @@ xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* o (xmlSecBufferGetData(dsigRefCtx->result) != NULL)) { fprintf(output, "<Result>"); - fwrite(xmlSecBufferGetData(dsigRefCtx->result), - xmlSecBufferGetSize(dsigRefCtx->result), 1, - output); + (void)fwrite(xmlSecBufferGetData(dsigRefCtx->result), + xmlSecBufferGetSize(dsigRefCtx->result), 1, + output); fprintf(output, "</Result>\n"); } @@ -1752,9 +1829,9 @@ xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* o (xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)) != NULL)) { fprintf(output, "<PreDigestData>"); - fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), - xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), - 1, output); + (void)fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), + xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), + 1, output); fprintf(output, "</PreDigestData>\n"); } if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) { diff --git a/src/xmlenc.c b/src/xmlenc.c index 44c98779..36c7bcad 100644 --- a/src/xmlenc.c +++ b/src/xmlenc.c @@ -7,7 +7,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -65,7 +65,7 @@ xmlSecEncCtxCreate(xmlSecKeysMngrPtr keysMngr) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecEncCtx)=%d", - sizeof(xmlSecEncCtx)); + (int)sizeof(xmlSecEncCtx)); return(NULL); } @@ -1218,9 +1218,9 @@ xmlSecEncCtxDebugDump(xmlSecEncCtxPtr encCtx, FILE* output) { (encCtx->resultBase64Encoded != 0)) { fprintf(output, "== Result - start buffer:\n"); - fwrite(xmlSecBufferGetData(encCtx->result), - xmlSecBufferGetSize(encCtx->result), 1, - output); + (void)fwrite(xmlSecBufferGetData(encCtx->result), + xmlSecBufferGetSize(encCtx->result), 1, + output); fprintf(output, "\n== Result - end buffer\n"); } } @@ -1311,9 +1311,9 @@ xmlSecEncCtxDebugXmlDump(xmlSecEncCtxPtr encCtx, FILE* output) { (encCtx->resultBase64Encoded != 0)) { fprintf(output, "<Result>"); - fwrite(xmlSecBufferGetData(encCtx->result), - xmlSecBufferGetSize(encCtx->result), 1, - output); + (void)fwrite(xmlSecBufferGetData(encCtx->result), + xmlSecBufferGetSize(encCtx->result), 1, + output); fprintf(output, "</Result>\n"); } diff --git a/src/xmlsec.c b/src/xmlsec.c index 8b6d0cab..6098d3c5 100644 --- a/src/xmlsec.c +++ b/src/xmlsec.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -21,7 +21,6 @@ #include <xmlsec/transforms.h> #include <xmlsec/app.h> #include <xmlsec/io.h> -#include <xmlsec/xkms.h> #include <xmlsec/errors.h> /** @@ -66,24 +65,7 @@ xmlSecInit(void) { return(-1); } -#ifndef XMLSEC_NO_XKMS - if(xmlSecXkmsRespondWithIdsInit() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsRespondWithIdsInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - if(xmlSecXkmsServerRequestIdsInit() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXkmsServerRequestIdsInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -#endif /* XMLSEC_NO_XKMS */ + /* we use rand() function to generate id attributes */ srand(time(NULL)); @@ -101,11 +83,6 @@ int xmlSecShutdown(void) { int res = 0; -#ifndef XMLSEC_NO_XKMS - xmlSecXkmsServerRequestIdsShutdown(); - xmlSecXkmsRespondWithIdsShutdown(); -#endif /* XMLSEC_NO_XKMS */ - xmlSecTransformIdsShutdown(); xmlSecKeyDataIdsShutdown(); @@ -126,6 +103,17 @@ xmlSecShutdown(void) { } /** + * xmlSecShutdown: + * + * Gets the default crypto engine ("openssl", "nss", etc.) for the XML Security Library. + * + * Returns: the default crypto engine ("openssl", "nss", etc.). + */ +const xmlChar * xmlSecGetDefaultCrypto(void) { + return BAD_CAST XMLSEC_DEFAULT_CRYPTO; +} + +/** * xmlSecCheckVersionExt: * @major: the major version number. * @minor: the minor version number. diff --git a/src/xmltree.c b/src/xmltree.c index 27ad09e2..7084f696 100644 --- a/src/xmltree.c +++ b/src/xmltree.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" diff --git a/src/xpath.c b/src/xpath.c index e67631e7..8b0cf799 100644 --- a/src/xpath.c +++ b/src/xpath.c @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -91,7 +91,7 @@ xmlSecXPathDataCreate(xmlSecXPathDataType type) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecXPathData)=%d", - sizeof(xmlSecXPathData)); + (int)sizeof(xmlSecXPathData)); return(NULL); } memset(data, 0, sizeof(xmlSecXPathData)); @@ -285,17 +285,17 @@ xmlSecXPathDataExecute(xmlSecXPathDataPtr data, xmlDocPtr doc, xmlNodePtr hereNo to reserve NULL for our own purposes so we simply create an empty node set here */ if(xpathObj->nodesetval == NULL) { - xpathObj->nodesetval = xmlXPathNodeSetCreate(NULL); - if(xpathObj->nodesetval == NULL) { - xmlXPathFreeObject(xpathObj); - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, + xpathObj->nodesetval = xmlXPathNodeSetCreate(NULL); + if(xpathObj->nodesetval == NULL) { + xmlXPathFreeObject(xpathObj); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, "xmlXPathNodeSetCreate", XMLSEC_ERRORS_R_XML_FAILED, "expr=%s", xmlSecErrorsSafeString(data->expr)); - return(NULL); - } + return(NULL); + } } nodes = xmlSecNodeSetCreate(doc, xpathObj->nodesetval, data->nodeSetType); @@ -613,7 +613,7 @@ xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "size=%d", - xmlStrlen(data->expr) + strlen(xpathPattern) + 1); + (int)(xmlStrlen(data->expr) + strlen(xpathPattern) + 1)); return(-1); } sprintf((char*)tmp, xpathPattern, (char*)data->expr); @@ -1160,6 +1160,3 @@ xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last, } return(0); } - - - @@ -6,7 +6,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include "globals.h" @@ -584,7 +584,7 @@ xmlSecXsApplyStylesheet(xmlSecXsltCtxPtr ctx, xmlDocPtr doc) { XMLSEC_ERRORS_R_XSLT_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; - } + } /* set security prefs */ ret = xsltSetCtxtSecurityPrefs(g_xslt_default_security_prefs, xsltCtx); |